You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I updated the fail2ban module and fail2ban, but I had many errors later and the original configuration file (jail.conf) of the package was all deteriorated.
I believe that the way the module is configured, is not ideal. Jail.conf will always be modified by new versions and distributions, and the demand for new changes to the module will always be very high as jail.conf evolves.
Wouldn't it be better if the module kept the jail.conf intact and created a jail.local (example) with all the customized settings? The module would be cleaner and without the need for updating because of new versions.
The module turned my jail.conf into a Frankenstein and it doesn't even work. And look that there are few configurations and very simple.
I debugged the puppet agent and pasted it into pastebin for you to see all the modifications to the jail.conf file.
Output log
May 11 21:04:02 server puppet-agent[28991]: (/Stage[main]/Fail2ban::Service/Service[fail2ban]/ensure) ensure changed 'stopped' to 'running'
May 11 21:04:02 server fail2ban-server[29647]: 2020-05-11 21:04:02,115 fail2ban.configreader [29647]: ERROR Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
May 11 21:04:02 server fail2ban-server[29647]: 2020-05-11 21:04:02,115 fail2ban.jailreader [29647]: ERROR Unable to read the filter 'sshd-ddos'
May 11 21:04:02 server fail2ban-server[29647]: 2020-05-11 21:04:02,115 fail2ban.jailsreader [29647]: ERROR Errors in jail 'sshd-ddos'. Skipping...
May 11 21:04:02 server fail2ban-server[29647]: 2020-05-11 21:04:02,141 fail2ban [29647]: ERROR Failed during configuration: Bad value substitution:
May 11 21:04:02 server fail2ban-server[29647]: section: [recidive]
May 11 21:04:02 server fail2ban-server[29647]: option : action
May 11 21:04:02 server fail2ban-server[29647]: key : port
May 11 21:04:02 server fail2ban-server[29647]: rawval : ", protocol="%(protocol)s", chain="%(chain)s"]
May 11 21:04:02 server fail2ban-server[29647]: %(mta)s-whois-lines[name=%(name)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
May 11 21:04:02 server fail2ban-server[29647]: 2020-05-11 21:04:02,146 fail2ban [29647]: ERROR Async configuration of server failed
May 11 21:04:02 server systemd[1]: fail2ban.service: main process exited, code=exited, status=255/n/a
May 11 21:04:02 server fail2ban-client[29653]: 2020-05-11 21:04:02,201 fail2ban [29653]: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
May 11 21:04:02 server systemd[1]: fail2ban.service: control process exited, code=exited status=255
May 11 21:04:02 server systemd[1]: Unit fail2ban.service entered failed state.
May 11 21:04:02 server systemd[1]: fail2ban.service failed.
May 11 21:04:04 server puppet-agent[28991]: Applied catalog in 11.04 seconds
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
What are you seeing
I updated the fail2ban module and fail2ban, but I had many errors later and the original configuration file (jail.conf) of the package was all deteriorated.
I believe that the way the module is configured, is not ideal. Jail.conf will always be modified by new versions and distributions, and the demand for new changes to the module will always be very high as jail.conf evolves.
Wouldn't it be better if the module kept the jail.conf intact and created a jail.local (example) with all the customized settings? The module would be cleaner and without the need for updating because of new versions.
The module turned my jail.conf into a Frankenstein and it doesn't even work. And look that there are few configurations and very simple.
I debugged the puppet agent and pasted it into pastebin for you to see all the modifications to the jail.conf file.
Output log
May 11 21:04:02 server puppet-agent[28991]: (/Stage[main]/Fail2ban::Service/Service[fail2ban]/ensure) ensure changed 'stopped' to 'running'
May 11 21:04:02 server fail2ban-server[29647]: 2020-05-11 21:04:02,115 fail2ban.configreader [29647]: ERROR Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
May 11 21:04:02 server fail2ban-server[29647]: 2020-05-11 21:04:02,115 fail2ban.jailreader [29647]: ERROR Unable to read the filter 'sshd-ddos'
May 11 21:04:02 server fail2ban-server[29647]: 2020-05-11 21:04:02,115 fail2ban.jailsreader [29647]: ERROR Errors in jail 'sshd-ddos'. Skipping...
May 11 21:04:02 server fail2ban-server[29647]: 2020-05-11 21:04:02,141 fail2ban [29647]: ERROR Failed during configuration: Bad value substitution:
May 11 21:04:02 server fail2ban-server[29647]: section: [recidive]
May 11 21:04:02 server fail2ban-server[29647]: option : action
May 11 21:04:02 server fail2ban-server[29647]: key : port
May 11 21:04:02 server fail2ban-server[29647]: rawval : ", protocol="%(protocol)s", chain="%(chain)s"]
May 11 21:04:02 server fail2ban-server[29647]: %(mta)s-whois-lines[name=%(name)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
May 11 21:04:02 server fail2ban-server[29647]: 2020-05-11 21:04:02,146 fail2ban [29647]: ERROR Async configuration of server failed
May 11 21:04:02 server systemd[1]: fail2ban.service: main process exited, code=exited, status=255/n/a
May 11 21:04:02 server fail2ban-client[29653]: 2020-05-11 21:04:02,201 fail2ban [29653]: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
May 11 21:04:02 server systemd[1]: fail2ban.service: control process exited, code=exited status=255
May 11 21:04:02 server systemd[1]: Unit fail2ban.service entered failed state.
May 11 21:04:02 server systemd[1]: fail2ban.service failed.
May 11 21:04:04 server puppet-agent[28991]: Applied catalog in 11.04 seconds
Any additional information you'd like to impart
https://pastebin.com/bMw3mwpR
The text was updated successfully, but these errors were encountered: