Debian Bug report logs - #1024305
fail2ban: 'allowipv6' not defined in 'Definition'

Reply or subscribe to this bug.

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Francois Mescam <francois@mescam.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: fail2ban: 'allowipv6' not defined in 'Definition'

Date: Thu, 17 Nov 2022 11:43:19 +0100

Package: fail2ban
Version: 1.0.2-1
Severity: normal

Dear Maintainer,

Since fail2ban 1.0.2-1 when fail2ban start it write in the log :
Nov 16 18:53:09 eiffel7 fail2ban-server[874403]: 2022-11-16 18:53:09,333 fail2ban.configreader   [874403]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'

I've modified /etc/fail2ban/fail2ban.conf by adding a line
'allowipv6 = auto'
and after that the message disapear.

The other modified configuration files are modified to correct bug #1024263 but I don't know
if s/-E 'set escape' // everywhere in action.d/ is a good answer to the problem.

Regards

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fail2ban depends on:
ii  lsb-base                   11.5
ii  python3                    3.10.6-1
ii  sysvinit-utils [lsb-base]  3.05-6

Versions of packages fail2ban recommends:
ii  iptables           1.8.8-1
ii  nftables           1.0.5-2
ii  python3-pyinotify  0.9.6-2
ii  python3-systemd    235-1+b1
ii  whois              5.5.14

Versions of packages fail2ban suggests:
ii  bsd-mailx [mailx]            8.1.2-0.20220412cvs-1
ii  mailutils [mailx]            1:3.15-3+b1
pn  monit                        <none>
ii  rsyslog [system-log-daemon]  8.2210.0-3
ii  sqlite3                      3.39.4-1

-- Configuration Files:
/etc/fail2ban/action.d/complain.conf changed:
[INCLUDES]
before = helpers-common.conf
[Definition]
debug = 0
norestored = 1
actionstart =
actionstop =
actioncheck =
actionban = oifs=${IFS};
            RESOLVER_ADDR="%(addr_resolver)s"
            if [ "<debug>" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi
            ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')
            IFS=,; ADDRESSES=$(echo $ADDRESSES)
            IFS=${oifs}
            IP=<ip>
            if [ ! -z "$ADDRESSES" ]; then
                ( printf %%b "<message>\n"; date '+Note: Local timezone is %%z (%%Z)'; 
                  printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n";
                  %(_grep_logs)s;
                ) | <mailcmd> "Abuse from <ip>" <mailargs> $ADDRESSES
            fi
actionunban =
addr_resolver = <ip-rev>abuse-contacts.abusix.org
message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n
logpath = /dev/null
mailcmd = mail -s
mailargs =

/etc/fail2ban/action.d/dshield.conf changed:
[Definition]
norestored = 1
actionstart =
actionstop = if [ -f <tmpfile>.buffer ]; then
                 cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs> <dest>
                 date +%%s > <tmpfile>.lastsent
             fi
             rm -f <tmpfile>.buffer <tmpfile>.first
actioncheck =
actionban = TZONE=`date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'`
            DATETIME="`perl -e '@t=localtime(<time>);printf "%%4d-%%02d-%%02d %%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` $TZONE"
	    PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols`
	    if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
            printf %%b "$DATETIME\t<userid>\t<failures>\t<ip>\t<srcport>\t<myip>\t<port>\t$PROTOCOL\t<tcpflags>\n" >> <tmpfile>.buffer
            NOW=`date +%%s`
            if [ ! -f <tmpfile>.first ]; then
                echo <time> | cut -d. -f1 > <tmpfile>.first
            fi
            if [ ! -f <tmpfile>.lastsent ]; then
                echo 0 > <tmpfile>.lastsent
            fi
            LOGAGE=$(($NOW - `cat <tmpfile>.first`))
            LASTREPORT=$(($NOW - `cat <tmpfile>.lastsent`))
            LINES=$( wc -l <tmpfile>.buffer | awk '{ print $1 }' )
            if [ $LINES -ge <lines> && $LASTREPORT -gt <minreportinterval> ] || [ $LOGAGE -gt <maxbufferage> ]; then
                cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ $TZONE Fail2Ban" <mailargs> <dest>
                rm -f <tmpfile>.buffer <tmpfile>.first
                echo $NOW > <tmpfile>.lastsent
            fi
actionunban = if [ -f <tmpfile>.first ]; then
                  NOW=`date +%%s`
                  LOGAGE=$(($NOW - `cat <tmpfile>.first`))
                  if [ $LOGAGE -gt <maxbufferage> ]; then
                      cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs> <dest>
                      rm -f <tmpfile>.buffer <tmpfile>.first
                      echo $NOW > <tmpfile>.lastsent
                  fi
              fi
[Init]
port = ???
userid = 0
myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`
protocol = tcp
lines = 50
minreportinterval = 3600
maxbufferage = 21600
srcport = ???
tcpflags =
mailcmd = mail -s
mailargs =
dest = reports@dshield.org
tmpfile = /var/run/fail2ban/tmp-dshield

/etc/fail2ban/action.d/mail-buffered.conf changed:
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
              The jail <name> has been started successfully.\n
              Output will be buffered until <lines> lines are available.\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
actionstop = if [ -f <tmpfile> ]; then
                 printf %%b "Hi,\n
                 These hosts have been banned by Fail2Ban.\n
                 `cat <tmpfile>`
                 Regards,\n
                 Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
                 rm <tmpfile>
             fi
             printf %%b "Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
actioncheck = 
actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
            LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
            if [ $LINE -ge <lines> ]; then
                printf %%b "Hi,\n
                These hosts have been banned by Fail2Ban.\n
                `cat <tmpfile>`
                \nRegards,\n
                Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
                rm <tmpfile>
            fi
actionunban = 
[Init]
name = default
lines = 5
tmpfile = /var/run/fail2ban/tmp-mail.txt
dest = root

/etc/fail2ban/action.d/mail-whois-lines.conf changed:
[INCLUDES]
before = mail-whois-common.conf
         helpers-common.conf
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
actionstop = printf %%b "Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
actioncheck = 
_ban_mail_content = ( printf %%b "Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n\n
            Here is more information about <ip> :\n"
            %(_whois_command)s;
            printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n";
            %(_grep_logs)s;
            printf %%b "\n
            Regards,\n
            Fail2Ban" )
actionban = %(_ban_mail_content)s | <mailcmd> "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
actionunban = 
[Init]
mailcmd = mail -s
name = default
dest = root
logpath = /dev/null

/etc/fail2ban/action.d/mail-whois.conf changed:
[INCLUDES]
before = mail-whois-common.conf
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
actionstop = printf %%b "Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
actioncheck = 
actionban = printf %%b "Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n\n
            Here is more information about <ip> :\n
            `%(_whois_command)s`\n
            Regards,\n
            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
actionunban = 
[Init]
name = default
dest = root

/etc/fail2ban/action.d/mail.conf changed:
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
actionstop = printf %%b "Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
actioncheck = 
actionban = printf %%b "Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n
            Regards,\n
            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
actionunban = 
[Init]
name = default
dest = root

/etc/fail2ban/fail2ban.conf changed:
[DEFAULT]
loglevel = INFO
logtarget = /var/log/fail2ban.log
syslogsocket = auto
socket = /var/run/fail2ban/fail2ban.sock
pidfile = /var/run/fail2ban/fail2ban.pid
allowipv6 = auto
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
dbpurgeage = 1d
dbmaxmatches = 10
[Definition]
[Thread]


-- no debconf information

Message #10 received at 1024305@bugs.debian.org (full text, mbox, reply):

From: Stefan Weil <sw@weilnetz.de>

To: 1024305@bugs.debian.org

Subject: Re: fail2ban: 'allowipv6' not defined in 'Definition'

Date: Sun, 24 Sep 2023 19:57:55 +0200

I suggest to update /etc/fail2ban/jail.d/defaults-debian.conf to fix 
this bug:


------


# cat /etc/fail2ban/jail.d/defaults-debian.conf
[DEFAULT]
allowipv6 = auto

[sshd]
enabled = true

------


Stefan

Send a report that this bug log contains spam.