10617 – Fail2ban default config has incorrect logfile paths (apache logs) and defaults to sendmail actions

Bug 10617 - Fail2ban default config has incorrect logfile paths (apache logs) and defaults to sendmail actions

Summary: Fail2ban default config has incorrect logfile paths (apache logs) and default...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	3
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Remco Rijnders
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:	11569
Blocks:
	Show dependency tree / graph

Reported:	2013-06-25 16:42 CEST by claire robinson
Modified:	2014-04-16 15:26 CEST (History)
CC List:	0 users

See Also:
Source RPM:	fail2ban
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description claire robinson 2013-06-25 16:42:36 CEST

Please don't build a new fail2ban until the security update in bug 10550 has been pushed.

Fail2ban default config has incorrect logfile paths (apache logs, didn't check others) and defaults to sendmail actions which is not installed.

Reproducible: 

Steps to Reproduce:

Comment 1 claire robinson 2013-06-25 16:42:55 CEST

/etc/fail2ban/jail.conf

Remco Rijnders 2014-03-20 13:31:47 CET

Status: NEW => ASSIGNED

Comment 2 Remco Rijnders 2014-04-09 08:10:51 CEST

Claire, I have updated the paths in jail.conf for our apache installation. Please note that I have not addressed the sendmail action, I believe failure of this part does not prevent fail2ban from operating and banning malicious hosts.

Depends on: (none) => 11569

Comment 3 claire robinson 2014-04-09 08:29:34 CEST

Thanks Remco, I'll get it tested today.

Comment 4 claire robinson 2014-04-10 11:22:55 CEST

Still wrong by the looks of it Remco. They point to /var/log/httpd/*error.log at the moment. The actual apache error logs are /var/log/httpd/error_log and error_log.1, error_log.2 etc after rotation.

The setting should probably be more like /var/log/httpd/error_log*

Comment 5 claire robinson 2014-04-10 11:23:54 CEST

This was testing on Mageia 4 btw. Did you make the changes there too, just noticed the bug was against mga3.

Comment 6 claire robinson 2014-04-10 12:04:48 CEST

Checked mga3 too and it's the same. The sendmail action doesn't prevent it working but does leave errors in the journal. Not sure the best way to handle it, it may be to comment the sendmail actions as an example and just leave them logging.

I'm validating the security update in bug 11569.

Comment 7 Remco Rijnders 2014-04-10 18:38:30 CEST

Hi Claire,

Updated versions (0.8.13-2) are in updates testing

Comment 8 claire robinson 2014-04-16 15:26:24 CEST

Closing this one now then, thanks Remco

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.