Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5781

logwatch/fail2ban output issue related to "Increase Ban"

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • None
    • Low
    • rhel-plumbers
    • ssg_core_services
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • ---
    • None
    • 57,005

      Description of problem:
      Logwatch/fail2ban is not ignoring "Increase Ban"

      Version-Release number of selected component (if applicable):
      logwatch-7.4.3-11.el8.noarch

      How reproducible:
      always

      Steps to Reproduce:
      1. install logwatch
      2. install+configure fail2ban

      Actual results:
      --------------------- fail2ban-messages Begin ------------------------

      Banned services with Fail2Ban: Bans:Unbans
      postfix: [ 4:3 ]
      postfix-ddos: [ 34:29 ]
      postfix-ddos] Increase: [ 27:0 ]
      postfix-extra: [ 7:6 ]
      postfix-extra] Increase: [ 6:0 ]
      postfix-rbl: [ 2:2 ]
      postfix-sasl: [ 8:8 ]
      postfix-sasl] Increase: [ 6:0 ]
      postfix] Increase: [ 4:0 ]

      *Unmatched Entries*
      Jul 24 07:13:30 co1 fail2ban-client[1938414]: OK: 1 Time(s)

      ---------------------- fail2ban-messages End -------------------------

      Expected results:
      --------------------- fail2ban-messages Begin ------------------------

      Banned services with Fail2Ban: Bans:Unbans
      postfix: [ 4:3 ]
      postfix-ddos: [ 34:29 ]
      postfix-extra: [ 7:6 ]
      postfix-rbl: [ 2:2 ]
      postfix-sasl: [ 8:8 ]

      *Unmatched Entries*
      Jul 24 07:13:30 co1 fail2ban-client[1938414]: OK: 1 Time(s)

      ---------------------- fail2ban-messages End -------------------------

      Additional info:

      Fixed by adding an additional ignore-line pattern:

      — /usr/share/logwatch/scripts/services/fail2ban.orig 2023-07-25 08:42:26.839548065 +0200
      +++ /usr/share/logwatch/scripts/services/fail2ban 2023-07-25 08:49:24.301927524 +0200
      @@ -83,6 +83,7 @@
      ($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or
      ($ThisLine =~ /INFO\s+Initiated '.*' backend/) or
      ($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/) or
      + ($ThisLine =~ /Increase Ban/) or
      ($ThisLine =~ /Unable to find a corresponding IP address for .*: [Errno -2] Name or service not known/)
      )
      {

              psimovec Pavel Šimovec
              pb_bieringer Peter Bieringer (Inactive)
              Pavel Šimovec Pavel Šimovec
              RHEL CS Plumbers QE Bot RHEL CS Plumbers QE Bot
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: