-
Bug
-
Resolution: Won't Do
-
Normal
-
None
-
rhel-8.8.0
-
None
-
Low
-
rhel-plumbers
-
ssg_core_services
-
3
-
False
-
False
-
-
None
-
None
-
None
-
None
-
---
-
-
All
-
None
-
57,005
Description of problem:
Logwatch/fail2ban is not ignoring "Increase Ban"
Version-Release number of selected component (if applicable):
logwatch-7.4.3-11.el8.noarch
How reproducible:
always
Steps to Reproduce:
1. install logwatch
2. install+configure fail2ban
Actual results:
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
postfix: [ 4:3 ]
postfix-ddos: [ 34:29 ]
postfix-ddos] Increase: [ 27:0 ]
postfix-extra: [ 7:6 ]
postfix-extra] Increase: [ 6:0 ]
postfix-rbl: [ 2:2 ]
postfix-sasl: [ 8:8 ]
postfix-sasl] Increase: [ 6:0 ]
postfix] Increase: [ 4:0 ]
*Unmatched Entries*
Jul 24 07:13:30 co1 fail2ban-client[1938414]: OK: 1 Time(s)
---------------------- fail2ban-messages End -------------------------
Expected results:
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
postfix: [ 4:3 ]
postfix-ddos: [ 34:29 ]
postfix-extra: [ 7:6 ]
postfix-rbl: [ 2:2 ]
postfix-sasl: [ 8:8 ]
*Unmatched Entries*
Jul 24 07:13:30 co1 fail2ban-client[1938414]: OK: 1 Time(s)
---------------------- fail2ban-messages End -------------------------
Additional info:
Fixed by adding an additional ignore-line pattern:
— /usr/share/logwatch/scripts/services/fail2ban.orig 2023-07-25 08:42:26.839548065 +0200
+++ /usr/share/logwatch/scripts/services/fail2ban 2023-07-25 08:49:24.301927524 +0200
@@ -83,6 +83,7 @@
($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or
($ThisLine =~ /INFO\s+Initiated '.*' backend/) or
($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/) or
+ ($ThisLine =~ /Increase Ban/) or
($ThisLine =~ /Unable to find a corresponding IP address for .*: [Errno -2] Name or service not known/)
)
{
- external trackers