Today I had this problem where Fail2ban was keeping on blacklisting an IP address, even though it was in the ignoreip list in /etc/fail2ban/jail.conf. After double-checking everything on the server, and googling desperately, I found out that up to version 0.8.2, Fail2ban had a bug which caused only the first IP in the ignoreip list to take effect. And guess what? Ubuntu versions before gutsy have older versions of Fail2ban. After a bit of digging, I found out the patch which had fixed the problem in 0.8.2, and I decided to patch my local Fail2ban installation.
In order to do this, you should edit /usr/share/fail2ban/server/filter.py and apply the following patch:
--- filter.py.orig 2008-05-21 02:49:22.000000000 -0500 +++ filter.py 2008-05-21 02:50:12.000000000 -0500 @@ -299,7 +299,7 @@ for i in self.__ignoreIpList: # An empty string is always false if i == "": - return False + continue s = i.split('/', 1) # IP address without CIDR mask if len(s) == 1: @@ -314,7 +314,7 @@ if ip in ips: return True else: - return False + continue if a == b: return True return False
Then, you should restart Fail2ban:
And it will pick up the fix and process the ignoreip correctly.
Tagged with: linux
If you happen to run Ubuntu Server (at least, up to version 7.04) and use the Courier POP3 or IMAP server, and you’re watching your log files closely, you’ve seen error messages such as the below one in /var/log/syslog:
May 21 01:14:10 server4 authdaemond: PAM [dlerror: /lib/security/pam_foreground.so: undefined symbol: pam_set_data]
Many people have observed this problem. This happens because libpam-foreground.so has not been compiled with the right options. This library needs to be linked against libpam.so and glibc.so, but it isn’t). So, why is that this error only manifests itself in Courier login attempts, and not all the other applications and services which use PAM? This depends on the order that each application loads its shared objects. If the application first loads both glibc and libpam, and then tries to load libpam-foreground, then great! Otherwise (as is the case with Courier) an error such as the above happens.
This is just a nuisance, because in non-interactive sessions, libpam-foreground doesn’t do anything useful after all, but here’s how to fix it. You should just run the below commands in a login session. You don’t need to be root (I use sudo where necessary).
cd ~ sudo apt-get install build-essential fakeroot devscripts mkdir libpam-foreground cd libpam-foreground wget http://launchpadlibrarian.net/8187075/libpam-foreground_0.3-0ubuntu1.debdiff apt-get source libpam-foreground sudo apt-get build-dep libpam-foreground cd libpam-foreground-0.3 patch -p4 < ../libpam-foreground_0.3-0ubuntu1.debdiff debuild -uc -us cd .. sudo dpkg -i libpam-foreground_0.3-0ubuntu1_i386.deb
The above commands download the source package for libpam-foreground, apply a patch to correct the compilation options, re-compile the package and install the resulting deb file. No more annoying log messages from libpam-foreground!
Tagged with: linux