xarf-login-attack actionban requires bash not sh
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fail2ban (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
'actionban' for xarf-attack-login fails with error:
2019-09-01 16:34:29,549 fail2ban.utils [29558]: Level 39 7fb558007060 -- exec: oifs=${IFS}; IFS=.;SEP_IP=( 192.168.1.151 ); set -- ${SEP_IP}; ADDRESS
ES=$(dig +short -t txt -q $4.$3.$
IP=192.168.1.151
<email address hidden>
SERVICE=sshd
FAILURES=4
<email address hidden>
TLP=green
PORT=ssh
DATE=`LC_ALL=C date --date=
if [ ! -z "$ADDRESSES" ]; then
(printf -- %b "Subject: abuse report about $IP - $DATE\nAuto-
Of course, alternatively, one can try to get these scripts to run under /b Fail2Ban in a X-ARF format! You can find more information about x-arf at http://
date '+Note: Local timezone is %z (%Z)';
printf -- %b "\n\n\n\
fi
2019-09-01 16:34:29,551 fail2ban.utils [29558]: ERROR 7fb558007060 -- stderr: '/bin/sh: 1: Syntax error: "(" unexpected'
2019-09-01 16:34:29,552 fail2ban.utils [29558]: ERROR 7fb558007060 -- returned 2
I believe this error is because the action is running under /bin/sh (not bash) and the convert-to-array construction
SEP_IP=( <ip> ) from action.
Actually, there is no need to add the parentheses, simply:
"IFS=.;SEP_IP=<ip>; set -- ${SEP_IP}" works just fine
(Note that even in bash setting SEP_IP=( <ip> ) won't work unless you also change the set statement to something like "set -- ${SEP_IP[@]}) "
Similarly, the construction ${ADDRESSES//,\" \"} is a bash-only construction. So, you would need to use something like 'sed' if you want to do this in /bin/sh.
The following code works for /bin/sh where
actionban = oifs=${IFS}; IFS=.;SEP_IP=<ip>; set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$
IP=<ip>
if [ ! -z "$ADDRESSES" ]; then
fi
This would be easier if I could set the bash shell to be used...but I don't know how to force the shell to bash for this action...
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: fail2ban 0.10.2-2
Uname: Linux 5.2.9-050209-
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sun Sep 1 17:19:58 2019
InstallationDate: Installed on 2019-01-06 (238 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
PackageArchitec
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: fail2ban
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
modified.
modified.
modified.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.