xarf-login-attack actionban requires bash not sh

'actionban' for xarf-attack-login fails with error:

2019-09-01 16:34:29,549 fail2ban.utils [29558]: Level 39 7fb558007060 -- exec: oifs=${IFS}; IFS=.;SEP_IP=( 192.168.1.151 ); set -- ${SEP_IP}; ADDRESS
ES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs}
IP=192.168.1.151
<email address hidden>
SERVICE=sshd
FAILURES=4
<email address hidden>
TLP=green
PORT=ssh
DATE=`LC_ALL=C date --date=@1567370068.0 +"%a, %d %h %Y %T %z"`
if [ ! -z "$ADDRESSES" ]; then
(printf -- %b "Subject: abuse report about $IP - $DATE\nAuto-Submitted: auto-generated\nX-XARF: PLAIN\nContent-Transfer-Encoding: 7bit\nContent-Type: multipart/mixed; charset=utf8;\n boundary=Abuse-bfbb0f920793ac03cb8634bde14d8a1e;\n\n--Abuse-bfbb0f920793ac03cb8634bde14d8a1e\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf-8;\n\nDear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by
Of course, alternatively, one can try to get these scripts to run under /b Fail2Ban in a X-ARF format! You can find more information about x-arf at http://www.x-arf.org/specification.html.\n\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (<email address hidden>). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n--Abuse-bfbb0f920793ac03cb8634bde14d8a1e\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf-8; name=\"report.txt\";\n\n---\nReported-From: $FROM\nCategory: abuse\nReport-ID: $REPORTID\nReport-Type: login-attack\nService: $SERVICE\nVersion: 0.2\nUser-Agent: Fail2ban v0.9\nDate: $DATE\nSource-Type: ip-address\nSource: $IP\nPort: $PORT\nSchema-URL: http://www.x-arf.org/schema/abuse_login-attack_0.1.2.json\nAttachment: text/plain\nOccurances: $FAILURES\nTLP: $TLP\n\n\n--Abuse-bfbb0f920793ac03cb8634bde14d8a1e\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf8; name=\"logfile.log\";\n\n";
date '+Note: Local timezone is %z (%Z)';
printf -- %b "\n\n\n\n\n--Abuse-bfbb0f920793ac03cb8634bde14d8a1e--") | /usr/sbin/sendmail -f <email address hidden> ${ADDRESSES//,/\" \"}
fi
2019-09-01 16:34:29,551 fail2ban.utils [29558]: ERROR 7fb558007060 -- stderr: '/bin/sh: 1: Syntax error: "(" unexpected'
2019-09-01 16:34:29,552 fail2ban.utils [29558]: ERROR 7fb558007060 -- returned 2

I believe this error is because the action is running under /bin/sh (not bash) and the convert-to-array construction
SEP_IP=( <ip> ) from action.d/xarf-login-attack is a bash feature not found in /bin/sh.

Actually, there is no need to add the parentheses, simply:
"IFS=.;SEP_IP=<ip>; set -- ${SEP_IP}" works just fine
(Note that even in bash setting SEP_IP=( <ip> ) won't work unless you also change the set statement to something like "set -- ${SEP_IP[@]}) "

Similarly, the construction ${ADDRESSES//,\" \"} is a bash-only construction. So, you would need to use something like 'sed' if you want to do this in /bin/sh.

The following code works for /bin/sh where

actionban = oifs=${IFS}; IFS=.;SEP_IP=<ip>; set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs}
            IP=<ip>
            FROM=<sender>
            SERVICE=<service>
            FAILURES=<failures>
            REPORTID=<time>@<fq-hostname>
            TLP=<tlp>
            PORT=<port>
            DATE=`LC_ALL=C date --date=@<time> +"%%a, %%d %%h %%Y %%T %%z"`
            if [ ! -z "$ADDRESSES" ]; then
                 ADDRESSES=`echo ${ADDRESSES} | /bin/sed 's/,/" "/'`
                (printf -- %%b "<header>\n<message>\n<report>\n\n";
                 date '+Note: Local timezone is %%z (%%Z)';
                 printf -- %%b "\n<ipmatches>\n\n<footer>") | <mailcmd> <mailargs> ${ADDRESSES}
            fi

This would be easier if I could set the bash shell to be used...but I don't know how to force the shell to bash for this action...

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: fail2ban 0.10.2-2
Uname: Linux 5.2.9-050209-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sun Sep 1 17:19:58 2019
InstallationDate: Installed on 2019-01-06 (238 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
PackageArchitecture: all
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: fail2ban
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.fail2ban.action.d.sendmail-common.conf: [modified]
modified.conffile..etc.fail2ban.action.d.xarf-login-attack.conf: [modified]
modified.conffile..etc.fail2ban.fail2ban.conf: [modified]
modified.conffile..etc.fail2ban.jail.conf: [modified]
mtime.conffile..etc.fail2ban.action.d.sendmail-common.conf: 2019-08-20T13:41:50.086828
mtime.conffile..etc.fail2ban.action.d.xarf-login-attack.conf: 2019-09-01T17:00:26.884347
mtime.conffile..etc.fail2ban.fail2ban.conf: 2019-08-28T21:34:10.964755
mtime.conffile..etc.fail2ban.jail.conf: 2019-09-01T09:12:52.767009