On Tue, 2019-12-31 at 10:19 +0100, Nicolas Kovacs wrote:
Le 31/12/2019 à 03:14, Allan a écrit :
Then gotta dig into Koji, to find the old version, download it, and downgrade to that - and pew, everything is back to normal.
The old one seems to be version 0.9.7 and the new one is 0.10.4
I haven't had time to look into Fail2Bans info about these 2 version, but since there is a major version change - is it really possible to just upgrade these ?
Sure, I would love to have a working 0.10.4 for my Centos 7 - but it shouldn't destroy my existing system - or it should at least warn me about that - or what to fix.
I have automatic updates with yum-cron on all my production servers. Fail2ban has been recently upgraded to 0.10.4 and still works perfectly.
We also had it updated and fail2ban worked perfectly except it did not ban anymore on the sshd jail. This was caused by the /etc/fail2ban/filter.d/sshd.conf file which should have been replaced with a new one from the rpm (there was a sshd.conf.rpmnew file).
Below the error we found in /var/log/fail2ban.log : 2019-12-09 10:02:15,294 fail2ban.filtersystemd [13628]: INFO [sshd] Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd' 2019-12-09 10:02:15,295 fail2ban.filter [13628]: ERROR No failure-id group in 'normal' 2019-12-09 10:02:15,295 fail2ban.transmitter [13628]: WARNING Command ['set', 'sshd', 'addfailregex', 'normal'] has failed. Received RegexException("No failure-id group in 'normal'",) 2019-12-09 10:02:15,295 fail2ban [13628]: ERROR NOK: ("No failure-id group in 'normal'",)
Regards,
Michel
------------------------------------------------------------------------------
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Het Universitair Medisch Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
------------------------------------------------------------------------------
This message may contain confidential information and is intended exclusively for the addressee. If you receive this message unintentionally, please do not use the contents but notify the sender immediately by return e-mail. University Medical Center Utrecht is a legal person by public law and is registered at the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.