[CentOS] Nasty Fail2Ban update for Centos 7

Thu Jan 2 09:16:28 UTC 2020
Michel van Deventer <m.s.j.vandeventer-2 at umcutrecht.nl>

On Tue, 2019-12-31 at 10:19 +0100, Nicolas Kovacs wrote:
> Le 31/12/2019 à 03:14, Allan a écrit :
> > Then gotta dig into Koji, to find the old version, download it,
> > and downgrade to that - and pew, everything is back to normal.
> > 
> > The old one seems to be version 0.9.7 and the new one is 0.10.4
> > 
> > I haven't had time to look into Fail2Bans info about these 2
> > version,
> > but since there is a major version change - is it really possible
> > to
> > just upgrade these ?
> > 
> > Sure, I would love to have a working 0.10.4 for my Centos 7 - but
> > it
> > shouldn't destroy my existing system - or it should at least warn
> > me
> > about that - or what to fix.
> 
> I have automatic updates with yum-cron on all my production servers.
> Fail2ban 
> has been recently upgraded to 0.10.4 and still works perfectly.
We also had it updated and fail2ban worked perfectly except it did not
ban anymore on the sshd jail. This was caused by the
/etc/fail2ban/filter.d/sshd.conf file which should have been replaced
with a new one from the rpm (there was a sshd.conf.rpmnew file).

Below the error we found in /var/log/fail2ban.log :
2019-12-09 10:02:15,294 fail2ban.filtersystemd  [13628]: INFO    [sshd]
Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2019-12-09 10:02:15,295 fail2ban.filter         [13628]: ERROR   No
failure-id group in 'normal'
2019-12-09 10:02:15,295 fail2ban.transmitter    [13628]: WARNING
Command ['set', 'sshd', 'addfailregex', 'normal'] has failed. Received
RegexException("No failure-id group in 'normal'",)
2019-12-09 10:02:15,295 fail2ban                [13628]: ERROR   NOK:
("No failure-id group in 'normal'",)
 
  Regards,

    Michel



------------------------------------------------------------------------------

De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht
ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct
te informeren door het bericht te retourneren. Het Universitair Medisch
Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W.
(Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij
de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.

Denk s.v.p aan het milieu voor u deze e-mail afdrukt.

------------------------------------------------------------------------------

This message may contain confidential information and is intended exclusively
for the addressee. If you receive this message unintentionally, please do not
use the contents but notify the sender immediately by return e-mail. University
Medical Center Utrecht is a legal person by public law and is registered at
the Chamber of Commerce for Midden-Nederland under no. 30244197.

Please consider the environment before printing this e-mail.