Date: Sat, 20 May 2017 21:07:52 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 219419] security/py-fail2ban: Command not found Message-ID: <bug-219419-13-HwdCw7F7Rn@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-219419-13@https.bugs.freebsd.org/bugzilla/> References: <bug-219419-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219419 --- Comment #2 from Lukasz Wasikowski <lukasz@wasikowski.net> --- (In reply to theis from comment #1) /usr/local/bin/fail2ban-python points to /usr/local/bin/python2.7, so that's ok. But you are missing the point - default FreeBSD installation (which I w= ill show you in a second) won't work with shabang set to #!/usr/bin/env fail2ban-python because there is no /usr/local/bin/ in PATH, so env can't f= ind fail2ban-python. man 8 service says: ENVIRONMENT When used to run rc.d scripts the service command sets HOME to / and P= ATH to /sbin:/bin:/usr/sbin:/usr/bin which is how they are set in /etc/rc = at boot time. I've created clean environment for fail2ban test. 1. FreeBSD 11.0-RELEASE was installed from official ISO - default settings (without IPv6) and updated via freebsd-update fetch install: root@fail2ban-test:~ # freebsd-version 11.0-RELEASE-p10 2. pkg was installed: root@fail2ban-test:~ # pkg version pkg-1.10.1 > 3. fail2ban was installed: root@fail2ban-test:~ # pkg install py27-fail2ban Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. The following 9 package(s) will be affected (of 0 checked): [...] root@fail2ban-test:~ # pkg query %v py27-fail2ban 0.9.6 root@fail2ban-test:~ # ls -l `which fail2ban-python` lrwxr-xr-x 1 root wheel 24 Apr 30 10:24 /usr/local/bin/fail2ban-python -> /usr/local/bin/python2.7 4. fail2ban configuration: root@fail2ban-test:~ # cat /usr/local/etc/fail2ban/jail.local [DEFAULT] backend =3D auto ignorecommands_dir =3D /usr/local/etc/fail2ban/filter.d/ignorecommands [test-fakegb] enabled =3D true filter =3D apache-fakegooglebot action =3D pf[tablename=3Dfail2ban-www] logpath =3D /var/log/test-access.log maxretry =3D 1 ignorecommand =3D %(ignorecommands_dir)s/apache-fakegooglebot <ip> 5. Prepare fake apache log: root@fail2ban-test:~ # touch /var/log/test-access.log 6. Enable fail2ban and reboot. root@fail2ban-test:~ # echo 'fail2ban_enable=3D"YES"' >> /etc/rc.conf && re= boot 7. Start pf firewall (all open, doesn't matter in test case): root@fail2ban-test:~ # cat /etc/pf.conf table <fail2ban-www> persist pass all root@fail2ban-test:~ # service pf onestart Enabling pf. 8. Check date (fail2ban by default will act on record from last 600 seconds= ): root@fail2ban-test:~ # date Sat May 20 23:04:47 CEST 2017 9. Simulate fake Googlebot: echo '10.10.100.111 [20/May/2017:23:04:00 +0200] Googlebot' >> /var/log/test-access.log 10. Look at fail2ban log: root@fail2ban-test:~ # cat /var/log/fail2ban.log 2017-05-20 23:03:36,588 fail2ban.server [552]: INFO Changed logg= ing target to /var/log/fail2ban.log for Fail2ban v0.9.6 2017-05-20 23:03:36,590 fail2ban.database [552]: INFO Connected to fail2ban persistent database '/var/db/fail2ban/fail2ban.sqlite3' 2017-05-20 23:03:36,592 fail2ban.database [552]: WARNING New database created. Version '2' 2017-05-20 23:03:36,593 fail2ban.jail [552]: INFO Creating new jail 'test-fakegb' 2017-05-20 23:03:36,596 fail2ban.jail [552]: INFO Jail 'test-fakegb' uses poller {} 2017-05-20 23:03:36,614 fail2ban.jail [552]: INFO Initiated 'polling' backend 2017-05-20 23:03:36,616 fail2ban.filter [552]: INFO Added logfil= e =3D /var/log/test-access.log 2017-05-20 23:03:36,616 fail2ban.filter [552]: INFO Set maxRetry= =3D 1 2017-05-20 23:03:36,617 fail2ban.filter [552]: INFO Set jail log file encoding to US-ASCII 2017-05-20 23:03:36,617 fail2ban.actions [552]: INFO Set banTime = =3D 600 2017-05-20 23:03:36,617 fail2ban.filter [552]: INFO Set findtime= =3D 600 2017-05-20 23:03:36,622 fail2ban.jail [552]: INFO Jail 'test-fakegb' started 2017-05-20 23:05:05,458 fail2ban.filter [552]: INFO Log rotation detected for /var/log/test-access.log 2017-05-20 23:05:05,570 fail2ban.action [552]: ERROR=20=20 /usr/local/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot 10.10.100.111 -- stdout: '' 2017-05-20 23:05:05,570 fail2ban.action [552]: ERROR=20=20 /usr/local/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot 10.10.100.111 -- stderr: 'env: fail2ban-python: No such file or directory\n' 2017-05-20 23:05:05,570 fail2ban.action [552]: ERROR=20=20 /usr/local/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot 10.10.100.111 -- returned 127 2017-05-20 23:05:05,570 fail2ban.action [552]: INFO HINT on 127: "Command not found". Make sure that all commands in '/usr/local/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot 10.10.100.111' are in the PATH of fail2ban-server process (grep -a PATH=3D /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" = in another shell session and observe if additional informative error messages appear in the terminals. 2017-05-20 23:05:05,571 fail2ban.filter [552]: INFO [test-fakegb] Found 10.10.100.111 2017-05-20 23:05:06,514 fail2ban.actions [552]: NOTICE [test-fakegb] Ban 10.10.100.111 As you can see this problem is not local to my FreeBSD servers. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219419-13-HwdCw7F7Rn>