From owner-freebsd-ports@freebsd.org Fri Oct 27 22:17:02 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5C010E52032 for ; Fri, 27 Oct 2017 22:17:02 +0000 (UTC) (envelope-from jankyj@unfs.us) Received: from stig.purplehat.org (stig.purplehat.org [50.243.134.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2D8227D399 for ; Fri, 27 Oct 2017 22:17:01 +0000 (UTC) (envelope-from jankyj@unfs.us) Received: from localhost (bill.goatse.unfs.us [50.243.134.106]) by stig.purplehat.org (Postfix) with ESMTP id 77FFF4F0F0 for ; Fri, 27 Oct 2017 16:11:41 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=unfs.us; s=mail; t=1509142301; bh=FNf6Z4ISAzBXGMSRtYy9uxVNWikGm15zqPYvkeLy05c=; h=To:From:Subject:Date; b=AKYm4gL1dxei+wCR1XpQo7pNJ7eliX+0Pq+FGuFV20AlQzAUJRGYNaQlIUfuO4QK3 lspbRZhuyi+xD05hHi1poaNZA6BgAoIuAWF2KvM9U7xQSJdXpkT06hTtSmQNZLNyaI k9KWGTZZgTB4VBfxUwFc+NehaahOx0ijXVAA6iaE= Received: from stig.purplehat.org ([50.243.134.106]) by localhost (stig.purplehat.org [50.243.134.106]) (maiad, port 10024) with ESMTP id 12846-03 for ; Fri, 27 Oct 2017 16:11:39 -0600 (MDT) Received: from fbsd-vm.purplehat.org (unknown [172.28.35.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jankyj@unfs.us) by stig.purplehat.org (Postfix) with ESMTPSA id D17CF4F0E8 for ; Fri, 27 Oct 2017 16:11:38 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=unfs.us; s=mail; t=1509142299; bh=FNf6Z4ISAzBXGMSRtYy9uxVNWikGm15zqPYvkeLy05c=; h=To:From:Subject:Date; b=cQZLla47nUAqgx5J5Z6PiD7jXlrvl0MTX9LJoXGIxW8sWqDsM4tRtjJpbWK+220e4 ZLhHqNgZZBft457o+7Zpi7JVG8qvhwbisPeYC8o3tpdNpyN8qOz62EPn40/JLeQYPL ejYuaRKOWSiadnTmngjTWIIo0kMckjpETnDvetg4= To: freebsd-ports@freebsd.org From: "Janky Jay, III" Subject: Latest security/py-fail2ban (0.10.1_1) Broken Again. Message-ID: <4ece993b-f182-b0a5-6efa-271d78ed231f@unfs.us> Date: Fri, 27 Oct 2017 16:11:38 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-Virus-Scanned: Maia Mailguard X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Oct 2017 22:17:02 -0000 Looks like the latest update broken more of the previously fixed issues. Also, it appears that F2B 0.9.X is the latest stable and 0.10.X is "experimental". Why is the default port experimental? Shouldn't this be broken up into two ports? Anywho, below is an example of the fail2ban.log output when an SSH attempt should be banned (via PF): 2017-10-27 16:02:40,016 fail2ban.filter         [17083]: INFO    [bsd-ssh-pf] Found 174.135.101.80 - 2017-10-27 16:02:39 2017-10-27 16:02:42,286 fail2ban.filter         [17083]: INFO    [bsd-ssh-pf] Found 174.135.101.80 - 2017-10-27 16:02:41 2017-10-27 16:02:42,497 fail2ban.actions        [17083]: NOTICE  [bsd-ssh-pf] Ban 174.135.101.80 2017-10-27 16:02:42,520 fail2ban.utils          [17083]: Level 39 8020c31c0 -- exec: pfctl -a f2b/ssh -sr | grep -q f2b-ssh 2017-10-27 16:02:42,521 fail2ban.utils          [17083]: ERROR   8020c31c0 -- returned 1 2017-10-27 16:02:42,521 fail2ban.CommandAction  [17083]: ERROR   Invariant check failed. Trying to restore a sane environment 2017-10-27 16:02:42,566 fail2ban.utils          [17083]: Level 39 8020b0870 -- exec: echo "table persist counters" | pfctl -a f2b/ssh -f- echo "block quick proto tcp from to any port {{30000}}" | pfctl -a f2b/ssh -f- 2017-10-27 16:02:42,567 fail2ban.utils          [17083]: ERROR   8020b0870 -- stderr: 'stdin:1: syntax error' 2017-10-27 16:02:42,567 fail2ban.utils          [17083]: ERROR   8020b0870 -- stderr: 'pfctl: Syntax error in config file: pf rules not loaded' 2017-10-27 16:02:42,567 fail2ban.utils          [17083]: ERROR   8020b0870 -- returned 1 2017-10-27 16:02:42,568 fail2ban.actions        [17083]: ERROR   Failed to execute ban jail 'bsd-ssh-pf' action 'pf' info 'ActionInfo({'ipfailures': 42, 'ip-rev': '80.101.135.174.', 'family': 'inet4', 'ipmatches': 'FTP Server [12354] domain.org [19/May/2016:20:02:35 -0600] "PASS (hidden)" 530\nFTP Server [12354] domain.org [19/May/2016:20:02:54 -0600] "PASS (hidden)" 530\nFTP Server [12354] domain.org [19/May/2016:20:02:35 -0600] "PASS (hidden)" 530\nFTP Server [12354] domain.org [19/May/2016:20:02:54 -0600] "PASS (hidden)" 530\nFTP Server [12673] domain.org [19/May/2016:20:07:42 -0600] "PASS (hidden)" 530\nFTP Server [12354] domain.org [19/May/2016:20:02:35 -0600] "PASS (hidden)" 530\nFTP Server [12354] domain.org [19/May/2016:20:02:54 -0600] "PASS (hidden)" 530\nFTP Server [12673] domain.org [19/May/2016:20:07:42 -0600] "PASS (hidden)" 530\nFTP Server [12673] domain.org [19/May/2016:20:07:45 -0600] "PASS (hidden)" 530\nFTP Server [12694] domain.org [19/May/2016:20:08:08 -0600] "PASS (hidden)" 530\nFTP Server [12694] domain.org [19/May/2016:20:08:14 -0600] "PASS (hidden)" 530\nFTP Server [12673] domain.org [19/May/2016:20:07:45 -0600] "PASS (hidden)" 530\nFTP Server [12694] domain.org [19/May/2016:20:08:08 -0600] "PASS (hidden)" 530\nFTP Server [12694] domain.org [19/May/2016:20:08:14 -0600] "PASS (hidden)" 530\nFTP Server [12869] domain.org [19/May/2016:20:14:01 -0600] "PASS (hidden)" 530\nFTP Server [12869] domain.org [19/May/2016:20:14:06 -0600] "PASS (hidden)" 530\nFTP Server [12673] domain.org [19/May/2016:20:07:42 -0600] "PASS (hidden)" 530\nFTP Server [12673] domain.org [19/May/2016:20:07:45 -0600] "PASS (hidden)" 530\nFTP Server [12694] domain.org [19/May/2016:20:08:08 -0600] "PASS (hidden)" 530\nFTP Server [12694] domain.org [19/May/2016:20:08:14 -0600] "PASS (hidden)" 530\nFTP Server [12869] domain.org [19/May/2016:20:14:01 -0600] "PASS (hidden)" 530\nFTP Server [12869] domain.org [19/May/2016:20:14:06 -0600] "PASS (hidden)" 530\nFTP Server [12881] domain.org [19/May/2016:20:14:30 -0600] "PASS (hidden)" 530\nFTP Server [12881] domain.org [19/May/2016:20:14:38 -0600] "PASS (hidden)" 530\nFTP Server [12881] domain.org [19/May/2016:20:14:30 -0600] "PASS (hidden)" 530\nFTP Server [12881] domain.org [19/May/2016:20:14:38 -0600] "PASS (hidden)" 530\nFTP Server [13000] domain.org [19/May/2016:20:17:14 -0600] "PASS (hidden)" 530\nFTP Server [13000] domain.org [19/May/2016:20:17:22 -0600] "PASS (hidden)" 530\n2017-10-15 16:45:11,363 server1.domain-dos.org proftpd[48705] server1 (domain.org[174.135.101.80]): USER user dick: no such user found from domain.org [174.135.101.80] to 51.244.130.111:21\nFTP Server [48705] domain.org [15/Oct/2017:16:45:11 +0000] "PASS (hidden)" 530\n2017-10-15 16:45:11,363 server1.domain-dos.org proftpd[48705] server1 (domain.org[174.135.101.80]): USER user dick: no such user found from domain.org [174.135.101.80] to 51.244.130.111:21\n2017-10-15 16:51:10,946 server1.domain-dos.org proftpd[48907] server1 (mail.domain.org[174.135.101.80]): USER derp: no such user found from mail.domain.org [174.135.101.80] to 51.244.130.111:21\n2017-10-15 16:51:14,626 server1.domain-dos.org proftpd[48907] server1 (mail.domain.org[174.135.101.80]): USER dick: no such user found from mail.domain.org [174.135.101.80] to 51.244.130.111:21\nOct 15 16:53:27 server1 sshd[48984]: Invalid user turd from 174.135.101.80\nOct 15 16:53:30 server1 sshd[48986]: Invalid user turd from 174.135.101.80\nOct 15 16:53:32 server1 sshd[48988]: Invalid user turd from 174.135.101.80\nOct 20 19:57:52 server1 sshd[13078]: Invalid user test from 174.135.101.80\nOct 20 19:57:55 server1 sshd[13086]: Invalid user test from 174.135.101.80\nOct 20 19:57:57 server1 sshd[13088]: Invalid user test from 174.135.101.80\nOct 27 16:02:37 server1 sshd[17277]: Invalid user fart from 174.135.101.80\nOct 27 16:02:39 server1 sshd[17279]: Invalid user fart from 174.135.101.80\nOct 27 16:02:41 server1 sshd[17281]: Invalid user fart from 174.135.101.80', 'matches': u'Oct 27 16:02:37 server1 sshd[17277]: Invalid user fart from 174.135.101.80\nOct 27 16:02:39 server1 sshd[17279]: Invalid user fart from 174.135.101.80\nOct 27 16:02:41 server1 sshd[17281]: Invalid user fart from 174.135.101.80', 'ip': '174.135.101.80', 'ipjailmatches': 'Oct 15 16:53:27 server1 sshd[48984]: Invalid user turd from 174.135.101.80\nOct 15 16:53:30 server1 sshd[48986]: Invalid user turd from 174.135.101.80\nOct 15 16:53:32 server1 sshd[48988]: Invalid user turd from 174.135.101.80\nOct 20 19:57:52 server1 sshd[13078]: Invalid user test from 174.135.101.80\nOct 20 19:57:55 server1 sshd[13086]: Invalid user test from 174.135.101.80\nOct 20 19:57:57 server1 sshd[13088]: Invalid user test from 174.135.101.80\nOct 27 16:02:37 server1 sshd[17277]: Invalid user fart from 174.135.101.80\nOct 27 16:02:39 server1 sshd[17279]: Invalid user fart from 174.135.101.80\nOct 27 16:02:41 server1 sshd[17281]: Invalid user fart from 174.135.101.80', 'ipjailfailures': 9, 'F-*': {'matches': [(u'', u'Oct 27 16:02:37', u' server1 sshd[17277]: Invalid user fart from 174.135.101.80'), u'Oct 27 16:02:39 server1 sshd[17279]: Invalid user fart from 174.135.101.80', u'Oct 27 16:02:41 server1 sshd[17281]: Invalid user fart from 174.135.101.80'], 'failures': 3, 'ip4': u'174.135.101.80'}, 'fid': '174.135.101.80', 'time': 1509141761.0, 'failures': 3, 'restored': 0, 'ip-host': 'mail.domain.org'})': Error starting action Jail('bsd-ssh-pf')/pf