Bug 1263809 - fail2ban badips function not working
fail2ban badips function not working
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: fail2ban (Show other bugs)
22
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Orion Poplawski
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-16 14:49 EDT by dan
Modified: 2016-07-19 15:56 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-19 15:56:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Logfile showing error (7.37 KB, text/plain)
2015-09-16 14:49 EDT, dan
no flags Details

  None (edit)
Description dan 2015-09-16 14:49:39 EDT
Created attachment 1074175 [details]
Logfile showing error

Description of problem:

fail2ban is not properly parsing actions to badips


Version-Release number of selected component (if applicable):

0.9.2-1


How reproducible:

jail,local consists of:

[DEFAULT]
banTime = 86400
findtime = 14400
maxRetry = 3
ignoreip = 127.0.0.0/8 192.168.0.0/24
banaction = firewallcmd-ipset
sender = fail2ban@masked.com
destemail = dan@masked.com
action = %(action_mwl)s

[sshd]
enabled = true
banaction = firewallcmd-ipset
            badips[category=ssh]

Ban via firewallcmd-ipset works as expected, however error is seen in attached log for badips processing.
Comment 1 Orion Poplawski 2015-09-16 15:10:31 EDT
Can you try updating to 0.9.3 in updates-testing and see if that helps?
Comment 2 dan 2015-09-16 16:42:06 EDT
Tested 0.9.3 from updates-testing, same issue.
Comment 3 dan 2015-09-17 16:59:08 EDT
Somewhat related, I also tried to use xarf and receive the following error:

2015-09-17 16:48:03,281 fail2ban.actions        [7824]: ERROR   Failed to execute ban jail 'sshd' action 'xarf-login-attack' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f63f1297320>, 'matches': 'Sep 17 15:17:53 ears sshd[1279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:56 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:17:56 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:17:56 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:17:56 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:17:56 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:17:56 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:17:58 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:17:58 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:17:58 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:17:59 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:17:59 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:17:59 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:18:01 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:18:01 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:18:01 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:18:02 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:18:02 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:18:02 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:17:53 ears sshd[1279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:56 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:17:56 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:17:56 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:17:56 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:17:56 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:17:56 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:17:58 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:17:58 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:17:58 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:17:59 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:17:59 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:17:59 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:18:01 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:18:01 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:18:01 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:18:02 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:18:02 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:18:02 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:17:53 ears sshd[1279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:56 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:17:56 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:17:56 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:17:56 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:17:56 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:17:56 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:17:58 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:17:58 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:17:58 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:17:59 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:17:59 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:17:59 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:18:01 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:18:01 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:18:01 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:18:02 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:18:02 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:18:02 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:17:53 ears sshd[1279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:53 ears sshd[1288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.151.52.16  user=root\nSep 17 15:17:56 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:17:56 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:17:56 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:17:56 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:17:56 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:17:56 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:17:58 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:17:58 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:17:58 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:17:59 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:17:59 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:17:59 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2\nSep 17 15:18:01 ears sshd[1280]: Failed password for root from 46.151.52.16 port 57413 ssh2\nSep 17 15:18:01 ears sshd[1279]: Failed password for root from 46.151.52.16 port 57411 ssh2\nSep 17 15:18:01 ears sshd[1281]: Failed password for root from 46.151.52.16 port 57412 ssh2\nSep 17 15:18:02 ears sshd[1282]: Failed password for root from 46.151.52.16 port 57415 ssh2\nSep 17 15:18:02 ears sshd[1287]: Failed password for root from 46.151.52.16 port 57414 ssh2\nSep 17 15:18:02 ears sshd[1288]: Failed password for root from 46.151.52.16 port 57410 ssh2', 'ip': '46.151.52.16', 'ipmatches': <function <lambda> at 0x7f63f1297398>, 'ipfailures': <function <lambda> at 0x7f63f1297230>, 'time': 1442522882.339112, 'failures': 96, 'ipjailfailures': <function <lambda> at 0x7f63f12972a8>})': 'bool' object is not iterable

Am I correct that the script is looking for 'ipjailfailures' and this is not found?

Please advise if I should open a separate bug for this or if they will be worked on together.
Comment 4 Orion Poplawski 2015-09-18 17:34:38 EDT
Don't you want:

[sshd]
enabled = true
action = firewallcmd-ipset
         badips[category=ssh]
Comment 5 dan 2015-09-18 19:23:52 EDT
Tried this:

SELinux is preventing /usr/bin/curl from name_connect access on the tcp_socket port 80.

*****  Plugin catchall_boolean (89.3 confidence) suggests   ******************

If you want to allow system to run with NIS
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
You can read 'fail2ban_selinux' man page for more details.
Do
setsebool -P nis_enabled 1

*****  Plugin catchall (11.6 confidence) suggests   **************************

If you believe that curl should be allowed name_connect access on the port 80 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep curl /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:fail2ban_t:s0
Target Context                system_u:object_r:http_port_t:s0
Target Objects                port 80 [ tcp_socket ]
Source                        curl
Source Path                   /usr/bin/curl
Port                          80
Host                          ears.private
Source RPM Packages           curl-7.40.0-6.fc22.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-128.13.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     ears.private
Platform                      Linux ears.private 4.1.6-201.fc22.x86_64 #1 SMP
                              Fri Sep 4 17:49:24 UTC 2015 x86_64 x86_64
Alert Count                   12
First Seen                    2015-09-18 19:20:51 EDT
Last Seen                     2015-09-18 19:20:53 EDT
Local ID                      5c8d42b2-7010-40ba-8ab3-a8b9b16bb7b4

Raw Audit Messages
type=AVC msg=audit(1442618453.209:864): avc:  denied  { name_connect } for  pid=7839 comm="curl" dest=80 scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0


type=SYSCALL msg=audit(1442618453.209:864): arch=x86_64 syscall=connect success=no exit=EACCES a0=3 a1=7fffe6f4e9d0 a2=1c a3=0 items=0 ppid=7551 pid=7839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=curl exe=/usr/bin/curl subj=system_u:system_r:fail2ban_t:s0 key=(null)

Hash: curl,fail2ban_t,http_port_t,tcp_socket,name_connect

So perhaps the issue is selinux related?
Comment 6 Orion Poplawski 2015-09-18 22:21:25 EDT
Well, there are couple things going here.  SELinux is definitely blocking curl, which probably should be allowed.  You'll want to file a bug against selinux-policy for that.

However, you may also want to try the badips.py action instead of badips.

With the default jail.conf and your banaction definition, this should do it:

[sshd]
enabled = true
action = %(action_badips)s

It may be that SELinux will allow fail2ban to connect to port 80 directly.  If not you'll want to add that to your other bug report.

However from your logs, it looked like too much was getting matched as "<category>"

2015-09-16 14:46:29,729 fail2ban.action         [3820]: ERROR   curl --fail  --user-agent "fail2ban v0.8.12" http://www.badips.com/add/ssh][name=sshd/117.4.240.22 -- stderr: 'curl: (3) [globbing] unmatched close brace/bracket in column 30\n'

I think you need to quote the category string, so it would have been:

[sshd]
enabled = true
action = firewallcmd-ipset
         badips[category="ssh"]
Comment 7 dan 2015-09-18 22:37:26 EDT
I think you need to quote the category string, so it would have been:

[sshd]
enabled = true
action = firewallcmd-ipset
         badips[category="ssh"]

I tried the above case, no change to results.

With the following:


[sshd]
enabled = true
action = %(action_badips)s

Process failed to start...

ep 18 22:35:55 ears.private systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has begun starting up.
Sep 18 22:35:56 ears.private fail2ban-client[20909]: ERROR  Failed during config
uration: Bad value substitution:
Sep 18 22:35:56 ears.private fail2ban-client[20909]: section: [sshd]
Sep 18 22:35:56 ears.private fail2ban-client[20909]: option : action
Sep 18 22:35:56 ears.private fail2ban-client[20909]: key    : name
Sep 18 22:35:56 ears.private fail2ban-client[20909]: rawval : ", banaction="%(ba
naction)s"]
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service: control process exite
d, code=exited status=255
Sep 18 22:35:56 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 18 22:35:56 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 18 22:35:56 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service failed.
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service holdoff time over, sch
eduling restart.
Sep 18 22:35:56 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 18 22:35:56 ears.private audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 18 22:35:56 ears.private systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has begun starting up.
Sep 18 22:35:56 ears.private fail2ban-client[20980]: ERROR  Failed during config
uration: Bad value substitution:
Sep 18 22:35:56 ears.private fail2ban-client[20980]: section: [sshd]
Sep 18 22:35:56 ears.private fail2ban-client[20980]: option : action
Sep 18 22:35:56 ears.private fail2ban-client[20980]: key    : name
Sep 18 22:35:56 ears.private fail2ban-client[20980]: rawval : ", banaction="%(ba
naction)s"]
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service: control process exite
d, code=exited status=255
Sep 18 22:35:56 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 18 22:35:56 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service failed.
Sep 18 22:35:56 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service holdoff time over, sch
eduling restart.
Sep 18 22:35:56 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 18 22:35:56 ears.private audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 18 22:35:56 ears.private systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has begun starting up.
Sep 18 22:35:56 ears.private fail2ban-client[21082]: ERROR  Failed during config
uration: Bad value substitution:
Sep 18 22:35:56 ears.private fail2ban-client[21082]: section: [sshd]
Sep 18 22:35:56 ears.private fail2ban-client[21082]: option : action
Sep 18 22:35:56 ears.private fail2ban-client[21082]: key    : name
Sep 18 22:35:56 ears.private fail2ban-client[21082]: rawval : ", banaction="%(ba
naction)s"]
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service: control process exite
d, code=exited status=255
Sep 18 22:35:56 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 18 22:35:56 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service failed.
Sep 18 22:35:56 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service holdoff time over, sch
eduling restart.
Sep 18 22:35:56 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 18 22:35:56 ears.private audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 18 22:35:56 ears.private systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has begun starting up.
Sep 18 22:35:56 ears.private fail2ban-client[21156]: ERROR  Failed during config
uration: Bad value substitution:
Sep 18 22:35:56 ears.private fail2ban-client[21156]: section: [sshd]
Sep 18 22:35:56 ears.private fail2ban-client[21156]: option : action
Sep 18 22:35:56 ears.private fail2ban-client[21156]: key    : name
Sep 18 22:35:56 ears.private fail2ban-client[21156]: rawval : ", banaction="%(ba
naction)s"]
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service: control process exite
d, code=exited status=255
Sep 18 22:35:56 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 18 22:35:56 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service failed.
Sep 18 22:35:56 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Sep 18 22:35:56 ears.private systemd[1]: fail2ban.service holdoff time over, sch
eduling restart.
Sep 18 22:35:56 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 18 22:35:56 ears.private audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 18 22:35:56 ears.private systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has begun starting up.
Sep 18 22:35:57 ears.private fail2ban-client[21159]: ERROR  Failed during config
uration: Bad value substitution:
Sep 18 22:35:57 ears.private fail2ban-client[21159]: section: [sshd]
Sep 18 22:35:57 ears.private fail2ban-client[21159]: option : action
Sep 18 22:35:57 ears.private fail2ban-client[21159]: key    : name
Sep 18 22:35:57 ears.private fail2ban-client[21159]: rawval : ", banaction="%(ba
naction)s"]
Sep 18 22:35:57 ears.private systemd[1]: fail2ban.service: control process exite
d, code=exited status=255
Sep 18 22:35:57 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 18 22:35:57 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 18 22:35:57 ears.private systemd[1]: fail2ban.service failed.
Sep 18 22:35:57 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Sep 18 22:35:57 ears.private systemd[1]: fail2ban.service holdoff time over, sch
eduling restart.
Sep 18 22:35:57 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 18 22:35:57 ears.private audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 18 22:35:57 ears.private systemd[1]: start request repeated too quickly for 
fail2ban.service
Sep 18 22:35:57 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 18 22:35:57 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 18 22:35:57 ears.private systemd[1]: fail2ban.service failed.
Comment 8 Orion Poplawski 2015-09-18 23:26:38 EDT
Okay, after testing locally this should work:

[sshd]
enabled = true
banaction = firewallcmd-ipset
action = firewallcmd-ipset
         %(action_badips)s

See if you get any errors when that triggers a ban.
Comment 9 dan 2015-09-19 09:06:12 EDT
systemctl start fail2ban.service:

Sep 19 09:05:26 ears.private systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has begun starting up.
Sep 19 09:05:26 ears.private fail2ban-client[18920]: ERROR  Failed during config
uration: Bad value substitution:
Sep 19 09:05:26 ears.private fail2ban-client[18920]: section: [sshd]
Sep 19 09:05:26 ears.private fail2ban-client[18920]: option : action
Sep 19 09:05:26 ears.private fail2ban-client[18920]: key    : name
Sep 19 09:05:26 ears.private fail2ban-client[18920]: rawval : ", banaction="%(ba
naction)s"]
Sep 19 09:05:26 ears.private systemd[1]: fail2ban.service: control process exite
d, code=exited status=255
Sep 19 09:05:26 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 19 09:05:26 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 19 09:05:26 ears.private systemd[1]: fail2ban.service failed.
Sep 19 09:05:26 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Sep 19 09:05:26 ears.private systemd[1]: fail2ban.service holdoff time over, sch
eduling restart.
Sep 19 09:05:26 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 19 09:05:26 ears.private audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 19 09:05:26 ears.private systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has begun starting up.
Sep 19 09:05:26 ears.private fail2ban-client[19066]: ERROR  Failed during config
uration: Bad value substitution:
Sep 19 09:05:26 ears.private fail2ban-client[19066]: section: [sshd]
Sep 19 09:05:26 ears.private fail2ban-client[19066]: option : action
Sep 19 09:05:26 ears.private fail2ban-client[19066]: key    : name
Sep 19 09:05:26 ears.private fail2ban-client[19066]: rawval : ", banaction="%(ba
naction)s"]
Sep 19 09:05:26 ears.private systemd[1]: fail2ban.service: control process exite
d, code=exited status=255
Sep 19 09:05:26 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 19 09:05:26 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 19 09:05:26 ears.private systemd[1]: fail2ban.service failed.
Sep 19 09:05:26 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Sep 19 09:05:26 ears.private systemd[1]: fail2ban.service holdoff time over, sch
eduling restart.
Sep 19 09:05:26 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 19 09:05:26 ears.private audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 19 09:05:26 ears.private systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has begun starting up.
Sep 19 09:05:27 ears.private fail2ban-client[19165]: ERROR  Failed during config
uration: Bad value substitution:
Sep 19 09:05:27 ears.private fail2ban-client[19165]: section: [sshd]
Sep 19 09:05:27 ears.private fail2ban-client[19165]: option : action
Sep 19 09:05:27 ears.private fail2ban-client[19165]: key    : name
Sep 19 09:05:27 ears.private fail2ban-client[19165]: rawval : ", banaction="%(ba
naction)s"]
Sep 19 09:05:27 ears.private systemd[1]: fail2ban.service: control process exite
d, code=exited status=255
Sep 19 09:05:27 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 19 09:05:27 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 19 09:05:27 ears.private systemd[1]: fail2ban.service failed.
Sep 19 09:05:27 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Sep 19 09:05:27 ears.private systemd[1]: fail2ban.service holdoff time over, sch
eduling restart.
Sep 19 09:05:27 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 19 09:05:27 ears.private audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 19 09:05:27 ears.private systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has begun starting up.
Sep 19 09:05:27 ears.private fail2ban-client[19167]: ERROR  Failed during config
uration: Bad value substitution:
Sep 19 09:05:27 ears.private fail2ban-client[19167]: section: [sshd]
Sep 19 09:05:27 ears.private fail2ban-client[19167]: option : action
Sep 19 09:05:27 ears.private fail2ban-client[19167]: key    : name
Sep 19 09:05:27 ears.private fail2ban-client[19167]: rawval : ", banaction="%(ba
naction)s"]
Sep 19 09:05:27 ears.private systemd[1]: fail2ban.service: control process exite
d, code=exited status=255
Sep 19 09:05:27 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 19 09:05:27 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 19 09:05:27 ears.private systemd[1]: fail2ban.service failed.
Sep 19 09:05:27 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Sep 19 09:05:27 ears.private systemd[1]: fail2ban.service holdoff time over, sch
eduling restart.
Sep 19 09:05:27 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 19 09:05:27 ears.private audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 19 09:05:27 ears.private systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has begun starting up.
Sep 19 09:05:27 ears.private fail2ban-client[19169]: ERROR  Failed during config
uration: Bad value substitution:
Sep 19 09:05:27 ears.private fail2ban-client[19169]: section: [sshd]
Sep 19 09:05:27 ears.private fail2ban-client[19169]: option : action
Sep 19 09:05:27 ears.private fail2ban-client[19169]: key    : name
Sep 19 09:05:27 ears.private fail2ban-client[19169]: rawval : ", banaction="%(ba
naction)s"]
Sep 19 09:05:27 ears.private systemd[1]: fail2ban.service: control process exite
d, code=exited status=255
Sep 19 09:05:27 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 19 09:05:27 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 19 09:05:27 ears.private systemd[1]: fail2ban.service failed.
Sep 19 09:05:27 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Sep 19 09:05:27 ears.private systemd[1]: fail2ban.service holdoff time over, sch
eduling restart.
Sep 19 09:05:27 ears.private audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 19 09:05:27 ears.private audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fail2ban comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 19 09:05:27 ears.private systemd[1]: start request repeated too quickly for 
fail2ban.service
Sep 19 09:05:27 ears.private systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit fail2ban.service has failed.
-- 
-- The result is failed.
Sep 19 09:05:27 ears.private systemd[1]: Unit fail2ban.service entered failed st
ate.
Sep 19 09:05:27 ears.private systemd[1]: fail2ban.service failed.
Comment 10 dan 2016-05-24 12:47:51 EDT
Some reading on the fail2ban.org website shows that issues I am experiencing such as the one reported, and another problem with xarf-login-attack, have been fixed in version 0.10 but that the change will not be backported to 0.9 because of the number of changes:

From email of Serg, of the the developers:

"Unfortunately the error 'bool' object is not iterable is a subsequent error. 
We have fixed the loss of the actual error in 0.10, but for 0.9 would be currently too many changes necessary..."

Therefore, is it possible to propose that 0.10 be packaged for FC23 as a solution to this issue?
Comment 11 Orion Poplawski 2016-05-24 16:03:40 EDT
It's possible.  Will know more when 0.10 is actually released.
Comment 12 Fedora End Of Life 2016-07-19 15:56:59 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.