+- Free VPS Discussion (//freevps.us)
+-- Forum: Free VPS Discussion (/forum-1.html)
+--- Forum: Help & Support (/forum-2.html)
+--- Thread: Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath (/thread-4088.html)
Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath - Kaloy - 02-28-2012 07:13 PM
As I'm already running Fail2Ban configured as per my tutorial for additional security on SSH. I decided to use it to for securing Apache as well.
So I edited its configuration file to enable the filter for Apache BadBots and point it to where my web site logs are:
# vi /etc/fail2ban/jail.confhere's the part of the configuration file that I updated:
Code:
...
[apache-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
sendmail-buffered[name=BadBots, lines=5, dest=me@mydomain.com]
# logpath = /var/www/*/logs/access_log
logpath = /home/*/public_html/*/log/access.log
bantime = 172800
maxretry = 1
...# service fail2ban restartBut, upon checking on its logfile I found out that something went wrong and the filter for Apache BadBots did not actually started:
Stopping fail2ban: [ OK ]
Starting fail2ban: [ OK ]
# tail /var/log/fail2ban.logI've Googled regarding the error message but did not find anything related to this problem.
...
2012-02-28 16:31:07,621 fail2ban.comm : WARNING Invalid command: ['set', 'apache-badbots', 'addlogpath', '/home/demo/public_html/mydomain.com/log/access.log']
I dont know if most people here are using Fail2Ban but I'm still hoping that someone here could help, TIA.
RE: Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath - f8ll - 02-29-2012 12:23 PM
This is a shot in the dark but does the user running fail2ban have permission to write to /home/demo/public_html/mydomain.com/log/access.log ?
RE: Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath - DeathProxy - 02-29-2012 12:51 PM
I'm also not sure about this (this may or may not be the problem), but I saw that in:
2012-02-28 16:31:07,621 fail2ban.comm : WARNING Invalid command: ['set', 'apache-badbots', 'addlogpath', '/home/demo/public_html/mydomain.com/log/access.log']
Is it supposed to be fail2ban.comm or fail2ban.com?
RE: Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath - ninetailfox97 - 02-29-2012 02:43 PM
probably .com
RE: Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath - Kaloy - 02-29-2012 04:47 PM
@f8ll
Yes, I've already compared this with the SSH log file that is working with Fail2Ban SSH filter:
# ls -l /var/log/secureFail2Ban process is run by root:
-rw-------. 1 root root 1446381 Feb 29 13:45 /var/log/secure
# ps aux | grep fail2banFile permission for the Apache web site log:
root 17451 0.0 0.7 35768 6088 ? Sl Feb28 0:18 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
# ls -l /home/demo/public_html/mydomain.com/log/access.log
-rw-r--r--. 1 root root 641 Feb 29 06:50 access.log
@DeathProxy and ninetailfox97
I dont think there is a configuration to change the ".comm" on the fail2ban.log, since that is the way Fail2Ban was programed to write his log. I think its an abbreviation of "command", see below some more lines from the log file:
# tail /var/log/fail2ban.log
2012-02-28 16:39:15,795 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin
2012-02-28 16:39:15,815 fail2ban.filter : INFO Added logfile = /var/log/secure
2012-02-28 16:39:15,816 fail2ban.filter : INFO Set maxRetry = 1
2012-02-28 16:39:15,819 fail2ban.filter : INFO Set findtime = 600
2012-02-28 16:39:15,819 fail2ban.actions: INFO Set banTime = 7200
2012-02-28 16:39:15,917 fail2ban.jail : INFO Jail 'ssh-iptables' started
2012-02-29 04:52:27,928 fail2ban.actions: WARNING [ssh-iptables] Ban 59.125.28.86
2012-02-29 06:52:28,165 fail2ban.actions: WARNING [ssh-iptables] Unban 59.125.28.86
2012-02-29 10:50:20,120 fail2ban.actions: WARNING [ssh-iptables] Ban 122.193.13.170
2012-02-29 12:50:20,256 fail2ban.actions: WARNING [ssh-iptables] Unban 122.193.13.170
This is really mysterious for me as I don't know anymore where to look for what's causing the problem.
I will really give rep. to who ever could help me solve this.
RE: Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath - DeathProxy - 02-29-2012 04:53 PM
Just saying, offering reputation points isn't the reason that most people help other people.
Anyhow, Fail2Ban seems to be trying to look for the logs in the wrong spot.
It's looking for the logs here:
Quote:/home/demo/public_html/mydomain.com/log/access.log
But your logs appear to be here:
Quote:/home/demo/www/mydomain.com/log/access.log
RE: Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath - Kaloy - 02-29-2012 05:04 PM
Sorry, that was just a test directory, I tried to re-create the directory tree when I was testing/isolating if the problem was on the file permission. Edited now, to reflect the correct one.
RE: Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath - DeathProxy - 02-29-2012 05:05 PM
Is it working now?
999th Post!
RE: Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath - Kaloy - 02-29-2012 05:29 PM
Nope, re-creating my web site directory tree just confirmed that the problem was not on the files permission.
RE: Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath - DeathProxy - 02-29-2012 05:40 PM
I'm sorry, I've never used Fail2Ban before. Can't help you with this.