Fail2Ban - Apache BadBots - WARNING Invalid command addlogpath

[Avengeuiwll]

This may sound bad but ...
What is fail2ban ?! Never heard of it before

[Kaloy]

Perhaps you could find the complete answer and information from its website.

[Avengeuiwll]

Hmm ... Does it work with things like MyBB ??

[Kaloy]

As far as my understanding with its logic, since I'm still new with it (that's why I'm raising this problem with it here), it could work with almost any program that writes logs where it can read and search for failed login/authentication attempt including the IP of the suspected attacker you can write a filter for it and your desired action, either or both to notify you by mail and/or block the IP using iptables/tcpwrapper/shorewall.

[Avengeuiwll]

Hmm .
Interesting ~ could use that to stop butt-hurt kids from DDoS'ing my buddy's Minecraft server ...

[DeathProxy]

No. Minecraft's logs are different. Fail2Ban tracks request logs, not chat logs. Minecraft's logs don't track requests.

[f8ll]

Let's try to keep things on topic. If you have questions about fail2ban, ask them in carlo's tutorial.

@carlo
Try starting fail2ban with -d (to dump the config) and then with -v (for verbosity) and see if that gives you any more insight.

What happens when you do 'fail2ban-client set apache-badbots addlogpath /home/demo/public_html/mydomain.com/log/access.log' ? I imagine it'll give you the same error though.

[Kaloy]

@f8ll,

# fail2ban-client -d

Just printed everything that it will executes base on the configuration files.

I've set loglevel = 4 for DEBUG on fail2ban.conf, but still I found the same error message on the log:

# tail /var/log/fail2ban.log

...

2012-03-01 15:08:36,630 fail2ban.comm   : WARNING Invalid command: ['set', 'apache-badbots', 'addlogpath', '/home/demo/public_html/mydomain.com/log/access.log']

Interestingly, that the last command that you ask me to execute gives a different error message:

# fail2ban-client set apache-badbots addlogpath /home/demo/public_html/mydomain.com/log/access.log

[Errno 13] Permission denied: '/home/demo/public_html/mydomain.com/log/access.log'

This puzzled me, since I'm definitely sure that the file /home/demo/public_html/mydomain.com/log/access.log is owned by root and is readable and writable by root.

[f8ll]

What about the parent directories?

Maybe try something like /var/log/fail2ban-apache.log and see if that works.

[Kaloy]

Parent directories belongs to user demo.
Tried to set Apache log for the site to /var/log/httpd/mydomain.com_access_log and it works.
Turns out that the problem is on SELinux file security context, see below the comparison of what context doesn't work and what does...
Permission denied by SELinux:

$ ls -lZ /home/demo/public_html/mydomain.com/

drwxr-xr-x. demo demo unconfined_u:object_r:httpd_sys_content_t:s0 backup

drwxr-xr-x. demo demo nconfined_u:object_r:httpd_sys_content_t:s0 cgi-bin

drwxr-xr-x. demo demo unconfined_u:object_r:httpd_sys_content_t:s0 log

drwxr-xr-x. demo demo unconfined_u:object_r:httpd_sys_content_t:s0 private

drwxr-xr-x. demo demo unconfined_u:object_r:httpd_sys_content_t:s0 public

SELinux file context that works (highlighted in red):

$ ls -lZ /home/demo/public_html/mydomain.com/

drwxr-xr-x. demo demo unconfined_u:object_r:httpd_sys_content_t:s0 backup

drwxr-xr-x. demo demo nconfined_u:object_r:httpd_sys_content_t:s0 cgi-bin

drwxr-xr-x. demo demo system_u:object_r:httpd_log_t:s0 log

drwxr-xr-x. demo demo unconfined_u:object_r:httpd_sys_content_t:s0 private

drwxr-xr-x. demo demo unconfined_u:object_r:httpd_sys_content_t:s0 public

The command that set the correct SELinux file context:

$ chcon -vR -u system_u -t httpd_log_t /home/demo/public_html/mydomain.com/log

Well, its good when we learn something in solving a problem and its solve properly. Thanks a lot f8ll for the help and guidance in solving this one.