fail2ban: output data format wrong

Question

fail2ban: output data format wrong

markuspachali opened this issue 4 years ago · 3 comments

Hi all,

today I updated one of my servers to CentOS 8. During the sanity checks I discovered that there is an issue with the output of the fail2ban client. When I execute the fail2ban snmp extension manually I got the following:

[root@host ~]# /usr/local/lib/snmpd/fail2ban -c
{"version":"1","error":"0","errorString":"fail2ban-client exited with 0","data":{"jails":{"selinux-ssh":"0","sshd":"1"},"total":1}}
[root@host ~]#
[root@host ~]#
[root@host ~]# /usr/local/lib/snmpd/fail2ban
{"version":"1","error":"0","errorString":"fail2ban-client exited with 0","data":{"jails":{"selinux-ssh":"0","sshd":"2"},"total":2}}
[root@host ~]#

After that I check also on my other boxes and realized that the output is the same on CentOS 7 Deban 10. As this sounds like an issue with the code an not with the OS I started having a look on the script and found this:

my $jailsOutput=$f2bc status;
$toReturn{error}=$?;
if ( $? == -1){
$toReturn{errorString}='failed to run fail2ban-client';
}
elsif ($? & 127) {
$toReturn{errorString}= sprintf "fail2ban-client died with signal %d, %s coredump\n",
($? & 127), ($? & 128) ? 'with' : 'without';
}
else {
$toReturn{error}=$? >> 8;
$toReturn{errorString}="fail2ban-client exited with ".$toReturn{error};
}
if ( $toReturn{error} == 0 ){

I'm far away from being a coding expert but could may it be possible that the check for $toReturn{error} is handled wrong and that the check for if == 0 should happen before checking for

elsif ($? & 127)
? As $? can also be 0
I also would expect and "exit" or so after the
$toReturn{errorString}="fail2ban-client exited with ".$toReturn{error};

As of the output of the scripts seems to be like it "throws" the error because return code "0" matches "elsif ($? & 127)" and after that the output of fail2ban-client if also printed to stdout.

Please correct me if I'm wrong and the error is somewhere else.

Best regards,
Markus

Answer 1 · 2020-04-05T14:08:17.000Z

The output looks correct to me, what is the problem? error 0 means no error.

Answer 2 · 2020-04-05T14:28:18.000Z

Hi @murrant,
yes, sure it means no error, but I haven't expected the return code and "no error" message in the output if there is no error. If expected the message only if the return code is != 0. But if this is the intended behaviour then please ignore my report :)

Answer 3 · 2021-11-25T16:23:34.000Z

I have configured librenms to monitoring few servers. On two of them I have installed fail2ban and configured that snmp extend. On VM with Debian 11 and on rasberry pi 4 with rasbian 11.

I have installed libjson-perl and configured on both server on snmpd.conf:

extend fail2ban '/usr/bin/sudo /opt/snmp/fail2ban -c -U -f /usr/local/bin/fail2ban-client'

and in /etc/sudoers:

Debian-snmp ALL = NOPASSWD: /opt/snmp/fail2ban

When I have run with root on cli:

sudo -u Debian-snmp /usr/bin/sudo /opt/snmp/fail2ban -c -U -f /usr/local/bin/fail2ban-client

on VM with Debian 11 - reported:

{"data":{"jails":{"nginx-forbidden":"0","ssh":"206"},"total":206},"error":"0","errorString":"fail2ban-client exited with 0","version":"1"}
on RPI 4 with Rasbian - reported:

{"data":{"jails":{"openvpn":"0","ssh":"0"},"total":0},"error":"0","errorString":"fail2ban-client exited with 0","version":"1"}

BUT on librenms graphs for VM with Debian 11 - graphs are OK

Debian 11 Graphs
RPI4

Any Ideas how to fix that on RPI 4?