Saturday, April 30, 2022

Recent Questions - Server Fault

Recent Questions - Server Fault


how to implement edns client tagoption code

Posted: 30 Apr 2022 01:17 PM PDT

I've been searching for edns and found these documents. They mention something called client tag and server tag. Is there any way I can implent those tags? Here is my use case: Our product teams have some services that want to query mydomain.com from public dns services. I mean, they want to reach our public IP address. Since all of their worker nodes are placed in the same network subnet, I cant use views. If I didn't misunderstand the documents below, edns has the capability of passing some keywords that are meaningless for the protocol, in that case it would be very useful for me. Otherwise I will have to spin up a recursive dns server and tell them to use the new dns server.

https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml

https://www.ietf.org/archive/id/draft-bellis-dnsop-edns-tags-01.txt

how to instert "x-forwarded-for" data to http header in physical l4 switch?

Posted: 30 Apr 2022 01:02 PM PDT

0

In the L4 switch, there is an 'x-forwarded-for' function that puts the client source ip address in the http header.

The l4 switch can only know layer 4 information, so I'm curious how to put the x-forwarded-for information http header(http header is in the layer 7!! ). Even in https, the http header is encrypted, how can L4 switch decrypt this encrypted http header, insert x-forwared-for information, and send a packet to the backend?

Thanks!

VPN ports not opening on ubuntu server 22.04

Posted: 30 Apr 2022 12:28 PM PDT

Im trying to set up an openvpn on my pc (which is running Ubuntu Server 22.04). I've used the quick install script listed here

When i try to connect on my linux machine i get the following error:

2022-05-01 00:41:54 read UDP [ECONNREFUSED]: Connection refused (code=111)  

Which means that my port isn't open. I tried opening it with ufw and the guide listed on another similar problem: here

The mini server is on my local network with a static ip. Doing sudo nmap -sU localhost

Nmap scan report for localhost (127.0.0.1)  Host is up (0.000075s latency).  All 1000 scanned ports on localhost (127.0.0.1) are closed    Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds  

Even tho i allowed the port with ufw. sudo ufw status:

--                         ------      ----  22                         ALLOW       Anywhere                    1194/udp                   ALLOW       Anywhere                    22 (v6)                    ALLOW       Anywhere (v6)               1194/udp (v6)              ALLOW       Anywhere (v6)     

Also my netplan config (just in case):

  version: 2    wifis:      wlp2s0:        access-points:          NETSSID:            password: 'pass'        dhcp4: no        addresses: [192.168.1.101/24]        routes:         - to: default           via: 192.168.1.1        nameservers:          addresses: [1.1.1.1, 1.0.0.1]  

can't set a windows docker container hostname in the hosts file

Posted: 30 Apr 2022 11:33 AM PDT

I set a windows docker container to run some software (abbyy fineprint) that needs to match the docker name (abbydock) with the localhost ip (127.0.0.1). I'm starting the container with docker run -h abbydock.... What I've done is to add an entry in c:\windows\system32\drivers\etc\hosts with the following content:

127.0.0.1 abbydock  

It worked once, I ping to abbydock and the answer is 127.0.0.1 . The next times the container just ignores any information that I put on the hosts file if that name matches the container hostname, for example a ping will answer the container ip and no the loopback wrong ping answer Anyway, if I set any other hostname to localhost and then ping that any other name the answer will be 127.0.0.1

where or how can i set the wanted information?

c:\Windows\System32\drivers\etc>ipconfig /displaydns    Windows IP Configuration        1.0.0.127.in-addr.arpa      ----------------------------------------      Record Name . . . . . : 1.0.0.127.in-addr.arpa.      Record Type . . . . . : 12      Time To Live  . . . . : 580106      Data Length . . . . . : 8      Section . . . . . . . : Answer      PTR Record  . . . . . : abbydock          abbydock      ----------------------------------------      Record Name . . . . . : abbydock      Record Type . . . . . : 28      Time To Live  . . . . : 1200      Data Length . . . . . : 16      Section . . . . . . . : Question      AAAA Record . . . . . : fe80::e81b:c4e4:83d:a9b5          abbydock      ----------------------------------------      Record Name . . . . . : abbydock      Record Type . . . . . : 1      Time To Live  . . . . : 1200      Data Length . . . . . : 4      Section . . . . . . . : Question      A (Host) Record . . . : 172.22.54.104  

A record should be 127.0.0.1, or at least I should get an extra A record

How Does Email Forwarding Works In Customer Support Ticketing Systems?

Posted: 30 Apr 2022 11:46 AM PDT

When you sign up for customer support ticketing systems like Zendesk they provide you with a unique email address something like support@mygoodshop.zendesk.com where you can forward emails from customers to this address and these forwarded emails are converted to tickets in Zendesk.

  1. How do they generate such unique emails to each business that signs up? Do they use some form of internal email server that generate these emails addresses?

  2. How do they receive the forwarded emails in the Zendesk application in order to convert them to tickets?

suEXEC is disabled: Invalid owner

Posted: 30 Apr 2022 10:18 AM PDT

I got apache server with ubuntu and direct admin, after move my website into this server, I wanted to set permission for public_html

chown -R admin:admin /  

but accidentally pressed enter button and all my files in root owner became for admin! It should be root after that I run again this:

chown -R root:root /

but website got erro 502. after I check apache status it get:

Starting The Apache HTTP Server... AH00526: Syntax error on line 42 of

/etc/httpd/conf/extra/httpd-vhosts.conf: SuexecUserGroup configured,

but suEXEC is disabled: Invalid owner or file mode for /usr/sbin/suexec

httpd.service: Main process exited, code=exited, status=1/FAILURE

httpd.service: Failed with result 'exit-code'.

Failed to start The Apache HTTP Server.

I check this file suexec it has 755 / root:root permission

I don't know what should I do, any help?

iptables show chains without references

Posted: 30 Apr 2022 08:50 AM PDT

iptables -L -v -n gives me multiple chains but without references. Like this:

Chain fail2ban-apache-auth (0 references)   pkts bytes target     prot opt in     out     source               destination      0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0  

Is it possible to add reference to iptables? It seemt that that is the problem why my fail2ban does not work. T.hank you

Updated MX records: gmail, outlook, and proton work. iCloud and yahoo don't?

Posted: 30 Apr 2022 08:06 AM PDT

I've updated MX records to point to gmail. I am able to receive email from Gmail, outlook, and proton almost immediately. Yahoo and iCloud still don't work after 24 hours. My TTL was very short. Why would some providers take so long to update? Am I completely helpless?

fail2ban iptables returned 200, iptables 0 references

Posted: 30 Apr 2022 07:42 AM PDT

I installed fail2ban but on start I got multiple error messages:

iptables -n -L gives me 0 references for each jail. (should be 1?)

Chain INPUT (policy ACCEPT)  target     prot opt source               destination    Chain FORWARD (policy ACCEPT)  target     prot opt source               destination    Chain OUTPUT (policy ACCEPT)  target     prot opt source               destination    Chain fail2ban-apache-auth (0 references)  target     prot opt source               destination  RETURN     all  --  0.0.0.0/0            0.0.0.0/0    Chain fail2ban-apache-badbots (0 references)  target     prot opt source               destination  RETURN     all  --  0.0.0.0/0            0.0.0.0/0    Chain fail2ban-apache-nokiddies (0 references)  target     prot opt source               destination  RETURN     all  --  0.0.0.0/0            0.0.0.0/0    Chain fail2ban-php-url-fopen (0 references)  target     prot opt source               destination  RETURN     all  --  0.0.0.0/0            0.0.0.0/0  

Also I m getting error messages like:

fail2ban.actions.action: ERROR  iptables -N fail2ban-ssh  iptables -A fail2ban-ssh -j RETURN  iptables -I <known/chain> -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 200  2022-04-30 14:25:10,428 fail2ban.jail   : INFO   Jail 'skinlou_x' started  2022-04-30 14:25:10,429 fail2ban.jail   : INFO   Jail 'apache-auth' started  2022-04-30 14:25:10,430 fail2ban.actions.action: ERROR  iptables -N fail2ban-php-url-fopen  iptables -A fail2ban-php-url-fopen -j RETURN  

I tried to reinstall fail2ban but it is always same. Thank you for help.

Allowing docker to access local webhost Database

Posted: 30 Apr 2022 07:30 AM PDT

I am creating a webapp for my business using AppSmith, hosted on Docker.

AppSmith requires access to a database in order to read/write information. Previously I have used MariaDB which is also hosted as a docker Image. However, because this is for business I would rather have the data hosted on an actual server/database rather than a docker image

The address shown for the database is localhost:3306 which I cannot link a docker image/container to since the container is virtual and not actually on the system.

I have also tried linking via ipaddress:3306 but it will not connect, I then tried HeidiSQL to check if it could connect to my Database and had no joy.

After speaking with my hosting provider they have said that they block all external connections to the database and I would need to use SSH in order to open up the database to external connections, however there are a number of related security risks as well as coming with the potential to accidentally damage/corrupt existing databases.

So what I am essentially looking for is a way for docker to open, so that it can allow containers access to my databases

My hosting provider doesnt have much knowlege of docker but did mention Docker Gateway AFAIK172

My understanding is that this can be used to edit the defalt IP address of Docker Containers.

Can this also be used to change the default IP of the docker container to run on the same IP as my webserver and thus allow it to then access the localhost:3306 database?

If so, is there any advise as to where to access the relevant docs to help achieve this?

Server performance tracker/collector

Posted: 30 Apr 2022 07:02 AM PDT

I'm running Linux gaming server and I'm in need to collect a full day of worth server performance data, both global and app-specific. The issue is that I also need server to be actually operable and useable. I'm well aware that ANY kind of profiler running in the background will to some degree use extra resources and incur latency, but I need it to be tolerable and not that much noticeable to end-user. The basic minimum stats I want is CPU, Memory, Disk and Network usage, anything else is welcomed extra (some system latency, etc). Ideally, would be nice if there are any custom or 3rd party tools to visualize/graph the data (though if it is some simple plain-text data I could parse myself)

I know there is stuff like atop but I really dont like its readability and its logs is not nice to parse/read in my opinion.

the if statement is always show as true even my function run false

Posted: 30 Apr 2022 06:59 AM PDT

I have an powershell script which removes the language pack but for some reason even function return false the last if statement still returns true

function RemoveLangugae {            $MarkedLangRemoved=$false        "Set-WinUILanguageOverride " | Tee-Object -FilePath $logFile -Append      Set-WinUILanguageOverride      "Add Language Pack to User List"  | Tee-Object -FilePath $logFile -Append      $List = Get-WinUserLanguageList;      $MarkedLang = $List | where LanguageTag -eq $LanguageTag            if($MarkedLang)      {          $MarkedLang | Tee-Object -FilePath $logFile -Append          Start-Sleep 2          $MarkedLangRemoved = $List.Remove($MarkedLang);          Start-Sleep 2          $List.Insert(0, 'en-US');          Start-Sleep 2          Set-WinUserLanguageList $List -Force;      }      Write-Host $MarkedLangRemoved            if( $MarkedLangRemoved )      {          Write-Host "ssssss"          Set-Culture en-US          [Environment]::Exit(3010)          return $true;      }        return $false;  }    #RemoveLangugae    if( !(RemoveLangugae) )  {       "Language Not Removed lets try it again" | Tee-Object -FilePath $logFile -Append      RemoveLangugae        }else  {     "Language has been removed succesffuly" | Tee-Object -FilePath $logFile -Append  }  

enter image description here

Limit drag & drop mess

Posted: 30 Apr 2022 06:27 AM PDT

I have a Windows Server 2016 acting as a file server with thousands of files in a well-defined tree. Different people have different access to different parts of the tree. The problem is that some users, by mistake, sometimes do drag & drop, and a project folder appears somewhere else, mostly, anywhere, not related to the original place. I have snapshots in case of disaster, but I've never used them because the folder that disappears is always found with a search. I'm getting tired of this, and my boss is going to have a heart attack in the near future because the first thing he thinks is that the folder was deleted. The problem is that the users need read-write access, folder creation, and delete permissions so the tree can be in good shape.

So, the question is: how can I solve this problem?

How do I create an AD username with a dot in it via Powershell?

Posted: 30 Apr 2022 01:19 PM PDT

I'm trying to change an existing script so that my username is firstname intial dot last name for example: John Doe's username will be j.doe Current script works (without the .) as: $firstname.substring(0,$i) + $lastname

thank you.

Apache VirtualHosts not working/redirecting? (Reverse proxy)

Posted: 30 Apr 2022 09:42 AM PDT

I am trying to set up Apache as a reverse proxy on a new Ubuntu 22.04 virtual machine. We have an existing Apache reverse proxy on Ubuntu 18.04 where everything is working as intended. This new reverse proxy is supposed to replace our older one, but the virtual hosts don't seem to be working correctly.

I have done the following:

apt-get update  apt-get upgrade  apt-get install apache2  a2enmod proxy  a2enmod proxy_http  a2enmod proxy_balancer  a2enmod lbmethod_byrequests  

I disabled the default page in sites-enabled.

a2dissite 000-default.conf  

I then created a new virtual host and enabled it.

vi 001-trupage.azmedien.ch.conf  a2ensite 001-trupage.azmedien.ch.conf  

It looks like this:

<VirtualHost trupage.azmedien.ch:80>      ServerName trupage.azmedien.ch      ProxyPreserveHost On      ProxyPass / http://10.200.0.130/      ProxyPassReverse / http://10.200.0.130/  </VirtualHost>  

I then restarted & reloaded the Apache.

systemctl restart apache2  systemctl reload apache2  

I created a host file entry on my Windows PC to test if this very basic configuration works, it points to my Apache server.

When I then try to reach trupage.azmedien.ch it leads me to the Apache default website instead of actually redirecting me to the correct server (which is defined with ProxyPass in the virtual host).

It seems like it doesn't recognize the virtualhost for some reason? When I replace "trupage.azmedien.ch:80" with "*:80" and then open it in my browser the ProxyPass works. But obviously, that is not what I want as there will be multiple virtual hosts.

<VirtualHost *:80>      ServerName trupage.azmedien.ch      ProxyPreserveHost On      ProxyPass / http://10.200.0.130/      ProxyPassReverse / http://10.200.0.130/  </VirtualHost>  

Here is the output from apache2ctl -S, 213.146.11.131 is the IP of the old reverse proxy, but I have no clue where it's coming from or why it's showing up here:

root@azprox10:~# apache2ctl -S  AH00558: apache2: Could not reliably determine the server's fully qualified doma                                                                                                                               in name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress th                                                                                                                      is message  VirtualHost configuration:  213.146.11.131:80      is a NameVirtualHost           default server localhost (/etc/apache2/sites-enabled/001-trupage.azmedi                                                                                                                                          en.ch.conf:1)           port 80 namevhost localhost (/etc/apache2/sites-enabled/001-trupage.azm                                                                                                                                          edien.ch.conf:1)           port 80 namevhost opvsg.chmedia.ch (/etc/apache2/sites-enabled/002-opvs                                                                                                                                          g.chmedia.ch.conf:1)  ServerRoot: "/etc/apache2"  Main DocumentRoot: "/var/www/html"  Main ErrorLog: "/var/log/apache2/error.log"  Mutex rewrite-map: using_defaults  Mutex proxy: using_defaults  Mutex default: dir="/var/lock/apache2" mechanism=fcntl  Mutex watchdog-callback: using_defaults  PidFile: "/var/run/apache2/apache2.pid"  Define: DUMP_VHOSTS  Define: DUMP_RUN_CFG  User: name="www-data" id=33  Group: name="www-data" id=33  

301 redirect url based off of a category in the url

Posted: 30 Apr 2022 08:05 AM PDT

Does anyone know how to redirect a url that contains a parent category of a product? Basically I want to redirect a ton of products to a simple landing page that I created, so instead of making redirects for each product, I want to target the parent category (manufacturer) and redirect it to my one landing page.

So like these:

https://example.com/product/baader/baader-600/baader-600-belts/belt-rubber/  https://example.com/product/baader/baader-600/baader-600-belts/belt-urethane/  https://example.com/product/baader/baader-600/baader-600-parts/cover/  https://example.com/product/baader/baader-600/baader-600-parts/washer/  

Would all redirect to this one landing page:

https://example.com/replacement-parts/baader/baader-600/  

So I guess you would target anything that has "product/baader/baader-600/" and then ditch the last part of the url (/baader-600-belts/belt-rubber/) and redirect it to "/replacement-parts/baader/baader-600/" I have no idea how to make sus a RewriteRule.

Create subdomains under a single IP/domain in an Nginx Reverse Proxy?

Posted: 30 Apr 2022 10:01 AM PDT

I'd like to be able to create a subdomain in Nginx Reverse proxy. As it stands right now, I have a properly configured and usable reverse proxy that resolves properly. The problem arises when I try to get it to play nice with an apache server that I need multiple subdomains for. I'd like to create a subdomain such as johnsmith.example.com. My main domain example.com points to an apache2 server, which is currently up, pinging, and loads the default apache page. I'm currently unable to figure out the necessary reverse proxy configuration to point the reverse proxy to the subdomain properly. Am I supposed to create separate site-enabled configurations for the subdomain, as I have with example.com.conf? Or do I need to add subdomain configuration inside of example.com.conf in /etc/nginx/sites-available?

Here is the nginx reverse proxy example.com.conf in /etc/nginx/sites-available (changed names for domains, assume everything EXCEPT for johnsmith.example.com resolves and is set up properly. Also ignore SSL stuff, as this isn't a certbot oriented problem/question):

#example.com  server {      listen                  443;# ssl http2;      listen                  [::]:443;# ssl http2;      server_name             example.com;        # reverse proxy      location / {          proxy_pass "http://internal.DNS.URL";          include    nginxconfig.io/proxy.conf;      }        # additional config      include nginxconfig.io/general.conf;  }    # HTTP redirect  server {      listen      80;      listen      [::]:80;      server_name example.com;      include     nginxconfig.io/letsencrypt.conf;        location / {          return 301 https://example.com$request_uri;      }  }      ##johnsmith.example.com  server {      listen                  443;# ssl http2;      listen                  [::]:443;# ssl http2;      server_name             johnsmith.example.com;          # security      include                 nginxconfig.io/security.conf;        # reverse proxy      location / {          proxy_pass "internal.DNS.URL";          include    nginxconfig.io/proxy.conf;      }        # additional config      include nginxconfig.io/general.conf;  }    # HTTP redirect  server {      listen      80;      listen      [::]:80;      server_name johnsmith.example.com;      include     nginxconfig.io/letsencrypt.conf;        location / {          return 301 https://johnsmith.example.com$request_uri;      }  }  

Note: I have created a seperate configuration (/etc/nginx/sites-available/johnsmith.example.com.conf) and it did not work. This is just what I've tried last.

My DNS record for this subdomain is:

Type: CNAME Record | Host: johnsmith | Target: example.com  Type: CNAME Record | Host: www.johnsmith | Target: example.com  

Like I've said above, assume everything resolves except for this particular subdomain. Please let me know what other information would be useful for solving this problem.

Thank you for your time.

Edit: Output of curl -v https://johnsmith.example.com

Expire in 3 ms for 1 (transfer 0x55f7da933e00)  * Expire in 3 ms for 1 (transfer 0x55f7da933e00)  * Expire in 4 ms for 1 (transfer 0x55f7da933e00)  *   Trying 97.113.101.68...  * TCP_NODELAY set  * Expire in 200 ms for 4 (transfer 0x55f7da933e00)  * Connected to johnsmith.example.com (97.113.101.68) port 443 (#0)  * ALPN, offering h2  * ALPN, offering http/1.1  * successfully set certificate verify locations:  *   CAfile: none    CApath: /etc/ssl/certs  * TLSv1.3 (OUT), TLS handshake, Client hello (1):  * TLSv1.3 (IN), TLS handshake, Server hello (2):  * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):  * TLSv1.3 (IN), TLS handshake, Certificate (11):  * TLSv1.3 (IN), TLS handshake, CERT verify (15):  * TLSv1.3 (IN), TLS handshake, Finished (20):  * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):  * TLSv1.3 (OUT), TLS handshake, Finished (20):  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384  * ALPN, server accepted to use h2  * Server certificate:  *  subject: CN=jellyfin.example.com  *  start date: Jan  3 20:38:41 2021 GMT  *  expire date: Apr  3 20:38:41 2021 GMT  *  subjectAltName does not match johnsmith.example.com  * SSL: no alternative certificate subject name matches target host name 'johnsmith.example.com'  * Closing connection 0  curl: (60) SSL: no alternative certificate subject name matches target host name 'johnsmith.example.com'  More details here: https://curl.haxx.se/docs/sslcerts.html    curl failed to verify the legitimacy of the server and therefore could not  establish a secure connection to it. To learn more about this situation and  how to fix it, please visit the web page mentioned above.    

Unable to use YUM. RHEL 8.2 server hosted in Azure

Posted: 30 Apr 2022 01:01 PM PDT

I have a Red Hat server hosted in Azure and when I try to use yum to install software or do a system update I get the below error,

Errors during downloading metadata for repository 'rhui-rhel-8-for-x86_64-baseos-rhui-rpms':

The system has been registered in subscription manager.

Fail2Ban not banning, Regex shows many fails in logs

Posted: 30 Apr 2022 11:02 AM PDT

I have the following jail defined in my /etc/fail2ban/jail.conf. For privacy/security I've replaced references to IPs with local 10.0.0.x addresses.

[ssh-iptables]    enabled  = true  filter   = sshd  banaction = iptables[name=SSH, port=ssh, protocol=tcp]  logpath  = /var/log/secure  backend =   auto  findtime = 18000  bantime = 65535  maxretry = 5  

Using the filter available here for sshd. I did attempt to add this line:

^.*authentication failure;.*rhost=<HOST> to the file as suggested by this answer

When I run fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf I get many hits indicated as failures. Below is a sample based on 150 lines of /var/log/secure from earlier today.

$ cat /tmp/output.txt    Running tests  =============    Use regex file : /etc/fail2ban/filter.d/sshd.conf  Use log file   : /tmp/failed3.log      Results  =======    Failregex: 56 total  |- #) [# of hits] regular expression  |  3) [42] ^\s*(<[^.]+ [^.]+>)?\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s(?:\[ID \d+ \S+\])?\s*(?:(?:error|fatal): (?:PAM: )?)?Failed \S+ for (?P<cond_inv>invalid user )?(?P<user>(?P<cond_user>\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)) from <HOST>(?: port \d+)?(?: on \S+(?: port \d+)?)?(?: ssh\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)  |  13) [14] ^\s*(<[^.]+ [^.]+>)?\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s(?:\[ID \d+ \S+\])?\s*(?:(?:error|fatal): (?:PAM: )?)?pam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*(?: \[preauth\])?\s*$  `-    Ignoreregex: 0 total    Summary  =======    Addresses found:  [3]      10.0.0.1 (Mon Feb 24 11:46:29 2020)      10.0.0.1 (Mon Feb 24 11:46:32 2020)      10.0.0.1 (Mon Feb 24 11:46:34 2020)      10.0.0.1 (Mon Feb 24 11:46:43 2020)      10.0.0.1 (Mon Feb 24 11:46:46 2020)      10.0.0.1 (Mon Feb 24 11:46:48 2020)      10.0.0.1 (Mon Feb 24 11:46:59 2020)      10.0.0.1 (Mon Feb 24 11:47:02 2020)      10.0.0.1 (Mon Feb 24 11:47:03 2020)      10.0.0.1 (Mon Feb 24 11:47:15 2020)      10.0.0.1 (Mon Feb 24 11:47:17 2020)      10.0.0.1 (Mon Feb 24 11:47:20 2020)      10.0.0.1 (Mon Feb 24 11:47:30 2020)      10.0.0.1 (Mon Feb 24 11:47:32 2020)      10.0.0.1 (Mon Feb 24 11:47:34 2020)      10.0.0.1 (Mon Feb 24 11:47:45 2020)      10.0.0.1 (Mon Feb 24 11:47:48 2020)      10.0.0.1 (Mon Feb 24 11:47:51 2020)      10.0.0.1 (Mon Feb 24 11:48:03 2020)      10.0.0.1 (Mon Feb 24 11:48:06 2020)      10.0.0.1 (Mon Feb 24 11:48:08 2020)      10.0.0.1 (Mon Feb 24 11:48:18 2020)      10.0.0.1 (Mon Feb 24 11:48:21 2020)      10.0.0.1 (Mon Feb 24 11:48:23 2020)      10.0.0.1 (Mon Feb 24 11:48:38 2020)      10.0.0.1 (Mon Feb 24 11:48:40 2020)      10.0.0.1 (Mon Feb 24 11:48:43 2020)      10.0.0.1 (Mon Feb 24 11:48:50 2020)      10.0.0.1 (Mon Feb 24 11:48:53 2020)      10.0.0.1 (Mon Feb 24 11:48:55 2020)      10.0.0.1 (Mon Feb 24 11:49:07 2020)      10.0.0.1 (Mon Feb 24 11:49:10 2020)      10.0.0.1 (Mon Feb 24 11:49:13 2020)      10.0.0.2 (Mon Feb 24 11:49:20 2020)      10.0.0.2 (Mon Feb 24 11:49:23 2020)      10.0.0.1 (Mon Feb 24 11:49:24 2020)      10.0.0.2 (Mon Feb 24 11:49:25 2020)      10.0.0.1 (Mon Feb 24 11:49:27 2020)      10.0.0.1 (Mon Feb 24 11:49:29 2020)      10.0.0.1 (Mon Feb 24 11:49:37 2020)      10.0.0.1 (Mon Feb 24 11:49:40 2020)      10.0.0.1 (Mon Feb 24 11:49:43 2020)  [13]      10.0.0.1 (Mon Feb 24 11:46:27 2020)      10.0.0.1 (Mon Feb 24 11:46:41 2020)      10.0.0.1 (Mon Feb 24 11:46:57 2020)      10.0.0.1 (Mon Feb 24 11:47:13 2020)      10.0.0.1 (Mon Feb 24 11:47:28 2020)      10.0.0.1 (Mon Feb 24 11:47:44 2020)      10.0.0.1 (Mon Feb 24 11:48:01 2020)      10.0.0.1 (Mon Feb 24 11:48:16 2020)      10.0.0.1 (Mon Feb 24 11:48:35 2020)      10.0.0.1 (Mon Feb 24 11:48:48 2020)      10.0.0.1 (Mon Feb 24 11:49:05 2020)      10.0.0.2 (Mon Feb 24 11:49:18 2020)      10.0.0.1 (Mon Feb 24 11:49:22 2020)      10.0.0.1 (Mon Feb 24 11:49:35 2020)    Date template hits:  2606 hit(s): MONTH Day Hour:Minute:Second    Success, the total number of match is 56    However, look at the above section 'Running tests' which could contain important  information.  

Increasing log level to 4 produces this output.

2020-02-24 12:33:24,612 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.10  2020-02-24 12:33:24,612 fail2ban.comm   : DEBUG  Command: ['add', 'ssh-iptables', 'auto']  2020-02-24 12:33:24,613 fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'  2020-02-24 12:33:24,633 fail2ban.jail   : INFO   Jail 'ssh-iptables' uses pyinotify  2020-02-24 12:33:24,647 fail2ban.filter : DEBUG  Setting usedns = warn for FilterPyinotify(Jail('ssh-iptables'))  2020-02-24 12:33:24,652 fail2ban.filter : DEBUG  Created FilterPyinotify(Jail('ssh-iptables'))  2020-02-24 12:33:24,653 fail2ban.filter : DEBUG  Created FilterPyinotify  2020-02-24 12:33:24,653 fail2ban.jail   : INFO   Initiated 'pyinotify' backend  2020-02-24 12:33:24,654 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'usedns', 'warn']  2020-02-24 12:33:24,654 fail2ban.filter : DEBUG  Setting usedns = warn for FilterPyinotify(Jail('ssh-iptables'))  2020-02-24 12:33:24,654 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addlogpath', '/var/log/secure']  2020-02-24 12:33:24,663 fail2ban.filter : INFO   Added logfile = /var/log/secure  2020-02-24 12:33:24,663 fail2ban.filter : DEBUG  Added monitor for the parent directory /var/log  2020-02-24 12:33:24,663 fail2ban.filter : DEBUG  Added file watcher for /var/log/secure  2020-02-24 12:33:24,663 fail2ban.filter.datedetector: DEBUG  Sorting the template list  2020-02-24 12:33:24,664 fail2ban.filter.datedetector: DEBUG  Winning template: MONTH Day Hour:Minute:Second with 0 hits  2020-02-24 12:33:24,664 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'maxretry', '5']  2020-02-24 12:33:24,664 fail2ban.filter : INFO   Set maxRetry = 5  2020-02-24 12:33:24,665 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addignoreip', '127.0.0.1/8,']  2020-02-24 12:33:24,665 fail2ban.filter : DEBUG  Add 127.0.0.1/8, to ignore list  2020-02-24 12:33:24,665 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addignoreip', 10.0.0.0/8']  2020-02-24 12:33:24,666 fail2ban.filter : DEBUG  Add 10.0.0.0/8 to ignore list  2020-02-24 12:33:24,666 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'findtime', '18000']  2020-02-24 12:33:24,666 fail2ban.filter : INFO   Set findtime = 18000  2020-02-24 12:33:24,667 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'bantime', '65535']  2020-02-24 12:33:24,667 fail2ban.actions: INFO   Set banTime = 65535  2020-02-24 12:33:24,667 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?[aA]uthentication (?:failure|error|failed) for .* from <HOST>( via \\S+)?\\s*(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,670 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User not known to the underlying authentication module for .* from <HOST>\\s*(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,681 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?Failed \\S+ for (?P<cond_inv>invalid user )?(?P<user>(?P<cond_user>\\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)) from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)']  2020-02-24 12:33:24,685 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?ROOT LOGIN REFUSED.* FROM <HOST>\\s*(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,696 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?[iI](?:llegal|nvalid) user .*? from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?\\s*$']  2020-02-24 12:33:24,699 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because not listed in AllowUsers\\s*(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,703 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because listed in DenyUsers\\s*(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,714 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because not in any group\\s*(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,718 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?refused connect from \\S+ \\(<HOST>\\)\\s*(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,729 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?Received disconnect from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?:\\s*3: .*: Auth fail(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,733 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because a group is listed in DenyGroups\\s*(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,746 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', "^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*(?: \\[preauth\\])?\\s*$"]  2020-02-24 12:33:24,750 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?pam_unix\\(sshd:auth\\):\\s+authentication failure;\\s*logname=\\S*\\s*uid=\\d*\\s*euid=\\d*\\s*tty=\\S*\\s*ruser=\\S*\\s*rhost=<HOST>\\s.*(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,766 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?(error: )?maximum authentication attempts exceeded for .* from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: ssh\\d*)? \\[preauth\\]$']  2020-02-24 12:33:24,771 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?User .+ not allowed because account is locked(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Received disconnect from <HOST>: 11: .+(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,788 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?Disconnecting: Too many authentication failures for .+?(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Connection closed by <HOST>(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,794 fail2ban.comm   : DEBUG  Command: ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?Connection from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Disconnecting: Too many authentication failures for .+(?: \\[preauth\\])?\\s*$']  2020-02-24 12:33:24,808 fail2ban.comm   : DEBUG  Command: ['start', 'ssh-iptables']  2020-02-24 12:33:24,808 fail2ban.jail   : INFO   Jail 'ssh-iptables' started  2020-02-24 12:33:24,812 fail2ban.filter : DEBUG  pyinotifier started for ssh-iptables.  2020-02-24 12:33:26,493 fail2ban.filter : DEBUG  Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/secure pathname=/var/log/secure wd=2 >  2020-02-24 12:33:26,493 fail2ban.filter.datedetector: DEBUG  Matched time template MONTH Day Hour:Minute:Second  2020-02-24 12:33:26,494 fail2ban.filter.datedetector: DEBUG  Matched time template MONTH Day Hour:Minute:Second  2020-02-24 12:33:26,498 fail2ban.filter.datedetector: DEBUG  Got time using template MONTH Day Hour:Minute:Second  2020-02-24 12:33:26,498 fail2ban.filter : DEBUG  Processing line with time:1582559963.0 and ip:PROBLEM-IP  2020-02-24 12:33:40,959 fail2ban.comm   : DEBUG  Command: ['status']  2020-02-24 12:33:45,745 fail2ban.comm   : DEBUG  Command: ['status', 'ssh-iptables']  

The line 2020-02-24 12:33:26,498 fail2ban.filter : DEBUG Processing line with time:1582559963.0 and ip:PROBLEM-IP corresponds with the first entry in my secure log currently (the file has been truncated since it hadn't been rotated in awhile). However there are several hundred similar lines in the secure logs:

$ sudo grep "Failed password" /var/log/secure | grep 10.0.0.1 | wc -l  1182  

Pyinotify has been installed (sudo yum install pyinotify -y) and NTP is configured and active, my logs dates/times are in sync with the time given by date.

$ ntpstat  synchronised to NTP server (209.51.161.238) at stratum 2     time correct to within 26 ms     polling server every 512 s  $ date  Mon Feb 24 12:56:34 EST 2020  $ tail /var/log/secure -n1  Feb 24 12:56:37 localhost sshd[24764]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1  user=root  

Other info:

Fail2Ban v0.8.10    Copyright (c) 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors  Copyright of modifications held by their respective authors.  Licensed under the GNU General Public License v2 (GPL).    Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.  Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.  

fail2ban-client -d output

$ sudo fail2ban-client -d  WARNING 'action' not defined in 'ssh-messages'. Using default one: ''  ['set', 'loglevel', 4]  ['set', 'logtarget', '/var/log/fail2ban.log']  ['add', 'ssh-iptables', 'auto']  ['set', 'ssh-iptables', 'usedns', 'warn']  ['set', 'ssh-iptables', 'addlogpath', '/var/log/secure']  ['set', 'ssh-iptables', 'maxretry', 5]  ['set', 'ssh-iptables', 'addignoreip', '127.0.0.1/8,']  ['set', 'ssh-iptables', 'addignoreip', '10.0.0.0/8']  ['set', 'ssh-iptables', 'findtime', 18000]  ['set', 'ssh-iptables', 'bantime', 65535]  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?[aA]uthentication (?:failure|error|failed) for .* from <HOST>( via \\S+)?\\s*(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User not known to the underlying authentication module for .* from <HOST>\\s*(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?Failed \\S+ for (?P<cond_inv>invalid user )?(?P<user>(?P<cond_user>\\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)) from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?ROOT LOGIN REFUSED.* FROM <HOST>\\s*(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?[iI](?:llegal|nvalid) user .*? from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because not listed in AllowUsers\\s*(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because listed in DenyUsers\\s*(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because not in any group\\s*(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?refused connect from \\S+ \\(<HOST>\\)\\s*(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?Received disconnect from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?:\\s*3: .*: Auth fail(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because a group is listed in DenyGroups\\s*(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', "^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*(?: \\[preauth\\])?\\s*$"]  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?pam_unix\\(sshd:auth\\):\\s+authentication failure;\\s*logname=\\S*\\s*uid=\\d*\\s*euid=\\d*\\s*tty=\\S*\\s*ruser=\\S*\\s*rhost=<HOST>\\s.*(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?(error: )?maximum authentication attempts exceeded for .* from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: ssh\\d*)? \\[preauth\\]$']  ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?User .+ not allowed because account is locked(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Received disconnect from <HOST>: 11: .+(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?Disconnecting: Too many authentication failures for .+?(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Connection closed by <HOST>(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?Connection from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Disconnecting: Too many authentication failures for .+(?: \\[preauth\\])?\\s*$']  ['set', 'ssh-iptables', 'addaction', 'iptables']  ['set', 'ssh-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']  ['set', 'ssh-iptables', 'actionstop', 'iptables', 'iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']  ['set', 'ssh-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>']  ['set', 'ssh-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']  ['set', 'ssh-iptables', 'actioncheck', 'iptables', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]  ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']  ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp']  ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'name', 'SSH']  ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'chain', 'INPUT']  ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'port', 'ssh']  ['start', 'ssh-iptables']  

iptables -L

$ sudo iptables -L  Chain INPUT (policy ACCEPT)  target     prot opt source               destination  fail2ban-SSH  tcp  --  anywhere             anywhere             tcp dpt:ssh    Chain FORWARD (policy ACCEPT)  target     prot opt source               destination    Chain OUTPUT (policy ACCEPT)  target     prot opt source               destination    Chain fail2ban-SSH (1 references)  target     prot opt source               destination  RETURN     all  --  anywhere             anywhere  

Of note if I run fail2ban-client set ssh-iptables banip IPADDR the given will be added to iptables, and is displayed using the rDNS name of the given IP (at least for server I am testing with).

$ sudo fail2ban-client set ssh-iptables banip 10.0.0.10  10.0.0.10  $ sudo iptables -L  Chain INPUT (policy ACCEPT)  target     prot opt source               destination  fail2ban-SSH  tcp  --  anywhere             anywhere             tcp dpt:ssh    Chain FORWARD (policy ACCEPT)  target     prot opt source               destination    Chain OUTPUT (policy ACCEPT)  target     prot opt source               destination    Chain fail2ban-SSH (1 references)  target     prot opt source               destination  REJECT     all  --  REVERSE-DNS-NAME-FOR-10.0.0.10  anywhere             reject-with icmp-port-unreachable  RETURN     all  --  anywhere             anywhere  

I'm fairly new to fail2ban and probably missing something obvious but I'm struggling to determine what at this point. From what I can parse given the output above it seems like it should be working but I am getting 0 bans despite watching dozens of failures scroll by from the same IP in the secure log.

How to properly set-up ou DNS Zone delegation for the "_acme-challenge" subdomain?

Posted: 30 Apr 2022 11:02 AM PDT

We have hard times setting up a DNS Zone Delegation for one of our subdomains.

We have one DNS record "_acme-challenge" that will change frequently, and this DNS record is defined directly on our server, which acts as a SECONDARY Name Server only for this record.

Our need is to have this record delegated to our SECONDARY Name Server, instead of having to change it manually in our MAIN DNS zone.

Please note that our SECONDARY Name Server is the same domain "example.com".

Our domain name is registered at OVH : example.com

Our MAIN DNS Servers are at OVH :

  • ns15.ovh.net
  • dns15.ovh.net

Our example.com content is hosted on a web server (not on OVH) having the following IP : 212.123.456.789

We do not have any problem with this DNS zone : our domain and emails are working correctly.

Our MAIN DNS zone is defined at OVH like this (shortened for brevity) :

$TTL 3600  @   IN SOA dns15.ovh.net. tech.ovh.net. (2019111705 86400 3600 3600000 300)                         IN NS     ns15.ovh.net.                         IN NS     dns15.ovh.net.                         IN A      212.123.456.789  ftp                    IN CNAME  example.com.  mail                   IN A      212.123.456.789  www                    IN CNAME  example.com.  

Our second DNS Server have these always existing records :

example.com.            NS      ns1.example.com.  ns1.example.com.        A       212.123.456.789  example.com.            NS      ns2.example.com.  ns2.example.com.        A       212.123.456.789  

Our second DNS Server will regularly update the following record in its zone :

_acme-challenge.example.com     TXT     HereIsTheTextContent  

We tried to add the following records to our MAIN DNS zone at OVH, in order to delegate this record to the SECONDARY Name Server, but had no success : _acme-challenge.example.com does not ping at all.

ns1                    IN A      212.123.456.789  ns2                    IN A      212.123.456.789  _acme-challenge        IN NS     ns1.example.com.  _acme-challenge        IN NS     ns2.example.com.  

We guessed that some kind of records are missing, but where ?

  • Did we forget to add some records to ou MAIN DNS zone ? (defined at OVH)
  • Did we forget to add some records to ou SECONDARY DNS zone ? (defined on our "example.com" hosted on our server)

I would be happy if you could pinpoint the error, and give us a clue to make it work :-)

Thanks

Windows server 2016 unable to complete update KB4103723 (roll back on 99%)

Posted: 30 Apr 2022 08:07 AM PDT

i'm on a strange problem for the last 12 hours unable to update the KB4103723, it rolls back every time. I have tried all of these:

sfc /scannow: finish 100% but with error for windows protection error. i have looked at the CBS file and the only error is for the IIS MANAGER.LNK file that is corrupted: the path it says is c:\programdata\microsoft\windows\start menu\programs\ administrative tools \iis manager.lnk

in my server the path is changed where administrative tools is actually windows administrative tools

i couldn't find any solution for that so i thought maybe i will change all registry to the right path and restart my server (it is a cloned VM so i can play with that)

i did several changes but then got to Computer\HLM\SOFTWARE'MICROSOFT\WINDOWS\CURRENTVERSION\SHELLCOMPATIBILITY\INBOXAPP

if i try to change something there i get this error message: Cannot edit F2F852BA90DD4456_IIS_MANAGER_LNK_AMD64.LNK: ERROR WRITING THE VALUE'S NEW CONTENTS

what can i do?

systemd: setting dependencies between templated timer units?

Posted: 30 Apr 2022 09:03 AM PDT

I am using some templated timer units to run sets of templated services. There are backup jobs and associated maintenance tasks that require an exclusive lock on the backup repository and cannot run at the same time as the backup jobs. I am trying to figure out how to set up the units so that the jobs are sequenced correctly.

For example, I have the following service templates:

  • backup@.service
  • clean@.service

I have the following timer templates:

  • backup-daily@.timer
  • backup-weekly@.timer
  • clean-daily@.timer
  • clean-weekly@.timer

Where the backup-daily@.timer unit starts the corresponding backup@.service instance and might look something like:

[Unit]  Description=daily backup of %i    [Timer]  OnCalendar=daily  Unit=backup@%i.service    [Install]  WantedBy=timers.target  

If I run...

systemctl enable --now backup-daily@foo.timer clean-daily@foo.timer  

...I need to ensure that the clean@foo service does not run until after the backup@foo service has completed.

The only solution I've come up with so far is to drop OnCalendar=daily and instead use explicit start times so that I can guarantee the backup jobs start first (e.g., start the backup jobs at 1AM and the maintenance jobs at 2AM), and then utilize some sort of locking (e.g., the flock) command to ensure that the maintenance jobs don't start until after the backup jobs have completed.

That works but it's a little hacky. If there's a bettery way to solve this using systemd I would like to figure that out.

How to access LibreOffice running in a Docker container from a Windows system?

Posted: 30 Apr 2022 12:02 PM PDT

I am not able to deploy LibreOffice on my virtual machine using docker.

I run my container with :

docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=<your-dot-escaped-domain>" --cap-add MKNOD libreoffice/online:master  

That seem to run, because when I type docker ps my terminal return :

CONTAINER ID        IMAGE                       COMMAND             CREATED             STATUS              PORTS                      NAMES  d3b8849cf74c        libreoffice/online:master   "/bin/bash"         14 minutes ago      Up 14 minutes       127.0.0.1:9980->9980/tcp   modest_ardinghelli  

but when I go to the URL, Firefox only show a "connection failed" message

Web app running on tomcat not updating when modified

Posted: 30 Apr 2022 12:02 PM PDT

I'm modifiying a web app coded by another guy with AngularJS. This app is fed by csv data files and is running fine in the first place. However, when I'm trying to change some data in the csv files, every part of the app that relies on data taken from those .csv gets broken.

I first suspected this problem to be related to the fact Excel was recognizing the .csv files as SYLK files when I tried to modify them. However, when I tried to replace the new .csv by the old ones, it didn't change anything. Even more, removing the whole app overall and putting the old one in place instead didn't change anything to the problem.

So now, I'm suspecting there is some cache problem with the Tomcat server (8.0 under windows) I'm running the app on. I tried deleting the localhost folder in work/Catalina from the Tomcat installation folder as suggested in another question on Serverfault, but it doesn't change anything either (neither Under IE, nor Chrome). The only way I can go back to a working app is reboot my computer, but obviously I don't want to reboot each time I'm doing a modification.

Any idea to what could be causing the problem?

Getting "Can't create/write to file '/var/lib/mysql/is_writable'" using docker (inside vagrant on OS X)

Posted: 30 Apr 2022 09:03 AM PDT

I am trying to use docker-compose/docker inside a vagrant machine hosted on OS X. Running 'docker-compose up' always fails with

mysqld: Can't create/write to file '/var/lib/mysql/is_writable' (Errcode: 13 - Permission denied)

I can manually create the file just fine, however. (Using touch and sudo -g vagrant touch)

Does anyone know where to look to debug this?


Log:

db_1  | Initializing database  db_1  | mysqld: Can't create/write to file '/var/lib/mysql/is_writable' (Errcode: 13 - Permission denied)  db_1  | 2016-05-21T22:55:38.877522Z 0 [ERROR] --initialize specified but the data directory exists and is not writable. Aborting.  db_1  | 2016-05-21T22:55:38.877799Z 0 [ERROR] Aborting  

My docker-compose.yaml:

version: '2' services:   db:      privileged: true      image: mysql      volumes:        - "./.data/db:/var/lib/mysql"      restart: always      environment:        MYSQL_ROOT_PASSWORD: wordpress        MYSQL_DATABASE: wordpress        MYSQL_USER: wordpress        MYSQL_PASSWORD: wordpress  

My Vagrantfile:

# -*- mode: ruby -*-  # vi: set ft=ruby :    # All Vagrant configuration is done below. The "2" in Vagrant.configure  # configures the configuration version (we support older styles for  # backwards compatibility). Please don't change it unless you know what  # you're doing.  Vagrant.configure(2) do |config|    # The most common configuration options are documented and commented below.    # For a complete reference, please see the online documentation at    # https://docs.vagrantup.com.      # Every Vagrant development environment requires a box. You can search for    # boxes at https://atlas.hashicorp.com/search.    config.vm.box = "ubuntu/trusty64"    # config.vm.box = "debian/jessie64"      # Disable automatic box update checking. If you disable this, then    # boxes will only be checked for updates when the user runs    # `vagrant box outdated`. This is not recommended.    # config.vm.box_check_update = false      # Create a forwarded port mapping which allows access to a specific port    # within the machine from a port on the host machine. In the example below,    # accessing "localhost:8080" will access port 80 on the guest machine.    # config.vm.network "forwarded_port", guest: 80, host: 8080      # Create a private network, which allows host-only access to the machine    # using a specific IP.    # config.vm.network "private_network", ip: "192.168.33.10"      # Create a public network, which generally matched to bridged network.    # Bridged networks make the machine appear as another physical device on    # your network.    # config.vm.network "public_network"      # Share an additional folder to the guest VM. The first argument is    # the path on the host to the actual folder. The second argument is    # the path on the guest to mount the folder. And the optional third    # argument is a set of non-required options.    # config.vm.synced_folder "../data", "/vagrant_data"      # Provider-specific configuration so you can fine-tune various    # backing providers for Vagrant. These expose provider-specific options.    # Example for VirtualBox:    #    # config.vm.provider "virtualbox" do |vb|    #   # Display the VirtualBox GUI when booting the machine    #   vb.gui = true    #    #   # Customize the amount of memory on the VM:    #   vb.memory = "1024"    # end    #    # View the documentation for the provider you are using for more    # information on available options.      # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies    # such as FTP and Heroku are also available. See the documentation at    # https://docs.vagrantup.com/v2/push/atlas.html for more information.    # config.push.define "atlas" do |push|    #   push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"    # end      # Enable provisioning with a shell script. Additional provisioners such as    # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the    # documentation for more information about their specific syntax and use.    # config.vm.provision "shell", inline: <<-SHELL    #   sudo apt-get update    #   sudo apt-get install -y apache2    # SHELL      #####################################################################    # Custom Configuration      config.vm.define "dev" do |dev|        # if File.directory?("~/Dev")      #   dev.vm.synced_folder "~/Dev", "/vagrant/Dev"      # end      # custom: above does not work for symlinks      dev.vm.synced_folder "~/Dev", "/home/vagrant/Dev"  #    dev.vm.synced_folder "~/Dev/docker", "/docker"        dev.vm.provider "virtualbox" do |vb|        vb.gui = false        vb.memory = "2048"      end        dev.vm.provision "shell",                          run: "always",                          inline: <<-SHELL        pushd /vagrant/conf        chmod 755 setup.sh && ./setup.sh        popd      SHELL        dev.ssh.forward_x11 = true        # Install the caching plugin if you want to take advantage of the cache      # $ vagrant plugin install vagrant-cachier      if Vagrant.has_plugin?("vagrant-cachier")        # Configure cached packages to be shared between instances of the same base box.        # More info on http://fgrehm.viewdocs.io/vagrant-cachier/usage        config.cache.scope = :machine      end    end    end  

Elastic Search Unassigned Shards

Posted: 30 Apr 2022 10:01 AM PDT

my cluster state was green and after restart of service one shard remains UNASSIGNED and status goes to yellow. I have 2 machines with 5 shard and 1 replica set settings. I am using default config with multicast off and uni cast enabled.I did rerouting using

for shard in $(curl -XGET http://localhost:9201/_cat/shards | grep UNASSIGNED | awk '{print $2}'); do      echo "processing $shard"      curl -XPOST 'localhost:9201/_cluster/reroute' -d '{          "commands" : [ {                "allocate" : {                    "index" : "wall",                     "shard" : '$shard',                     "node" : "node1",                     "allow_primary" : false                }              }          ]      }'      sleep 5  done  

Which gives following output

{  "acknowledged":true,  "state":{    "version":48,    "master_node":"Ar7UpWUQSpSlYcje-u6bgA",    "blocks":{      },    "nodes":{       "EtQ9mOrLQbiUbHGqeQgMvQ":{          "name":"node2",          "transport_address":"inet[/XXX.XXX.XX.XXX:9300]",          "attributes":{            }       },       "Ar7UpWUQSpSlYcje-u6bgA":{          "name":"node1",          "transport_address":"inet[/XXX.XXX.XX.XXX:9301]",          "attributes":{            }       }    },    "routing_table":{       "indices":{          "wall":{             "shards":{                "2":[                   {                      "state":"STARTED",                      "primary":false,                      "node":"EtQ9mOrLQbiUbHGqeQgMvQ",                      "relocating_node":null,                      "shard":2,                      "index":"wall"                   },                   {                      "state":"STARTED",                      "primary":true,                      "node":"Ar7UpWUQSpSlYcje-u6bgA",                      "relocating_node":null,                      "shard":2,                      "index":"wall"                   }                ],                "0":[                   {                      "state":"STARTED",                      "primary":true,                      "node":"EtQ9mOrLQbiUbHGqeQgMvQ",                      "relocating_node":null,                      "shard":0,                      "index":"wall"                   },                   {                      "state":"INITIALIZING",                      "primary":false,                      "node":"Ar7UpWUQSpSlYcje-u6bgA",                      "relocating_node":null,                      "shard":0,                      "index":"wall"                   }                ],                "3":[                   {                      "state":"STARTED",                      "primary":false,                      "node":"EtQ9mOrLQbiUbHGqeQgMvQ",                      "relocating_node":null,                      "shard":3,                      "index":"wall"                   },                   {                      "state":"STARTED",                      "primary":true,                      "node":"Ar7UpWUQSpSlYcje-u6bgA",                      "relocating_node":null,                      "shard":3,                      "index":"wall"                   }                ],                "1":[                   {                      "state":"STARTED",                      "primary":false,                      "node":"EtQ9mOrLQbiUbHGqeQgMvQ",                      "relocating_node":null,                      "shard":1,                      "index":"wall"                   },                   {                      "state":"STARTED",                      "primary":true,                      "node":"Ar7UpWUQSpSlYcje-u6bgA",                      "relocating_node":null,                      "shard":1,                      "index":"wall"                   }                ],                "4":[                   {                      "state":"STARTED",                      "primary":false,                      "node":"EtQ9mOrLQbiUbHGqeQgMvQ",                      "relocating_node":null,                      "shard":4,                      "index":"wall"                   },                   {                      "state":"STARTED",                      "primary":true,                      "node":"Ar7UpWUQSpSlYcje-u6bgA",                      "relocating_node":null,                      "shard":4,                      "index":"wall"                   }                ]             }          }       }    },    "routing_nodes":{       "unassigned":[         ],       "nodes":{          "EtQ9mOrLQbiUbHGqeQgMvQ":[             {                "state":"STARTED",                "primary":false,                "node":"EtQ9mOrLQbiUbHGqeQgMvQ",                "relocating_node":null,                "shard":2,                "index":"wall"             },             {                "state":"STARTED",                "primary":true,                "node":"EtQ9mOrLQbiUbHGqeQgMvQ",                "relocating_node":null,                "shard":0,                "index":"wall"             },             {                "state":"STARTED",                "primary":false,                "node":"EtQ9mOrLQbiUbHGqeQgMvQ",                "relocating_node":null,                "shard":3,                "index":"wall"             },             {                "state":"STARTED",                "primary":false,                "node":"EtQ9mOrLQbiUbHGqeQgMvQ",                "relocating_node":null,                "shard":1,                "index":"wall"             },             {                "state":"STARTED",                "primary":false,                "node":"EtQ9mOrLQbiUbHGqeQgMvQ",                "relocating_node":null,                "shard":4,                "index":"wall"             }          ],          "Ar7UpWUQSpSlYcje-u6bgA":[             {                "state":"STARTED",                "primary":true,                "node":"Ar7UpWUQSpSlYcje-u6bgA",                "relocating_node":null,                "shard":2,                "index":"wall"             },             {                "state":"INITIALIZING",                "primary":false,                "node":"Ar7UpWUQSpSlYcje-u6bgA",                "relocating_node":null,                "shard":0,                "index":"wall"             },             {                "state":"STARTED",                "primary":true,                "node":"Ar7UpWUQSpSlYcje-u6bgA",                "relocating_node":null,                "shard":3,                "index":"wall"             },             {                "state":"STARTED",                "primary":true,                "node":"Ar7UpWUQSpSlYcje-u6bgA",                "relocating_node":null,                "shard":1,                "index":"wall"             },             {                "state":"STARTED",                "primary":true,                "node":"Ar7UpWUQSpSlYcje-u6bgA",                "relocating_node":null,                "shard":4,                "index":"wall"             }          ]       }    },    "allocations":[]    }  }  

But 0th shard is still unassigned and status is yellow.

Thanks

How to install/update/upgrade SSL certificate in Tomcat

Posted: 30 Apr 2022 01:01 PM PDT

I am about to install/update/upgrade a SSL certificate in one of the servers which has the following configuration

Server information:
Sever version: Apache Tomcat/6.0.35
OS version: Linux 2.6.18-371.6.1.el5
Architecture: amd64
JVM version: 1.6.0_30-b30
JVM Vendor: Sun Microsystems Inc.
Tomcat location: /user/local/apache-tomcate-6.0.35

Generate new SSL certificate request:

  1. I created a folder name keystore (/user/local/apache-tomcate-6.0.35/keystore)

  2. To create a key : sudo keytool -storepass keypassword -keyalg RSA -keysize 2048 -keystore mydomain.keystore -genkey -alias mydomain

  3. To create SSL certificate request: sudo keytool -storepass keypassword -keystore mydomain.keystore -certreq -keyalg RSA -file mydomain.csr -alias mydomain.com

After successful executing both the commands I got two files keystore folder

  • mydomain.keystore
  • mydomain.csr

The following files are attached into email I received yesterday:

  1. Cabundle.cert (What is this? No mention of it in the Wiki)
  2. Zip file
    a. mydomain.crt
    b. root_certificate.crt
    c. Trend_Micro_CA.crt
    d. Affirmtrust_Networking.crt

Installing the certificate:

As per information from other source I downloaded two other files into keystore folder

  1. http://secure.globalsign.net/cacert/ct_root.der
  2. http://secure.globalsign.net/cacert/sureserverEDU.pem
  3. Import the root certificate 'ct_root.der' :

    [root@ mydomain keystore]# sudo keytool -keystore mydomain.keystore -storepass keypassword -importcert -file ct_root.der -trustcacerts -alias globalsignroot  

    Outcome:

    Certificate already exists in system-wide CA keystore under alias   <3getcybertrustsolutionsincgtecybertrustglobal root>  Do you still want to add it to your own keystore? [no]: yes  Certificate was added to keystore  
  4. Import the sure server education certificate 'sureserverDDU.pem':

    [root@ mydomain keystore]# `sudo keytool -keystore mydomain.keystore –storepass keypassword -importcert -file sureserverEDU.pem -trustcacerts -alias sureserveredu`  

    Outcome: Certificate was added to keystore

  5. Import the certificate from email: As per wiki I need to import certificate.pem file {{{sudo keytool -keystore mydomain.keystore -storepass keypassword -alias mydomain -import -file mydomain.pem}}}. I don't have any .pem file in the email I have received and if I run [root@ mydomain keystore]# sudo keytool -keystore mydomain.keystore -storepass keypassword -alias mydomain -import -file mydomain.crt.

    I get an error,

    Keytool error: java.lang.Exceptoin: Failed to establish chain from reply  

Problem:

This is where I am stuck and don't know what to do, I assume I have to create a chain.pem with all the received certificates inside it. If this is the case in which order I should copy and paste the certificates?

To be honest I don't want to try anything which I am not sure about it because it is a live server.

I will really appreciate if someone could help me/providing instruction on how to proceed beyond step #5 to successfully install the certificate. I am also confused what is cabundle.crt that comes with the email.

cannot useradd/adduser when /etc/{passwd,shadow,group} are symlink (debian squeeze)

Posted: 30 Apr 2022 09:43 AM PDT

i'm having trouble with useradd when im moving /etc/passwd /etc/shadow /etc/group from /etc to /home and create a symlink in order to have /etc/{passwd,shadow,group} respecively pointing to /home/{passwd,shadow,group}

i cannot create any user and have useradd outputing:

root@client:/home# useradd testuser  Adding user `testuser' ...  Adding new group `testuser' (1000) ...  groupadd: cannot open /etc/group  

btw useradd output is

root@client:/home# adduser testuser  useradd: cannot open /etc/passwd  

ejabberd send group message

Posted: 30 Apr 2022 08:07 AM PDT

I have ejabberd setup with a few shared rosters ("groups"). I need to be able to send messages to the entire group. I was able to do this with the built-in announce mod by sending a message to jabber.myserver.com/announce/online. This works great but it acts like a server broadcast and does not show which user the message came from.

I imagine I'm not the only one that needs to send out group messages on ejabberd, but I was surprised of the lack of documentation and solutions that I've found on this.

What would be a good way to accomplish this?

installing lots of perl modules

Posted: 30 Apr 2022 06:47 AM PDT

I've been landed with the job of documenting how to install a very complicated application onto a clean server. Part of the application requires a lot of perl scripts, each of which seem to require lots of different perl modules.

I don't know much about perl, and I only know one way to install the required modules. This means my documentation now looks this:

Type each of these commands and accept all the defaults:

sudo perl -MCPAN -e 'install JSON'  sudo perl -MCPAN -e 'install Date::Simple'  sudo perl -MCPAN -e 'install Log::Log4perl'  sudo perl -MCPAN -e 'install Email::Simple'  (.... continues for 2 more pages... )  

Is there any way I can do all this one line like I can with aptitude i.e.

Type the following command and go get a coffee:

sudo aptitude install openssh-server libapache2-mod-perl2 build-essential ...  

Thank you (on behalf of the long suffering people who will be reading my document)


EDIT: The best way to do this is to use the packaged versions. For the modules which were not packaged for Ubuntu 10.10 I ended up with a little perl script which I found here )

#!/usr/bin/perl -w      use CPANPLUS;      use strict;      CPANPLUS::Backend->new( conf => { prereqs => 1 } )->install(          modules => [ qw(              Date::Simple              File::Slurp              LWP::Simple              MIME::Base64              MIME::Parser              MIME::QuotedPrint          ) ]      );  

This means I can put a nice one liner in my document:

sudo perl installmodules.pl  

No comments:

Post a Comment