action.d/complain.conf and action.d/xarf-login-attack.conf fail with shell error 2
Environment:
Fail2Ban version (including any possible distribution suffixes):
OS, including release name/version:
[X ] Fail2Ban installed via OS/distribution mechanisms
[ X] You have not applied any additional foreign patches to the codebase
[ ] Some customizations were done to the configuration (provide details below is so)
The issue:
any action that contains a shell script more than a line long fails with various shell error codes
Steps to reproduce
enable action complain on debian distributions
Expected behavior
to work
Observed behavior
error 2
Any additional information
the default non interactive shell on debian9 and probably all modern ubuntus is /bin/sh which is linked to /bin/dash. That limited shell cannot handle the complicated scripts in the above actions
Any customizations done to /etc/fail2ban/ configuration
Relevant parts of /var/log/fail2ban.log file:
preferably obtained while running fail2ban with loglevel = 4
2019-03-22 09:04:35,521 fail2ban.action [15739]: ERROR oifs=${IFS}; IFS=.;SEP_IP=( 45.119.212.105 ); set -- ${SEP_IP}; ADDRESSES=`dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org`; IFS=${oifs}
IP=45.119.212.105
if [ ! -z "$ADDRESSES" ]
then
(printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)'; grep -E '(^|[^0-9])45.119.212.105([^0-9]|$)' /var/log/auth.log) | mail -s "Abuse from 45.119.212.105" ${ADDRESSES//,/\" \"}
fi -- returned 2
``
Relevant lines from monitored log files in question:
action.d/complain.conf and action.d/xarf-login-attack.conf fail with shell error 2
Environment:
The issue:
any action that contains a shell script more than a line long fails with various shell error codes
Steps to reproduce
enable action complain on debian distributions
Expected behavior
to work
Observed behavior
error 2
Any additional information
the default non interactive shell on debian9 and probably all modern ubuntus is /bin/sh which is linked to /bin/dash. That limited shell cannot handle the complicated scripts in the above actions
Configuration, dump and another helpful excerpts
Any customizations done to /etc/fail2ban/ configuration
Relevant parts of /var/log/fail2ban.log file:
preferably obtained while running fail2ban with
loglevel = 4
Relevant lines from monitored log files in question: