Shell based action scripts fail on debian9/ubuntu

[kangelos]

action.d/complain.conf and action.d/xarf-login-attack.conf fail with shell error 2

Environment:

• Fail2Ban version (including any possible distribution suffixes):
• OS, including release name/version:
• [X ] Fail2Ban installed via OS/distribution mechanisms
• [ X] You have not applied any additional foreign patches to the codebase
• [ ] Some customizations were done to the configuration (provide details below is so)

The issue:

any action that contains a shell script more than a line long fails with various shell error codes

Steps to reproduce

enable action complain on debian distributions

Expected behavior

to work

Observed behavior

error 2

Any additional information

the default non interactive shell on debian9 and probably all modern ubuntus is /bin/sh which is linked to /bin/dash. That limited shell cannot handle the complicated scripts in the above actions

Configuration, dump and another helpful excerpts

[DEFAULT]

action_mine = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
             complain[logpath=%(logpath)s]

action = %(action_mine)s

[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
# 1 hour
bantime = 3600

[sshd]
enabled=true

[sshd-ddos]
enabled=true

Any customizations done to /etc/fail2ban/ configuration

Relevant parts of /var/log/fail2ban.log file:

preferably obtained while running fail2ban with loglevel = 4

2019-03-22 09:04:35,521 fail2ban.action         [15739]: ERROR   oifs=${IFS}; IFS=.;SEP_IP=( 45.119.212.105 ); set -- ${SEP_IP}; ADDRESSES=`dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org`; IFS=${oifs}
IP=45.119.212.105
if [ ! -z "$ADDRESSES" ]
then
(printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)'; grep -E '(^|[^0-9])45.119.212.105([^0-9]|$)' /var/log/auth.log) | mail -s "Abuse from 45.119.212.105"  ${ADDRESSES//,/\" \"}
fi -- returned 2
``

Relevant lines from monitored log files in question:

[sebres]

Fixed in 6fe6ebe0392332717ce8d65be91d3362fbf09723. Please update your config (click "View File" and then "Raw").