Latest security/py-fail2ban (0.10.1_1) Broken Again.

Janky Jay, III jankyj at unfs.us
Fri Oct 27 22:17:02 UTC 2017 

Looks like the latest update broken more of the previously fixed issues.
Also, it appears that F2B 0.9.X is the latest stable and 0.10.X is
"experimental". Why is the default port experimental? Shouldn't this be
broken up into two ports?

Anywho, below is an example of the fail2ban.log output when an SSH
attempt should be banned (via PF):

2017-10-27 16:02:40,016 fail2ban.filter         [17083]: INFO   
[bsd-ssh-pf] Found 174.135.101.80 - 2017-10-27 16:02:39
2017-10-27 16:02:42,286 fail2ban.filter         [17083]: INFO   
[bsd-ssh-pf] Found 174.135.101.80 - 2017-10-27 16:02:41
2017-10-27 16:02:42,497 fail2ban.actions        [17083]: NOTICE 
[bsd-ssh-pf] Ban 174.135.101.80
2017-10-27 16:02:42,520 fail2ban.utils          [17083]: Level 39
8020c31c0 -- exec: pfctl -a f2b/ssh -sr | grep -q f2b-ssh
2017-10-27 16:02:42,521 fail2ban.utils          [17083]: ERROR  
8020c31c0 -- returned 1
2017-10-27 16:02:42,521 fail2ban.CommandAction  [17083]: ERROR  
Invariant check failed. Trying to restore a sane environment
2017-10-27 16:02:42,566 fail2ban.utils          [17083]: Level 39
8020b0870 -- exec: echo "table <f2b-ssh> persist counters" | pfctl -a
f2b/ssh -f-
echo "block quick proto tcp from <f2b-ssh> to any port {{30000}}" |
pfctl -a f2b/ssh -f-
2017-10-27 16:02:42,567 fail2ban.utils          [17083]: ERROR  
8020b0870 -- stderr: 'stdin:1: syntax error'
2017-10-27 16:02:42,567 fail2ban.utils          [17083]: ERROR  
8020b0870 -- stderr: 'pfctl: Syntax error in config file: pf rules not
loaded'
2017-10-27 16:02:42,567 fail2ban.utils          [17083]: ERROR  
8020b0870 -- returned 1
2017-10-27 16:02:42,568 fail2ban.actions        [17083]: ERROR   Failed
to execute ban jail 'bsd-ssh-pf' action 'pf' info
'ActionInfo({'ipfailures': 42, 'ip-rev': '80.101.135.174.', 'family':
'inet4', 'ipmatches': 'FTP Server [12354] domain.org
[19/May/2016:20:02:35 -0600] "PASS (hidden)" 530\nFTP Server [12354]
domain.org [19/May/2016:20:02:54 -0600] "PASS (hidden)" 530\nFTP Server
[12354] domain.org [19/May/2016:20:02:35 -0600] "PASS (hidden)" 530\nFTP
Server [12354] domain.org [19/May/2016:20:02:54 -0600] "PASS (hidden)"
530\nFTP Server [12673] domain.org [19/May/2016:20:07:42 -0600] "PASS
(hidden)" 530\nFTP Server [12354] domain.org [19/May/2016:20:02:35
-0600] "PASS (hidden)" 530\nFTP Server [12354] domain.org
[19/May/2016:20:02:54 -0600] "PASS (hidden)" 530\nFTP Server [12673]
domain.org [19/May/2016:20:07:42 -0600] "PASS (hidden)" 530\nFTP Server
[12673] domain.org [19/May/2016:20:07:45 -0600] "PASS (hidden)" 530\nFTP
Server [12694] domain.org [19/May/2016:20:08:08 -0600] "PASS (hidden)"
530\nFTP Server [12694] domain.org [19/May/2016:20:08:14 -0600] "PASS
(hidden)" 530\nFTP Server [12673] domain.org [19/May/2016:20:07:45
-0600] "PASS (hidden)" 530\nFTP Server [12694] domain.org
[19/May/2016:20:08:08 -0600] "PASS (hidden)" 530\nFTP Server [12694]
domain.org [19/May/2016:20:08:14 -0600] "PASS (hidden)" 530\nFTP Server
[12869] domain.org [19/May/2016:20:14:01 -0600] "PASS (hidden)" 530\nFTP
Server [12869] domain.org [19/May/2016:20:14:06 -0600] "PASS (hidden)"
530\nFTP Server [12673] domain.org [19/May/2016:20:07:42 -0600] "PASS
(hidden)" 530\nFTP Server [12673] domain.org [19/May/2016:20:07:45
-0600] "PASS (hidden)" 530\nFTP Server [12694] domain.org
[19/May/2016:20:08:08 -0600] "PASS (hidden)" 530\nFTP Server [12694]
domain.org [19/May/2016:20:08:14 -0600] "PASS (hidden)" 530\nFTP Server
[12869] domain.org [19/May/2016:20:14:01 -0600] "PASS (hidden)" 530\nFTP
Server [12869] domain.org [19/May/2016:20:14:06 -0600] "PASS (hidden)"
530\nFTP Server [12881] domain.org [19/May/2016:20:14:30 -0600] "PASS
(hidden)" 530\nFTP Server [12881] domain.org [19/May/2016:20:14:38
-0600] "PASS (hidden)" 530\nFTP Server [12881] domain.org
[19/May/2016:20:14:30 -0600] "PASS (hidden)" 530\nFTP Server [12881]
domain.org [19/May/2016:20:14:38 -0600] "PASS (hidden)" 530\nFTP Server
[13000] domain.org [19/May/2016:20:17:14 -0600] "PASS (hidden)" 530\nFTP
Server [13000] domain.org [19/May/2016:20:17:22 -0600] "PASS (hidden)"
530\n2017-10-15 16:45:11,363 server1.domain-dos.org proftpd[48705]
server1 (domain.org[174.135.101.80]): USER user dick: no such user found
from domain.org [174.135.101.80] to 51.244.130.111:21\nFTP Server
[48705] domain.org [15/Oct/2017:16:45:11 +0000] "PASS (hidden)"
530\n2017-10-15 16:45:11,363 server1.domain-dos.org proftpd[48705]
server1 (domain.org[174.135.101.80]): USER user dick: no such user found
from domain.org [174.135.101.80] to 51.244.130.111:21\n2017-10-15
16:51:10,946 server1.domain-dos.org proftpd[48907] server1
(mail.domain.org[174.135.101.80]): USER derp: no such user found from
mail.domain.org [174.135.101.80] to 51.244.130.111:21\n2017-10-15
16:51:14,626 server1.domain-dos.org proftpd[48907] server1
(mail.domain.org[174.135.101.80]): USER dick: no such user found from
mail.domain.org [174.135.101.80] to 51.244.130.111:21\nOct 15 16:53:27
server1 sshd[48984]: Invalid user turd from 174.135.101.80\nOct 15
16:53:30 server1 sshd[48986]: Invalid user turd from 174.135.101.80\nOct
15 16:53:32 server1 sshd[48988]: Invalid user turd from
174.135.101.80\nOct 20 19:57:52 server1 sshd[13078]: Invalid user test
from 174.135.101.80\nOct 20 19:57:55 server1 sshd[13086]: Invalid user
test from 174.135.101.80\nOct 20 19:57:57 server1 sshd[13088]: Invalid
user test from 174.135.101.80\nOct 27 16:02:37 server1 sshd[17277]:
Invalid user fart from 174.135.101.80\nOct 27 16:02:39 server1
sshd[17279]: Invalid user fart from 174.135.101.80\nOct 27 16:02:41
server1 sshd[17281]: Invalid user fart from 174.135.101.80', 'matches':
u'Oct 27 16:02:37 server1 sshd[17277]: Invalid user fart from
174.135.101.80\nOct 27 16:02:39 server1 sshd[17279]: Invalid user fart
from 174.135.101.80\nOct 27 16:02:41 server1 sshd[17281]: Invalid user
fart from 174.135.101.80', 'ip': '174.135.101.80', 'ipjailmatches': 'Oct
15 16:53:27 server1 sshd[48984]: Invalid user turd from
174.135.101.80\nOct 15 16:53:30 server1 sshd[48986]: Invalid user turd
from 174.135.101.80\nOct 15 16:53:32 server1 sshd[48988]: Invalid user
turd from 174.135.101.80\nOct 20 19:57:52 server1 sshd[13078]: Invalid
user test from 174.135.101.80\nOct 20 19:57:55 server1 sshd[13086]:
Invalid user test from 174.135.101.80\nOct 20 19:57:57 server1
sshd[13088]: Invalid user test from 174.135.101.80\nOct 27 16:02:37
server1 sshd[17277]: Invalid user fart from 174.135.101.80\nOct 27
16:02:39 server1 sshd[17279]: Invalid user fart from 174.135.101.80\nOct
27 16:02:41 server1 sshd[17281]: Invalid user fart from 174.135.101.80',
'ipjailfailures': 9, 'F-*': {'matches': [(u'', u'Oct 27 16:02:37', u'
server1 sshd[17277]: Invalid user fart from 174.135.101.80'), u'Oct 27
16:02:39 server1 sshd[17279]: Invalid user fart from 174.135.101.80',
u'Oct 27 16:02:41 server1 sshd[17281]: Invalid user fart from
174.135.101.80'], 'failures': 3, 'ip4': u'174.135.101.80'}, 'fid':
'174.135.101.80', 'time': 1509141761.0, 'failures': 3, 'restored': 0,
'ip-host': 'mail.domain.org'})': Error starting action Jail('bsd-ssh-pf')/pf

More information about the freebsd-ports mailing list