fail2ban-regex <> fail2ban-client status

Support Debian
#1

Bonjour,

une petite incompréhension, un regex fail2ban me renvoie ceci :

[code]root@serveur:/# fail2ban-regex /var/log/apache2/site.error.log /etc/fail2ban/filter.d/apache-noscript.conf
/usr/share/fail2ban/server/filter.py:442: DeprecationWarning: the md5 module is deprecated; use hashlib instead
import md5

Running tests

Use regex file : /etc/fail2ban/filter.d/apache-noscript.conf
Use log file : /var/log/apache2/site.error.log

Results

Failregex
|- Regular expressions:
| [1] ^[[^]]+] [error] [client ] (File does not exist|script not found or unable to stat): /\S*(.php|.asp|.exe|.pl)\s*$
| [2] ^[[^]]+] [error] [client ] script ‘/\S*(.php|.asp|.exe|.pl)\S*’ not found or unable to stat\s*$
|
`- Number of matches:
[1] 0 match(es)
[2] 2 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary

Addresses found:
[1]
[2]
96.4.148.11 (Wed Mar 12 21:58:58 2014)
96.4.148.11 (Wed Mar 12 21:58:59 2014)

Date template hits:
40 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>

Success, the total number of match is 2

However, look at the above section ‘Running tests’ which could contain important
information.
[/code]
D’après /etc/fail2ban/jail.local l’IP bannie devrait l’être pour une semaine, c’est d’ailleurs ce que je vois passer dans /var/log/fail2ban.log lors de la création des jails.
Bannie théoriquement jusqu’au 19 mars, elle devrait encore être bannie ce jour, mais :

root@serveur:/# fail2ban-client status apache-noscript Status for the jail: apache-noscript |- filter | |- File list: /var/log/apache2/site1.error.log /var/log/apache2/site2.error.log /var/log/apache2/site.error.log /var/log/apache2/error.log /var/log/apache2/site3.error.log | |- Currently failed: 0 | `- Total failed: 0 `- action |- Currently banned: 0 | `- IP list: `- Total banned: 0
Je m’attends à trouver l’IP bannie dans la liste, pourtant, elle n’y paraît pas.
Si quelqu’un voit mon erreur …

Par ailleurs, je ne comprends pas les 40 Hit(s)