CentOS 7: fail2ban and logwatch

Michael Ryvkin
4 4

After installing and setting up CentOS 7 I noticed that fail2ban bans/unbans are no longer included in the daily logwatch reports.

According to this bug #8885, fail2ban log levels and log file format have changed and logwatch script can no longer detect bans and unbans.

The workaround is to correct fail2ban script for logwatch until the bugfix is released. Edit /usr/share/logwatch/scripts/services/fail2ban on line 81 and perform the following replacement.

ORIGINAL

    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {

CORRECTED

    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/NOTICE:?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {

You can run the following command to test logwatch with updated fail2ban service.

logwatch --service fail2ban

You May Also Like

ColdFusion 8 on CentOS 4 with BlueQuartz
Updating Amazon RDS SSL/TLS Certificates for Laravel application on CentOS
UltraMonkey on CentOS 4 with BlueQuartz
Ultramonkey on CentOS 4 with BlueQuartz (part 2)
Michael Ryvkin

Freelance web developer based in Perkasie, Bucks County, PA. I design and develop custom websites and web applications, perform website maintenance and provide technical support for small and medium-sized businesses.

Contact me for a free quote or consultation on your project.

Comments

Leave a Reply

(optional)

This site uses Akismet to reduce spam. Learn how your comment data is processed.