http://bugzilla.novell.com/show_bug.cgi?id=600076http://bugzilla.novell.com/show_bug.cgi?id=600076#c0
Summary: fail2ban probably problems with python 2.6?
fail2ban.server : ERROR Unexpected communication
error
Classification: openSUSE
Product: openSUSE 11.2
Version: Final
Platform: x86-64
OS/Version: openSUSE 11.2
Status: NEW
Severity: Critical
Priority: P5 - None
Component: Network
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: netadmin(a)iea-dpc.de
QAContact: qa(a)suse.de
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3)
Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)
fail2ban 0.8.3 is available via yast packet manager.
However, after installation and configuration, it starts with lots of error
messages "fail2ban.server : ERROR Unexpected communication error" and is not
banning anything.
I searched Google and found that this could be caused by python 2.6, because
lots of distros (Ubuntu, OpenSuSE, RedHat/Fedora) using python 2.6 seem to have
this problem that´s been told to disappear if python 2.5 is used (but in
OpenSuSE 11.2 there is no 2.5 compatibility package available).
In this posting:
https://bugzilla.redhat.com/show_bug.cgi?id=508171
(~comment #8) it seems there is already a fix available since 09/2009, but not
yet implemented in OpenSuSE.
Reproducible: Always
Steps to Reproduce:
1.install fail2ban 0.8.3 package with Yast
2.enable a service jail in /etc/fail2ban/jail.conf
3.rcfail2ban start
Actual Results:
No banning of wrong proftpd logins, instead these log entries:
2010-04-27 13:49:13,069 fail2ban.server : INFO Changed logging target to
/var/log/fail2ban.log for Fail2ban v0.8.3
2010-04-27 13:49:13,070 fail2ban.jail : INFO Creating new jail
'proftpd-iptables'
2010-04-27 13:49:13,070 fail2ban.jail : INFO Jail 'proftpd-iptables' uses
poller
2010-04-27 13:49:13,107 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,108 fail2ban.filter : INFO Added logfile =
/var/log/proftpd/proftpd.log
2010-04-27 13:49:13,109 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,110 fail2ban.filter : INFO Set maxRetry = 3
2010-04-27 13:49:13,111 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,112 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,113 fail2ban.filter : INFO Set findtime = 600
2010-04-27 13:49:13,114 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,114 fail2ban.actions: INFO Set banTime = 60
2010-04-27 13:49:13,115 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,120 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,124 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,128 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,133 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,134 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,136 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,137 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,139 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,140 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,142 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,143 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,144 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,146 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,147 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,149 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,151 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,152 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,154 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,155 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,157 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,158 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,159 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:49:13,202 fail2ban.jail : INFO Jail 'proftpd-iptables'
started
2010-04-27 13:49:13,224 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:27,817 fail2ban.jail : INFO Jail 'proftpd-iptables'
stopped
2010-04-27 13:54:27,818 fail2ban.server : INFO Exiting Fail2ban
2010-04-27 13:54:32,819 fail2ban.server : INFO Changed logging target to
/var/log/fail2ban.log for Fail2ban v0.8.3
2010-04-27 13:54:32,820 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,820 fail2ban.jail : INFO Creating new jail
'proftpd-iptables'
2010-04-27 13:54:32,820 fail2ban.jail : INFO Jail 'proftpd-iptables' uses
poller
2010-04-27 13:54:32,839 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,839 fail2ban.filter : INFO Added logfile =
/var/log/proftpd/proftpd.log
2010-04-27 13:54:32,840 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,840 fail2ban.filter : INFO Set maxRetry = 3
2010-04-27 13:54:32,841 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,841 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,842 fail2ban.filter : INFO Set findtime = 600
2010-04-27 13:54:32,842 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,843 fail2ban.actions: INFO Set banTime = 60
2010-04-27 13:54:32,843 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,846 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,848 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,851 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,853 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,854 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,855 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,856 fail2ban.server : ERROR Unexpected communication error
2010-04-27 13:54:32,857 fail2ban.server : ERROR Unexpected communication error
Expected Results:
Should start without error notice and create iptables entry after >3 wrong
login attempts
fail2ban.conf:
==============
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 629 $
#
[Definition]
# Option: loglevel
# Notes.: Set the log level output.
# 1 = ERROR
# 2 = WARN
# 3 = INFO
# 4 = DEBUG
# Values: NUM Default: 3
#
loglevel = 3
# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
# Only one log target can be specified.
# Values: STDOUT STDERR SYSLOG file Default: /var/log/fail2ban.log
#
logtarget = /var/log/fail2ban.log
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
# communicate with the server afterwards.
# Values: FILE Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
jail.conf:
==========
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 617 $
#
# The DEFAULT allows a global definition of the options. They can be override
# in each jail afterwards.
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1
# "bantime" is the number of seconds that a host is banned.
#bantime = 600
bantime = 60
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
# is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto: will choose Gamin if available and polling otherwise.
backend = auto
# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
[ssh-iptables]
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=you(a)mail.com,
sender=fail2ban(a)mail.com]
logpath = /var/log/sshd.log
maxretry = 5
[proftpd-iptables]
enabled = true
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=ProFTPD, dest=andreas.brundtland@iea-dpcde]
logpath = /var/log/proftpd/proftpd.log
maxretry = 3
# This jail forces the backend to "polling".
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=you(a)mail.com]
logpath = /var/log/mail.log
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
# used to avoid banning the user "myuser".
[ssh-tcpwrapper]
enabled = false
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=you(a)mail.com]
ignoreregex = for myuser from
logpath = /var/log/sshd.log
# This jail demonstrates the use of wildcards in "logpath".
# Moreover, it is possible to give other files on a new line.
[apache-tcpwrapper]
enabled = false
filter = apache-auth
action = hostsdeny
logpath = /var/log/apache*/*error.log
/home/www/myhomepage/error.log
maxretry = 6
# The hosts.deny path can be defined with the "file" argument if it is
# not in /etc.
[postfix-tcpwrapper]
enabled = false
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
sendmail[name=Postfix, dest=you(a)mail.com]
logpath = /var/log/postfix.log
bantime = 300
# Do not ban anybody. Just report information about the remote host.
# A notification is sent at most every 600 seconds (bantime).
[vsftpd-notification]
enabled = false
filter = vsftpd
action = sendmail-whois[name=VSFTPD, dest=you(a)mail.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
# Same as above but with banning the IP address.
[vsftpd-iptables]
enabled = false
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=VSFTPD, dest=you(a)mail.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
[apache-badbots]
enabled = false
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
sendmail-buffered[name=BadBots, lines=5, dest=you(a)mail.com]
logpath = /var/www/*/logs/access_log
bantime = 172800
maxretry = 1
# Use shorewall instead of iptables.
[apache-shorewall]
enabled = false
filter = apache-noscript
action = shorewall
sendmail[name=Postfix, dest=you(a)mail.com]
logpath = /var/log/apache2/error_log
# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
# option is overridden in this jail. Moreover, the action "mail-whois" defines
# the variable "name" which contains a comma using "". The characters '' are
# valid too.
[ssh-ipfw]
enabled = false
filter = sshd
action = ipfw[localhost=192.168.0.1]
sendmail-whois[name="SSH,IPFW", dest=you(a)mail.com]
logpath = /var/log/auth.log
ignoreip = 168.192.0.1
# These jails block attacks against named (bind9). By default, logging is off
# with bind9 installation. You will need something like this:
#
# logging {
# channel security_file {
# file "/var/log/named/security.log" versions 3 size 30m;
# severity dynamic;
# print-time yes;
# };
# category security {
# security_file;
# };
# }
#
# in your named.conf to provide proper logging.
# This jail blocks UDP traffic for DNS requests.
[named-refused-udp]
enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
sendmail-whois[name=Named, dest=you(a)mail.com]
logpath = /var/log/named/security.log
ignoreip = 168.192.0.1
# This jail blocks TCP traffic for DNS requests.
[named-refused-tcp]
enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
sendmail-whois[name=Named, dest=you(a)mail.com]
logpath = /var/log/named/security.log
ignoreip = 168.192.0.1
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=599986http://bugzilla.novell.com/show_bug.cgi?id=599986#c0
Summary: sane-backends 1.0.21 version upgrade
Classification: openSUSE
Product: openSUSE 11.3
Version: Factory
Platform: All
OS/Version: openSUSE 11.3
Status: NEEDINFO
Severity: Enhancement
Priority: P5 - None
Component: Other
AssignedTo: jsmeix(a)novell.com
ReportedBy: jsmeix(a)novell.com
QAContact: qa(a)suse.de
CC: lnussel(a)novell.com
InfoProvider: coolo(a)novell.com
Found By: Development
Blocker: ---
A new sane-backends 1.0.21 version was released right now, see
http://lists.alioth.debian.org/pipermail/sane-announce/2010/000027.html
-------------------------------------------------------------------
New with sane-backends 1.0.21, released 2010-04-25:
* New backends: kodak (Kodak i18xx), kvs1025 (Panasonic KV-S10xx),
p5 (Primax PagePartner)
* 224 more scanner models supported.
* Many backends updated.
* Improved compilation on uncommon platforms.
* More consistent option naming.
* Scanimage no longer writes image to tty.
* Modern translation infrastructure.
* Improved saned network daemon.
* Internal SCSI, USB, threading, TCP & UDP code updates.
* Updated HAL and udev support.
* New sanei_magic image processing library.
* Documentation updates.
* Bugfixes.
-------------------------------------------------------------------
Should I start to work on a sane-backends 1.0.21 version upgrade
for openSUSE:Factory regardless of the openSUSE 11.3 package
version freeze?
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=599644http://bugzilla.novell.com/show_bug.cgi?id=599644#c0
Summary: [SMBTA] Encryption not supported for smbtad <->
clients
Classification: openSUSE
Product: openSUSE 11.2
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Enhancement
Priority: P5 - None
Component: Samba
AssignedTo: hhetter(a)novell.com
ReportedBy: hhetter(a)novell.com
QAContact: samba-maintainers(a)SuSE.de
CC: mhaefner(a)novell.com, bbrunner(a)novell.com
Found By: ---
Blocker: ---
Support for AES encryption is currently missing on both sides, it's partially
implemented in smbtad, and totally missing smbtadquery.
AI : Holger, push AES encryption for the clients into the framework.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=599517http://bugzilla.novell.com/show_bug.cgi?id=599517#c0
Summary: obs://build.opensuse.org/home:plater/rosegarden4-10.04
-45.1.x86_64 out of memory
Classification: openSUSE
Product: openSUSE.org
Version: unspecified
Platform: x86-64
OS/Version: openSUSE 11.2
Status: NEW
Severity: Major
Priority: P5 - None
Component: 3rd party software
AssignedTo: davejplater(a)gmail.com
ReportedBy: m.munnix(a)redcross.be
QAContact: opensuse-communityscreening(a)forge.provo.novell.com
Found By: ---
Blocker: ---
Created an attachment (id=356685)
--> (http://bugzilla.novell.com/attachment.cgi?id=356685)
unicornis.rg
This is a bug I discovered some time ago with previous versions and not yet
reported.
I open an old rg document (the one from bug 595562), and try to import the
studio from a saved file (studio1.rg)
At that time, rosegarden seems to go in an endless loop taking up all
memory+swap resulting in oom killing it and firefox.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=599224http://bugzilla.novell.com/show_bug.cgi?id=599224#c0
Summary: add link fsck.btrfs -> btrfsck
Classification: openSUSE
Product: openSUSE 11.3
Version: Factory
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Basesystem
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: aschnell(a)novell.com
QAContact: qa(a)suse.de
Found By: Development
Blocker: ---
mkinitrd complaines about missing fsck.btrfs. Unfortunately the
program is called btrfsck.
I suppose a link fsck.btrfs -> btrfsck is the best solution (like
for msdos and vfat).
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=598856http://bugzilla.novell.com/show_bug.cgi?id=598856#c0
Summary: empty NTP server list on time setup
Classification: openSUSE
Product: openSUSE 11.3
Version: Factory
Platform: x86
OS/Version: openSUSE 11.3
Status: NEW
Severity: Major
Priority: P5 - None
Component: Installation
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: johann-nikolaus.andreae(a)nacs.de
QAContact: jsrain(a)novell.com
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (compatible; Konqueror/4.4; Linux; de)
KHTML/4.4.2 (like Gecko) SUSE
The NTP server list on the time setup page is empty open the first time and did
not save a own entry.
Reproducible: Always
Steps to Reproduce:
1.start opensuse installation
2.at the time settings page click on change
3.the NTP server list is empty
4.type in a NTP server
5.click ok
6.click on change a seconed time
7.not the NTP server list is filled your setting is gone
Expected Results:
Filled list and save a own entry
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=598681http://bugzilla.novell.com/show_bug.cgi?id=598681#c0
Summary: nfsd: rcnfsserver restart does not update binds
Classification: openSUSE
Product: openSUSE 11.3
Version: Factory
Platform: All
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Network
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: jengelh(a)medozas.de
QAContact: qa(a)suse.de
Found By: Beta-Customer
Blocker: ---
When adding a new NFS4 export:
/srv/nfs4/foo *(ro,bind=/foo)
Then `rcnfsserver reload` will not install the bind mount like `rcnfsserver
restart` would do.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=598671http://bugzilla.novell.com/show_bug.cgi?id=598671#c0
Summary: nfsd: NFSx_SUPPORT sysconfig vars
Classification: openSUSE
Product: openSUSE 11.3
Version: Factory
Platform: All
OS/Version: Linux
Status: NEW
Severity: Enhancement
Priority: P5 - None
Component: Network
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: jengelh(a)medozas.de
QAContact: qa(a)suse.de
Found By: Beta-Customer
Blocker: ---
/etc/sysconfig/nfs provides a NFS4_SUPPORT variable to toggle NFS4 support. It
would be nice to also have a tunable flag for NFS2/3, so that I could run
NFS4-only systems.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.