how to specify multiple log files pattern in fail2ban jail? - fail2ban

I have log files on my server as follows
vpn_20191007.log
vpn_20191008.log
vpn_20191009.log
vpn_20191010.log
vpn_20191011.log
vpn_20191012.log
vpn_20191013.log
vpn_20191014.log
vpn_20191015.log
vpn_20191016.log
Is it possible to add log files pattern in fail2ban jail config?
[application]
enabled = false
filter = example
action = iptables
logpath = /var/log/vpn_%D.log
maxretry = 1

Well, conditionally it is possible...
Although wildcards are basically allowed at the moment, so :
logpath = /var/log/vpn_*.log
will do the job, but it is a bit ugly in your case:
fail2ban cumulate the list of files only by start of service, so the list remains obtained in fail2ban (unless it gets reloaded) - this means you should notify fail2ban that the log file name got changed (see https://github.com/fail2ban/fail2ban/issues/1379, the work is in progress).
since only one file will get new messages, the monitoring of other files is unneeded, especially if polling backend is used.
So better create some logrotate rules for that:
in order to rename/compress all previous log-files (to avoid match for obsolete files);
either create hard- or sym-link for last/active file with a fixed name (so fail2ban is always able to find it with the same name, and you'd not need wildcard at all);
or to notify fail2ban to reload the jail if logfile-name got changed(fail2ban-client reload vpn).
Here is an example for logrotate amendment:
postrotate
nfn="/var/log/vpn_$(date +%Y%m%d).log"
touch "$nfn"
ln -fs "$nfn" /var/log/vpn.log

You can add wilcard :
logpath = /var/log/vpn_*.log
and/or you can use multiple lines :
logpath = /var/log/vpn_20191007.log
/var/log/vpn_20191008.log
/var/log/vpn_20191009.log
/var/log/vpn_20191010.log
/var/log/vpn_20191011.log
/var/log/vpn_20191012.log
/var/log/vpn_20191013.log
/var/log/vpn_20191014.log
/var/log/vpn_20191015.log
/var/log/vpn_20191016.log
(You can combine the two)

Related

How can I turn on the Kodi webserver from the command line?

My Kodi is running as root (for better or for worse). This means the user folder is:
/root/.kodi/userdata/guisettings.xml
A quick search for web-related junk:
cat guisettings.xml | grep web
yields
<webserver default="true">false</webserver>
<webserverpassword default="true"></webserverpassword>
<webserverport default="true">8080</webserverport>
<webserverusername default="true">kodi</webserverusername>
<webskin default="true">webinterface.default</webskin>
Looks good to me. I just have to turn on the webserver.
Steps Taken
systemctl stop kodi
perl -i -pe 's/<webserver default="true">false<\/webserver>/<webserver default="true">true<\/webserver>/' /root/.kodi/userdata/guisettings.xml # (I actually used vim)
systemctl start kodi
Guess what happens, the guisettings.xml gets overwritten each time I start Kodi. I also tried adding the following file: /root/.kodi/userdata/advancedsettings.xml with the following contents:
<advancedsettings>
<loglevel hide="attribute">3</loglevel>
<webserver default="true">true</webserver>
<webserverpassword default="true"></webserverpassword>
<webserverport default="true">8080</webserverport>
<webserverusername default="true">kodi</webserverusername>
<webskin default="true">webinterface.default</webskin>
</advancedsettings>
This also does not work.
Are you by any chance trying to enable the web server to allow using Kodi remote?
I encountered the same issue too, "guisettings.xml gets overwritten".
According to kodi.wiki, you need to configure 2 more XML elements.
To be complete, having the following in advancedsettings.xml should help:
<advancedsettings>
<services>
<esallinterfaces>true</esallinterfaces>
<webserver>true</webserver>
<zeroconf>true</zeroconf>
</services>
</advancedsettings>

Change configuration parameters from command-line or programatically

How can I change settings in pg_hba.conf and postgresql.conf either from the command-line or programatically (especially from fabric or fabtools)?
I already found set_config, but that does not seem to work for parameters which require a server restart. The parameters to change are listen_addresses in postgresql.conf and a new line in pg_hba.conf, so connections from our sub-network will be accepted.
This is needed to write deployment scripts using fabric. It is not an option to copy template-files which then override the existing *.conf files, because the database server might be shared with other applications which bring their own configuration parameters. Thus, the existing configuration must be altered, not replaced.
Here is the currently working solution, incorporating the hint from a_horse_with_no_name. I paste a snippet from our fabfile.py (it uses require from fabtools, and it runs against Ubuntu):
db_name = env.variables['DB_NAME']
db_user = env.variables['DB_USER']
db_pass = env.variables['DB_PASSWORD']
# Require a PostgreSQL server.
require.postgres.server(version="9.4")
require.postgres.user(db_user, db_pass)
require.postgres.database(db_name, db_user)
# Listen on all addresses - use firewall to block inadequate access.
sudo(''' psql -c "ALTER SYSTEM SET listen_addresses='*';" ''', user='postgres')
# Download the remote pg_hba.conf to a temp file
tmp = tempfile.NamedTemporaryFile()
with open(tmp.name, "w") as f:
get("/etc/postgresql/9.4/main/pg_hba.conf", f, use_sudo=True)
# Define the necessary line in pg_hba.conf.
hba_line = "host all all {DB_ACCEPT_IP}/0 md5".format(**env.variables)
# Search the hba_line in the existing pg_hba.conf
with open(tmp.name, "ra") as f:
for line in f:
if hba_line in line:
found = True
break
else:
found = False
# If it does not exist, append it and upload the modified pg_hba.conf to the remote machine.
if not found:
with open(tmp.name, "a") as f:
f.write(hba_line)
put(f.name, "/etc/postgresql/9.4/main/pg_hba.conf", use_sudo=True)
# Restart the postgresql service, so the changes take effect.
sudo("service postgresql restart")
The aspect I don't like with this solution is that if I change DB_ACCEPT_IP, this will just append a new line and not remove the old one. I am sure a cleaner solution is possible.

rsync: #ERROR: auth failed on module tomcat_backup

I just can't figure out what's going on with my RSync. I'm running RSync on RHEL5, ip = xx.xx.xx.97. It's getting files from RHEL5, ip = xx.xx.xx.96.
Here's what the log (which I specified on the RSync command line) shows on xx.97 (the one requesting the files):
(local time)
2015/08/30 13:40:01 [17353] #ERROR: auth failed on module tomcat_backup
2015/08/30 13:40:01 [17353] rsync error: error starting client-server protocol (code 5) at main.c(1530) [receiver=3.0.6]
Here's what the log(which is specified in the rsyncd.conf file) shows on xx.96 (the one supplying the files):
(UTC time)
2015/08/30 07:40:01 [8836] name lookup failed for xx.xx.xx.97: Name or service not known
2015/08/30 07:40:01 [8836] connect from UNKNOWN (xx.xx.xx.97)
2015/08/30 07:40:01 [8836] auth failed on module tomcat_backup from unknown (xx.xx.xx.97): password mismatch
Here's the actual rsync.sh command called from xx.xx.xx.97 (the requester):
export RSYNC_PASSWORD=rsyncclient
rsync -havz --log-file=/usr/local/bin/RSync/test.log rsync://rsyncclient#xx.xx.xx.96/tomcat_backup/ProcessSniffer/ /usr/local/bin/ProcessSniffer
Here's the rsyncd.conf on xx.xx.xx.97:
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
[files]
name = tomcat_backup
path = /usr/local/bin/
comment = The copy/backup of tomcat from .96
uid = tomcat
gid = tomcat
read only = no
list = yes
auth users = rsyncclient
secrets file = /etc/rsyncd.secrets
hosts allow = xx.xx.xx.96/255.255.255.0
Here's the rsyncd.secrets on xx.xx.xx.97:
files:files
Here's the rsyncd.conf on xx.xx.xx.96 (the supplier of files):
Note: there is a 'cwrsync' (Windows version of rsync) successfully calling for files also (xx.xx.xx.100)
Note: yes, there is the possibility of xx.96 requesting files from xx.97. However, this is NOT actually happening.
It's commented out of the init.d mechanism.
lock file = /var/run/rsync.lock
log file = /var/log/rsync.log
pid file = /var/run/rsync.pid
strict modes = false
[files]
name = tomcat_backup
path = /usr/local/bin
comment = The copy/backup of tomcat from xx.97
uid = tomcat
gid = tomcat
read only = no
list = yes
auth users = rsyncclient
secrets file = /etc/rsyncd.secrets
hosts allow = xx.xx.xx.97/255.255.255.0, xx.xx.xx.100/255.255.255.0
Here's the rsyncd.secrets on xx.xx.xx.97:
files:files
It was something else. I had a script calling the rsync command, and that was causing the problem. The actual rsync command line was ok.
Apologies.
This is what I have been through when I got this error. My first thinking was to check rsync server log. and it is not in the place configured in rsync.conf. Then I checked the log printed in systemctl status rsyncd
rsyncd[23391]: auth failed on module signaling from unknown (172.28.15.10): missing secret for user "rsync_backup"
rsyncd[23394]: Badly formed boolean in configuration file: "no # rsync daemon before transmission, change to the root directory and limited within.".
rsyncd[23394]: params.c:Parameter() - Ignoring badly formed line in configuration file: ignore errors # ignore some io error informations.
rsyncd[23394]: Badly formed boolean in configuration file: "false # if true, cannot upload file to this server.".
rsyncd[23394]: Badly formed boolean in configuration file: "false # if true, cannot download file from this server.".
rsyncd[23394]: Badly formed boolean in configuration file: "false # if true, can only list files here.".
Combining the fact that log configuration does not come into play. It seems that the comment after each line of configuration in rsync.conf makes configurations invalid. So I deleted those # ... and restart rsyncd.

How do I change ownership/attributes of a single file or single folder with sbt-native-packager for an RPM?

sbt-native-packager, when making an RPM, correctly assigns file ownership as root:root for most files. I have a case where exactly one configuration file (which doesn't exist in the RPM file, although it could be added if doing so make it easier) needs to be writable by the service. The easiest way to do this is to change ownership of the conf folder itself, allowing the service to later create that file. The alternate way is to add the file to the RPM and change ownership of just that one file.
I know I can change the ownership of all configuration files with a stanza like this:
linuxPackageMappings in Rpm := {
linuxPackageMappings.value map {
case linuxPackage if linuxPackage.fileData.config equals "true" =>
val newFileData = linuxPackage.fileData.copy(
user = "newuser",
group = "newgroup"
)
linuxPackage.copy(fileData = newFileData)
case linuxPackage => linuxPackage
}
}
But: 1) That doesn't change ownership of the conf folder itself, and 2) That changes ownership of every single file that is a conf file, which I don't want to do. Anyway, no matter what I try, the spec file still has:
%dir %attr(0755,root,root) /path/to/application/conf/
The problem is that it's still owned by root:root. Here is what I tried, for changing ownership of just the one file (using the above stanza with this case):
case linuxPackage if linuxPackage.mappings.head._2 equals "/path/to/application/conf/" =>
Also (the answer may be the same), how can I change exactly one configuration file -- selected by filename -- to withConfig("noreplace") but not the rest? I've figured out that linuxPackageMappings is an instance of Seq[com.typesafe.sbt.packager.linux.LinuxPackageMapping], and each instance of LinuxPackageMapping can have one or more file mappings. I haven't figured out how to remove one mapping from a LinuxPackageMapping and create a new LinuxPackageMapping that contains just the one file. (Or there may be a better way to do this?)

Algebra filter error in moodle

I installed moodle 1.9.12 and now I want to use Algebra notation in content. I enable "TeX Notation" and "Algebra Notation" in administrator panel and also install mimetext and dvips and Imagemagic on the server. fortunately Tex Notation works fine but I got the following error for Algebra:
sh: /var/www/html/moodle/filter/tex/mimetex.linux: not found
The shell command
"/var/www/html/moodle/filter/tex/mimetex.linux" -e "/var/www/moodledata/filter/algebra/de06d6c44d98ba4e42dffca988bf530b.gif" -- '\Large \frac{\sin\left(z\right)}{x^{2}+y^{2}}'
returned status = 127
File size of mimetex executable /var/www/html/moodle/filter/tex/mimetex.linux is 830675
The file permissions are: 100775
The md5 checksum of the file is 56bcc40de905ce92ebd7b083c76e019e
Image not found!
Note: /var/www/html/moodle/filter/tex/mimetex.linux exists on the server and is executable!!!
What is the problem?? Any idea?????
From what you have described, calling the general tex filter debug page works and does not show up the same error.
/filter/tex/texdebug.php works, but /filter/algebra/algebradebug.php does not.
If this is the case, perhaps you could check for an open_basedir, or safe_mode_exec_dir being set to include the current working directory, or otherwise restricting the execution of /var/www/html/moodle/filter/tex/mimetex.linux, while the current working directory is /var/www/html/moodle/filter/algebra.
You could look at this by visiting /admin/phpinfo.php at your site, and look carefully at the effective values of open_basedir, safe_mode and safe_mode_exec_dir.
You could also check the apache error log or add the following lines to the top of the algebra debug php file, and you might see some extra error messages:
$CFG->debug = 6143 ;
$CFG->debugdisplay= 1 ;
Hope that helps