-
-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
duplicate port declaration for pam-generic jail definition at jail.conf.erb template #13
Comments
I am not able to reproduce this issue.
Are you sure that you did not place any files under |
We have also just started seeing this issue - but not on all hosts that we are responsible for - difference is that on servers with no issue fail2ban is v0.8.11 and on affected servers its v0.9.3 Exactly the same error as above |
Use the correct desired configuration template, should fix this issue. fail2ban::config_file_template: "fail2ban/%{::lsbdistcodename}/etc/fail2ban/jail.conf.erb" |
I too can confirm the duplicate port error on pam-generic. Fail2Ban is managed by puppet, who was reporting the error. In Jail.local, under pam-generic port is actually in there twice. Once as "all", and once as "anyport". I commented out anyport, and the system came back fine. |
I know that the port has been defined twice, but I still can not reproduce this issue. Debian 8 (Jessie) provides Fail2ban 0.8.13-1 and I used the default config to create the template. This configuration is generated by the following Puppet / Hiera code and the Fail2ban service starts without any error message.
Fail2ban 0.9.6-1 is provided by Debian Testing (Stretch), which is not supported by this module. |
Hello, we are some people how had this issue, on bug.debian bug Commenting out "port = anyport" lets fail2ban cleanly restart again. |
OS: Debian 8 Jessie
enabled = false
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter = pam-generic
# port actually must be irrelevant but lets leave it all for some possible uses
port = all
banaction = iptables-allports
port = anyport
<= Duplicate optionlogpath = /var/log/auth.log
maxretry = 6
/etc/init.d/fail2ban start
fail2ban-client[49999]: ERROR Failed during configuration: While reading from '/etc/fail2ban/jail.conf'[line 164]: option 'port' in section 'pam-generic' already exists
The text was updated successfully, but these errors were encountered: