[prev in list] [next in list] [prev in thread] [next in thread]
List: fail2ban-users
Subject: Re: [Fail2ban-users] Mail notifications not including whois info
From: Tommy <arsdaleids () gmail ! com>
Date: 2020-05-05 1:15:52
Message-ID: 594ABCBD-3019-4D99-9D4E-6877117A7C77 () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thank you very much. I opened an issue on the linuxserver/letsencrypt GitHub and they \
are going to change the Whois from busybox to something more effective. Thanks again. \
Thanks,
Dan
"Better is a poor man who walks in his integrity than a rich man who is crooked in \
his ways." - Proverbs 28:6
Sent from my iPad
> On May 4, 2020, at 4:52 AM, Tom Hendrikx <tom@whyscream.net> wrote:
>
> Hi,
>
> The whois binary from busybox is typically very simple, which explains the lack of \
> features.
> Normally, for an Ubuntu-based docker container, you could just add 'RUN apt-get \
> install -Y whois' to the dockerfile, and you'd be done.
> But from both the dockerfile and the website of linuxserver.io, I can't even make \
> out which distro it is based on. So you'd better ask your question in a \
> linuxserver.io related forum.
> Kind regards,
> Tom
>
> > On 02-05-2020 19:40, arsdaleids@gmail.com wrote:
> > When I run:
> > sudo docker exec -it letsencrypt ls -la /usr/bin
> > This is what I get:
> > lrwxrwxrwx 1 root root 12 Mar 26 18:40 whois -> /bin/busybox
> > *From:* Tom Hendrikx <tom@whyscream.net>
> > *Sent:* Saturday, May 2, 2020 10:10 AM
> > *To:* fail2ban-users@lists.sourceforge.net
> > *Subject:* Re: [Fail2ban-users] Mail notifications not including whois info
> > Hi,
> > there are may dofferent whois clients (it's a simply binary which can query \
> > various whois servers around the world. Not all whois clients support all \
> > features. It seems that (from your example) the whois client on your docker host \
> > supports querying by ip-address, but the whois binary inside the 'letsencrypt' \
> > docker container doesn't. Maybe you can install a different whois package in the \
> > container, this depends on the distro the container was based on. My ubuntu 18.04 \
> > desktop lists at least 3 commandline whois clients in the default repository. \
> > Kind regards, Tom
> > On 02-05-2020 15:42, arsdaleids@gmail.com <mailto:arsdaleids@gmail.com> wrote:
> > Hello,
> > I recently installed Fail2Ban along with nginx using the
> > linuxserver/letsencrpt docker. I love it. It has solved a long
> > term problem for me and made my network run much smoother. I have
> > ironed out all my install problems but one, which has been driving
> > me crazy.
> > In jail.local, I use action = %(action_mwl)s as my default action
> > and after tailoring e-mail notification settings in
> > sendmail-whois-lines.local with
> > Fail2Ban" ) | /usr/sbin/sendmail -t -v -H 'exec openssl s_client
> > -quiet -tls1 -starttls smtp -connect smtp.gmail.com:587'
> > -aumyusername -apmyapppassword <dest> it works great except for one
> > issue.
> > I believe the default action uses sendmail-whois-lines.conf
> > This is what I always get in the response:
> > [Querying whois.iana.org:43 '122.166.7.73'] [Querying
> > whois.iana.org:43 'domain 122.166.7.73'] [whois.iana.org] % IANA
> > WHOIS server % for more information on IANA, visit
> > http://www.iana.org % % Error: Invalid query domain 122.166.7.73
> > In an effort to figure things out, I have tried
> > 1. /usr/bin/whois 107.33.23.17 which is successful
> > 2. sudo docker exec -it letsencrypt whois google.com which is
> > successful
> > 3. sudo docker exec -it letsencrypt whois 122.166.7.73 which fails
> > with the above error message.
> > I am relatively new to docker, but here is my docker-compose:
> > version: "2"
> > services:
> > letsencrypt: # https://github.com/linuxserver/docker-letsencrypt
> > container_name: letsencrypt
> > image: linuxserver/letsencrypt:latest
> > restart: unless-stopped
> > cap_add:
> > - NET_ADMIN
> > volumes:
> > - /home/user/docker/letsencrypt/config:/config
> > - /etc/localtime:/etc/localtime:ro
> > environment:
> > - PGID=xxxx
> > - PUID=xxxx
> > - EMAIL=my_email@gmail.com <mailto:EMAIL=my_email@gmail.com>
> > - URL=myduckdns.duckdns.org
> > - SUBDOMAINS=wildcard
> > - VALIDATION=duckdns
> > - TZ=America/New_york
> > - DUCKDNSTOKEN=myxxxxxduckdnsxxxxxtoken
> > ports:
> > - "80:80"
> > - "443:443"
> > Any help would be greatly appreciated.
> > Thanks,
> > Dan
> > _______________________________________________
> > Fail2ban-users mailing list
> > Fail2ban-users@lists.sourceforge.net \
> > <mailto:Fail2ban-users@lists.sourceforge.net> \
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users \
> > _______________________________________________ Fail2ban-users mailing list
> > Fail2ban-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
[Attachment #5 (text/html)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto">Thank you very much. I opened an issue on the \
linuxserver/letsencrypt GitHub and they are going to change the Whois from busybox to \
something more effective. Thanks again. <br><br><div dir="ltr"><p \
class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: \
rgba(255, 255, 255, 0);">Thanks,<o:p></o:p></span></p><p class="MsoNormal" \
style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, \
0);">Dan</span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span \
style="background-color: rgba(255, 255, 255, 0);"><br>"Better is a poor man who walks \
in his integrity than a rich man who is crooked in his ways." - Proverbs \
28:6</span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span \
style="background-color: rgba(255, 255, 255, 0);"><br></span></p><p class="MsoNormal" \
style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, \
0);">Sent from my iPad</span></p></div><div dir="ltr"><br><blockquote type="cite">On \
May 4, 2020, at 4:52 AM, Tom Hendrikx <tom@whyscream.net> \
wrote:<br><br></blockquote></div><blockquote type="cite"><div \
dir="ltr"><span>Hi,</span><br><span></span><br><span>The whois binary from busybox \
is typically very simple, which explains the lack of \
features.</span><br><span></span><br><span>Normally, for an Ubuntu-based docker \
container, you could just add 'RUN apt-get install -Y whois' to the dockerfile, and \
you'd be done.</span><br><span></span><br><span>But from both the dockerfile and the \
website of linuxserver.io, I can't even make out which distro it is based on. So \
you'd better ask your question in a linuxserver.io related \
forum.</span><br><span></span><br><span>Kind regards,</span><br><span> \
Tom</span><br><span></span><br><span>On 02-05-2020 19:40, arsdaleids@gmail.com \
wrote:</span><br><blockquote type="cite"><span>When I \
run:</span><br></blockquote><blockquote type="cite"><span>sudo docker exec -it \
letsencrypt ls -la /usr/bin</span><br></blockquote><blockquote type="cite"><span>This \
is what I get:</span><br></blockquote><blockquote \
type="cite"><span>lrwxrwxrwx 1 root root 12 \
Mar 26 18:40 whois -> /bin/busybox</span><br></blockquote><blockquote \
type="cite"><span>*From:* Tom Hendrikx \
<tom@whyscream.net></span><br></blockquote><blockquote \
type="cite"><span>*Sent:* Saturday, May 2, 2020 10:10 \
AM</span><br></blockquote><blockquote type="cite"><span>*To:* \
fail2ban-users@lists.sourceforge.net</span><br></blockquote><blockquote \
type="cite"><span>*Subject:* Re: [Fail2ban-users] Mail notifications not including \
whois info</span><br></blockquote><blockquote \
type="cite"><span>Hi,</span><br></blockquote><blockquote type="cite"><span>there are \
may dofferent whois clients (it's a simply binary which can query various whois \
servers around the world. Not all whois clients support all features. It seems that \
(from your example) the whois client on your docker host supports querying by \
ip-address, but the whois binary inside the 'letsencrypt' docker container \
doesn't.</span><br></blockquote><blockquote type="cite"><span>Maybe you can install a \
different whois package in the container, this depends on the distro the container \
was based on. My ubuntu 18.04 desktop lists at least 3 commandline whois clients in \
the default repository.</span><br></blockquote><blockquote type="cite"><span>Kind \
regards,</span><br></blockquote><blockquote type="cite"><span> \
Tom</span><br></blockquote><blockquote type="cite"><span>On 02-05-2020 15:42, \
arsdaleids@gmail.com <mailto:arsdaleids@gmail.com> \
wrote:</span><br></blockquote><blockquote type="cite"><span> \
Hello,</span><br></blockquote><blockquote type="cite"><span> \
I recently installed Fail2Ban along with nginx using \
the</span><br></blockquote><blockquote type="cite"><span> \
linuxserver/letsencrpt docker. I love it. It has solved \
a long</span><br></blockquote><blockquote type="cite"><span> term \
problem for me and made my network run much smoother. I \
have</span><br></blockquote><blockquote type="cite"><span> ironed \
out all my install problems but one, which has been \
driving</span><br></blockquote><blockquote type="cite"><span> me \
crazy.</span><br></blockquote><blockquote type="cite"><span> In \
jail.local, I use action = %(action_mwl)s as my default \
action</span><br></blockquote><blockquote type="cite"><span> and \
after tailoring e-mail notification settings in</span><br></blockquote><blockquote \
type="cite"><span> sendmail-whois-lines.local \
with</span><br></blockquote><blockquote type="cite"><span> \
Fail2Ban" ) | /usr/sbin/sendmail -t -v -H 'exec openssl \
s_client</span><br></blockquote><blockquote type="cite"><span> \
-quiet -tls1 -starttls smtp -connect \
smtp.gmail.com:587'</span><br></blockquote><blockquote type="cite"><span> \
-aumyusername -apmyapppassword <dest> it works great \
except for one</span><br></blockquote><blockquote type="cite"><span> \
issue.</span><br></blockquote><blockquote type="cite"><span> \
I believe the default action uses \
sendmail-whois-lines.conf</span><br></blockquote><blockquote type="cite"><span> \
This is what I always get in the \
response:</span><br></blockquote><blockquote type="cite"><span> \
[Querying whois.iana.org:43 '122.166.7.73'] \
[Querying</span><br></blockquote><blockquote type="cite"><span> \
whois.iana.org:43 'domain 122.166.7.73'] [whois.iana.org] % \
IANA</span><br></blockquote><blockquote type="cite"><span> WHOIS \
server % for more information on IANA, visit</span><br></blockquote><blockquote \
type="cite"><span> http://www.iana.org % % Error: Invalid query \
domain 122.166.7.73</span><br></blockquote><blockquote type="cite"><span> \
In an effort to figure things out, I have \
tried</span><br></blockquote><blockquote type="cite"><span> \
1. /usr/bin/whois 107.33.23.17 which is \
successful</span><br></blockquote><blockquote type="cite"><span> \
2. sudo docker exec -it letsencrypt whois google.com which \
is</span><br></blockquote><blockquote type="cite"><span> \
successful</span><br></blockquote><blockquote \
type="cite"><span> 3. sudo docker exec -it letsencrypt whois \
122.166.7.73 which fails</span><br></blockquote><blockquote type="cite"><span> \
with the above error \
message.</span><br></blockquote><blockquote type="cite"><span> I am \
relatively new to docker, but here is my \
docker-compose:</span><br></blockquote><blockquote type="cite"><span> \
version: "2"</span><br></blockquote><blockquote type="cite"><span> \
services:</span><br></blockquote><blockquote type="cite"><span> \
letsencrypt: # \
https://github.com/linuxserver/docker-letsencrypt</span><br></blockquote><blockquote \
type="cite"><span> container_name: \
letsencrypt</span><br></blockquote><blockquote type="cite"><span> \
image: \
linuxserver/letsencrypt:latest</span><br></blockquote><blockquote type="cite"><span> \
restart: \
unless-stopped</span><br></blockquote><blockquote type="cite"><span> \
\
cap_add:</span><br></blockquote><blockquote type="cite"><span> \
- \
NET_ADMIN</span><br></blockquote><blockquote type="cite"><span> \
\
volumes:</span><br></blockquote><blockquote type="cite"><span> \
- \
/home/user/docker/letsencrypt/config:/config</span><br></blockquote><blockquote \
type="cite"><span> - \
/etc/localtime:/etc/localtime:ro</span><br></blockquote><blockquote \
type="cite"><span> \
environment:</span><br></blockquote><blockquote type="cite"><span> \
- \
PGID=xxxx</span><br></blockquote><blockquote type="cite"><span> \
- \
PUID=xxxx</span><br></blockquote><blockquote type="cite"><span> \
- EMAIL=my_email@gmail.com \
<mailto:EMAIL=my_email@gmail.com></span><br></blockquote><blockquote \
type="cite"><span> - \
URL=myduckdns.duckdns.org</span><br></blockquote><blockquote type="cite"><span> \
- \
SUBDOMAINS=wildcard</span><br></blockquote><blockquote type="cite"><span> \
- \
VALIDATION=duckdns</span><br></blockquote><blockquote type="cite"><span> \
- \
TZ=America/New_york</span><br></blockquote><blockquote type="cite"><span> \
- \
DUCKDNSTOKEN=myxxxxxduckdnsxxxxxtoken</span><br></blockquote><blockquote \
type="cite"><span> \
ports:</span><br></blockquote><blockquote type="cite"><span> \
- \
"80:80"</span><br></blockquote><blockquote type="cite"><span> \
- \
"443:443"</span><br></blockquote><blockquote type="cite"><span> Any \
help would be greatly appreciated.</span><br></blockquote><blockquote \
type="cite"><span> Thanks,</span><br></blockquote><blockquote \
type="cite"><span> Dan</span><br></blockquote><blockquote \
type="cite"><span> _______________________________________________</span><br></blockquote><blockquote \
type="cite"><span> Fail2ban-users mailing \
list</span><br></blockquote><blockquote type="cite"><span> \
Fail2ban-users@lists.sourceforge.net \
<mailto:Fail2ban-users@lists.sourceforge.net></span><br></blockquote><blockquote \
type="cite"><span> https://lists.sourceforge.net/lists/listinfo/fail2ban-users</span><br></blockquote><blockquote \
type="cite"><span>_______________________________________________</span><br></blockquote><blockquote \
type="cite"><span>Fail2ban-users mailing list</span><br></blockquote><blockquote \
type="cite"><span>Fail2ban-users@lists.sourceforge.net</span><br></blockquote><blockquote \
type="cite"><span>https://lists.sourceforge.net/lists/listinfo/fail2ban-users</span><b \
r></blockquote><span></span><br><span></span><br><span></span><br><span>_______________________________________________</span><br><span>Fail2ban-users \
mailing list</span><br><span>Fail2ban-users@lists.sourceforge.net</span><br><span>http \
s://lists.sourceforge.net/lists/listinfo/fail2ban-users</span><br></div></blockquote></body></html>
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic