关于python的fail2ban错误？

我刚刚在我的debian7机器上安装了fail2ban，但每当我启动它，我得到了很多似乎是关于python的错误？

[....] Restarting authentication failure monitor: fail2banTraceback (most recent call last): File "/usr/bin/fail2ban-client", line 404, in <module> if client.start(sys.argv): File "/usr/bin/fail2ban-client", line 373, in start return self.__processCommand(args) File "/usr/bin/fail2ban-client", line 183, in __processCommand ret = self.__readConfig() File "/usr/bin/fail2ban-client", line 378, in __readConfig ret = self.__configurator.getOptions() File "/usr/share/fail2ban/client/configurator.py", line 68, in getOptions return self.__jails.getOptions(jail) File "/usr/share/fail2ban/client/jailsreader.py", line 67, in getOptions ret = jail.getOptions() File "/usr/share/fail2ban/client/jailreader.py", line 73, in getOptions self.__opts = ConfigReader.getOptions(self, self.__name, opts) File "/usr/share/fail2ban/client/configreader.py", line 87, in getOptions v = self.get(sec, option[1]) File "/usr/lib/python2.7/ConfigParser.py", line 623, in get return self._interpolate(section, option, value, d) File "/usr/lib/python2.7/ConfigParser.py", line 691, in _interpolate self._interpolate_some(option, L, rawval, section, vars, 1) File "/usr/lib/python2.7/ConfigParser.py", line 723, in _interpolate_some option, section, rest, var) ConfigParser.InterpolationMissingOptionError: Bad value substitution: section: [pam-generic] option : action key : action_mwl rawval : failed!

我真的不知道如何debugging这一个，因为我对Python有零知识，但我仍然假设它只是在安装过程中或错过了在jail.conf的东西。这是我的jail.conf：

 [DEFAULT] ignoreip = 127.0.0.1 bantime = 18000 destemail = [email protected] banaction = iptables-multiport action = %(action_mwl)s # JAILS [ssh] enabled = true port = 7463 action = iptables filter = sshd logpath = /var/log/auth.log maxretry = 3 [pam-generic] enabled = true banaction = iptables-allports [ssh-ddos] enabled = true [nginx-auth] enabled = true filter = nginx-auth action = iptables-multiport[name=NoAuthFailures, port="http,https"] logpath = /var/log/nginx*/*error*.log bantime = 600 maxretry = 6 [nginx-login] enabled = true filter = nginx-login action = iptables-multiport[name=NoLoginFailures, port="http,https"] logpath = /var/log/nginx*/*access*.log bantime = 600 maxretry = 6 [nginx-badbots] enabled = true filter = apache-badbots action = iptables-multiport[name=BadBots, port="http,https"] logpath = /var/log/nginx*/*access*.log bantime = 86400 # 1 day maxretry = 1 [nginx-noscript] enabled = true action = iptables-multiport[name=NoScript, port="http,https"] filter = nginx-noscript logpath = /var/log/nginx*/*access*.log maxretry = 6 bantime = 86400 # 1 day

我已经在/filters.d/上为nginx-auth，nginx-login，nginx-proxy和nginx-noscript制作了filter

我也安装了Python 2.7.3。

从我在configuration文件中看到的错误以及出现的错误，[pam-generic]的操作选项不能使用默认值（在该部分没有任何操作声明）：

 ConfigParser.InterpolationMissingOptionError: Bad value substitution: section: [pam-generic] option : action key : action_mwl rawval :

我不知道这会是一个很好的价值，但我会朝这个方向发展。最坏的情况，如果你只需要过滤nginx，你可以删除该部分，并testing它是否启动。

关键的“action_mwl”没有在你的jail.conf中定义。

在默认的jail.conf（至less在Ubuntu上）已经定义了。 build议将jail.conf保留原样，并将自己的定义放在jail.local中。

来自stock jail.conf（Ubuntu 12.04）的action_mwl：

 action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

您尚未在[pam-generic]部分中定义以下内容：

 filter logpath

filter将是默认的action_mwl，但是logpath不是默认的。

logpath是log，其中fail2ban发现exception，并且对于jail.conf每个部分都是强制的。

同样的问题将在[ssh-ddos]中。