I have installed Fail2ban module from Software center with “whois” package selected to be installed during Fail2ban module installation.
However, when I receive email with banned IP, I’m notified that “whois” program is missing.
On the other hand, in NS documentation, at Fail2ban section is written:
“If you desire to query the IP whois database and obtain the origin of the banned IP by email, you could Install the whois rpm.”
In this moment, it is sure that what is written in NS documentation is correct, but
in this case, the option to install “whois” package from Software center must be eliminated.
IMO, is better to have this option in Software center and the NS documentation to be corrected.
Ok, sorry!
I have installed Fail2ban with whois option.
When I receive a notification email with banned IP, the message say that the whois program is missing.
On one of my server whois was not installed with fail2ban, I just installed it by the software center, just after the installation I tried to be banned by my server, once done I received the email with the whois output of the IP.
I cannot reproduce, please go to logs (fail2ban) and try to see if something warn inside, try also to reinstall
The server was installed from scratch as email server only, around two weeks ago, using the last NS ISO.
As usual, after first login, I made all the updates and then I have installed necessary modules for email server.
This function, whois, did not work from the beginning but I had no time to write about it.
Till yesterday, I removed and reinstalled F2B module, with and without the whois package, for couple of times, without success to make it functionally.
I hope at the end of the week I will have time to reinstall from scratch the server.
I will keep you informed about this.
Thank you for your time!
Well…we have no settings to detect and triggers the whois informations, this is an internal fail2ban issue. If you can gather some logs/warns/things we could make an upstream bug, without these it is useless
Out of ideas, its clear the problem is not missing whois, the message “missing whois program” is misleading.
@GG_jr whois 8.8.8.8 returns Unable to connect to remote host ; which probably is whois.arin.net (not sure about the later).
does curl whois.arin.net give a ‘normal’ response?
[root@ ~]# curl whois.arin.net
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://whois.arin.net/ui/">here</a>.</p>
</body></html>