On one of my server whois was not installed with fail2ban, I just installed it by the software center, just after the installation I tried to be banned by my server, once done I received the email with the whois output of the IP.
I cannot reproduce, please go to logs (fail2ban) and try to see if something warn inside, try also to reinstall
The server was installed from scratch as email server only, around two weeks ago, using the last NS ISO.
As usual, after first login, I made all the updates and then I have installed necessary modules for email server.
This function, whois, did not work from the beginning but I had no time to write about it.
Till yesterday, I removed and reinstalled F2B module, with and without the whois package, for couple of times, without success to make it functionally.
I hope at the end of the week I will have time to reinstall from scratch the server.
I will keep you informed about this.
Thank you for your time!
Well…we have no settings to detect and triggers the whois informations, this is an internal fail2ban issue. If you can gather some logs/warns/things we could make an upstream bug, without these it is useless
Out of ideas, its clear the problem is not missing whois, the message “missing whois program” is misleading.
@GG_jr whois 8.8.8.8 returns Unable to connect to remote host ; which probably is whois.arin.net (not sure about the later).
does curl whois.arin.net give a ‘normal’ response?
[root@ ~]# curl whois.arin.net
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://whois.arin.net/ui/">here</a>.</p>
</body></html>
@stephdl: There is other way than from Software center to remove all F2B and all dependencies (whois, jwhois, pwhois, perl-net-whois-ip, perl-net-whois-raw, …)?
My NS email server is placed in DMZ.
For outgoing traffic from DMZ to WAN, I open only necessary ports.
During tests with @mark_nl (thank you again!), I thought that Whois service need an open port to communicate with whois.arin.net.
“I asked” Google to tell me which ports must be opened on firewall to reach whois.arin.net. And Google told me! VIVA LAS … GOOGLE!