I use fail2ban on some of my servers, along with the “jwhois” application (to automatically return whois info in the automated fail2ban emails I receive).
I noticed that 18.104.22.168 was coming back in my emails as follows:
[Querying whois.v6nic.net] [Unable to connect to remote host] missing whois program
This is because v6nic.net is defunct and has been taken over by a cybersquatter (discussion about this on the Red Hat Bugzilla). The whois server whois.apnic.net works adequately in its place.
The version of jwhois available from the epel repo for el6 (CentOS 6) is out of date:
jwhois.x86_64 4.0-19.el6 @base
rpmfind lists 4.0-43 for Fedora Core 24 as the latest version, but this isn’t compatible (loads of dependency issues if you try and manually install).
So, let’s fix it manually.
jwhois derives its list of whois servers from
/etc/jwhois.conf (by default). Let’s do a search/replace all with nano.
Assuming nano is installed (
sudo yum install nano -y) do the following:
whois.v6nic.net and press Enter
whois.apnic.net and press Enter
A to replace all found instances
Ctrl X to exit, then
Y to save the changed file.
Related reading, if you’ve got nothing else to do…