Hello list, Resending message in plain text I installed Fail2Ban - yum install fail2ban, gave me v0.9.1 This is Asterisk system, all I need is to block password attempts for asterisk. I'm NEW to Linux, so I'm just looking forward, i.e. CentOS7, systemd, firewalld... The only thing I did is configuredjail.local like so:
[DEFAULT] banaction = firewallcmd-ipset destemail = [email protected] backend = polling ;This option FIXED issue with CRITICAL crash on startup and fail2ban.log started to look as it should be [asterisk] enabled = true logpath = /var/log/asterisk/messages maxretry = 5 bantime = 86400 Main issue. Log looks correct but even from log you can tell it's not banning. Something going on with firewalld. No errors, but it's not taking those rules? Basically, looks like part of fail2ban which detects and takes on action works correctly, but actual "ban" part not working without any error? 2015-04-27 13:56:13,241 fail2ban.actions [2944]: NOTICE [asterisk] 212.129.1.26 already banned 2015-04-27 13:56:57,514 fail2ban.filter [2944]: INFO [asterisk] Found 212.129.1.26 2015-04-27 13:57:10,552 fail2ban.filter [2944]: INFO [asterisk] Found 212.129.1.26 2015-04-27 13:57:30,600 fail2ban.filter [2944]: INFO [asterisk] Found 212.129.1.26 2015-04-27 13:58:45,766 fail2ban.filter [2944]: INFO [asterisk] Found 212.129.1.26 2015-04-27 13:59:17,840 fail2ban.filter [2944]: INFO [asterisk] Found 212.129.1.26 2015-04-27 13:59:18,672 fail2ban.actions [2944]: NOTICE [asterisk] 212.129.1.26 already banned 2015-04-27 13:59:49,926 fail2ban.filter [2944]: INFO [asterisk] Found 212.129.1.26 2015-04-27 14:00:24,002 fail2ban.filter [2944]: INFO [asterisk] Found 212.129.1.26 If I restart service - service fail2ban restart - here is what I get, everything looks great, and I even get email (issue with sender was solved in other email) 2015-04-27 14:02:10,982 fail2ban.server [2944]: INFO Stopping all jails 2015-04-27 14:02:11,079 fail2ban.actions [2944]: NOTICE [asterisk] Unban 212.129.1.26 2015-04-27 14:02:11,291 fail2ban.actions [2944]: NOTICE [asterisk] Unban 212.83.187.182 2015-04-27 14:02:12,228 fail2ban.jail [2944]: INFO Jail 'asterisk' stopped 2015-04-27 14:02:12,239 fail2ban.server [2944]: INFO Exiting Fail2ban 2015-04-27 14:02:12,477 fail2ban.server [5140]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1 2015-04-27 14:02:12,478 fail2ban.database [5140]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2015-04-27 14:02:12,485 fail2ban.jail [5140]: INFO Creating new jail 'asterisk' 2015-04-27 14:02:12,485 fail2ban.jail [5140]: INFO Jail 'asterisk' uses poller 2015-04-27 14:02:12,511 fail2ban.filter [5140]: INFO Set jail log file encoding to UTF-8 2015-04-27 14:02:12,512 fail2ban.jail [5140]: INFO Initiated 'polling' backend 2015-04-27 14:02:12,521 fail2ban.filter [5140]: INFO Added logfile = /var/log/asterisk/messages 2015-04-27 14:02:12,522 fail2ban.filter [5140]: INFO Set maxRetry = 5 2015-04-27 14:02:12,523 fail2ban.filter [5140]: INFO Set jail log file encoding to UTF-8 2015-04-27 14:02:12,524 fail2ban.actions [5140]: INFO Set banTime = 86400 2015-04-27 14:02:12,525 fail2ban.filter [5140]: INFO Set findtime = 600 2015-04-27 14:02:12,657 fail2ban.jail [5140]: INFO Jail 'asterisk' started 2015-04-27 14:02:13,476 fail2ban.actions [5140]: NOTICE [asterisk] Ban 212.129.1.26 2015-04-27 14:02:14,311 fail2ban.actions [5140]: NOTICE [asterisk] Ban 212.83.187.182 Now if I reboot machine (important, not restarting service, rebooting server!) I get ERRORS in fail2ban.log It seems that fail2ban doesn't do permanent (or at least should do permanent) rules in firewalld. Can somebody help with WHAT need to be set/changed to get banning working ? 2015-04-27 14:03:40,109 fail2ban.server [5140]: INFO Stopping all jails 2015-04-27 14:03:41,074 fail2ban.actions [5140]: NOTICE [asterisk] Unban 212.129.1.26 2015-04-27 14:03:41,285 fail2ban.actions [5140]: NOTICE [asterisk] Unban 212.83.187.182 2015-04-27 14:03:41,915 fail2ban.action [5140]: ERROR firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p udp -m multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT --reject-with icmp-port-unreachable ipset flush fail2ban-asterisk-udp ipset destroy fail2ban-asterisk-udp -- stdout: 'Not using slip\n' 2015-04-27 14:03:41,915 fail2ban.action [5140]: ERROR firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p udp -m multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT --reject-with icmp-port-unreachable ipset flush fail2ban-asterisk-udp ipset destroy fail2ban-asterisk-udp -- stderr: 'Traceback (most recent call last):\n File "/usr/bin/firewall-cmd", line 703, in <module>\n fw = FirewallClient()\n File "<string>", line 2, in __init__\n File "/usr/lib/python2.7/site-packages/firewall/client.py", line 52, in handle_exceptions\n return func(*args, **kwargs)\n File "/usr/lib/python2.7/site-packages/firewall/client.py", line 1594, in __init__\n self.bus = dbus.SystemBus()\n File "/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 194, in __new__\n private=private)\n File "/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 100, in __new__\n bus = BusConnection.__new__(subclass, bus_type, mainloop=mainloop)\n File "/usr/lib64/python2.7/site-packages/dbus/bus.py", line 122, in __new__\n bus = cls._new_for_bus(address_or_type, mainloop=mainloop)\ndbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoServer: Failed to connect to socket /var/run/dbus/system_bus_socket: Connection refused \nipset v6.19: Set cannot be destroyed: it is in use by a kernel component\n' 2015-04-27 14:03:41,915 fail2ban.action [5140]: ERROR firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p udp -m multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT --reject-with icmp-port-unreachable ipset flush fail2ban-asterisk-udp ipset destroy fail2ban-asterisk-udp -- returned 1 2015-04-27 14:03:41,915 fail2ban.actions [5140]: ERROR Failed to stop jail 'asterisk' action 'firewallcmd-ipset-udp': Error stopping action 2015-04-27 14:03:42,222 fail2ban.action [5140]: ERROR firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-tcp src -j REJECT --reject-with icmp-port-unreachable ipset flush fail2ban-asterisk-tcp ipset destroy fail2ban-asterisk-tcp -- stdout: 'Not using slip\n' 2015-04-27 14:03:42,222 fail2ban.action [5140]: ERROR firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-tcp src -j REJECT --reject-with icmp-port-unreachable ipset flush fail2ban-asterisk-tcp ipset destroy fail2ban-asterisk-tcp -- stderr: 'Traceback (most recent call last):\n File "/usr/bin/firewall-cmd", line 703, in <module>\n fw = FirewallClient()\n File "<string>", line 2, in __init__\n File "/usr/lib/python2.7/site-packages/firewall/client.py", line 52, in handle_exceptions\n return func(*args, **kwargs)\n File "/usr/lib/python2.7/site-packages/firewall/client.py", line 1594, in __init__\n self.bus = dbus.SystemBus()\n File "/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 194, in __new__\n private=private)\n File "/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 100, in __new__\n bus = BusConnection.__new__(subclass, bus_type, mainloop=mainloop)\n File "/usr/lib64/python2.7/site-packages/dbus/bus.py", line 122, in __new__\n bus = cls._new_for_bus(address_or_type, mainloop=mainloop)\ndbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoServer: Failed to connect to socket /var/run/dbus/system_bus_socket: Connection refused \nipset v6.19: Set cannot be destroyed: it is in use by a kernel component\n' 2015-04-27 14:03:42,222 fail2ban.action [5140]: ERROR firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-tcp src -j REJECT --reject-with icmp-port-unreachable ipset flush fail2ban-asterisk-tcp ipset destroy fail2ban-asterisk-tcp -- returned 1 2015-04-27 14:03:42,223 fail2ban.actions [5140]: ERROR Failed to stop jail 'asterisk' action 'firewallcmd-ipset-tcp': Error stopping action 2015-04-27 14:03:42,223 fail2ban.jail [5140]: INFO Jail 'asterisk' stopped 2015-04-27 14:03:42,230 fail2ban.server [5140]: INFO Exiting Fail2ban ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
