You can remove files that are not being used in the filter.d and
action.d directories I have done this to reduce the "noise" when I ls
from a terminal the error is really the OS telling you that too many
file are already open and it can't open another one. There are more
reasons for this than you can shake a stick at to use a favorite phrase
of my great grand mother. The first question I would have are you
running a server that has a lot of concurrent connections? The second
question is are you running a server or application that opens a lot of
files but never closes them? The third question is are you using
iptables as you firewall?
Here is a quick thread on the open file limit subject:
http://stackoverflow.com/questions/18280612/ioerror-errno-24-too-many-open-files
On Mon, 2015-08-24 at 13:16 -0500, Michael Schwager wrote:
> Yes.
>
>
>
> systemd-208-26.fc20.x86_64
> systemd-libs-208-26.fc20.x86_64
> systemd-python-208-26.fc20.x86_64
>
>
>
>
> On Mon, Aug 24, 2015 at 11:36 AM, Harrison Johnson
> <[email protected]> wrote:
>
> Did you install the systemd package?
>
>
>
> On Mon, 2015-08-24 at 08:57 -0500, Michael Schwager wrote:
>
> > Hello,
> > I have fail2ban 0.9 on Fedora 20. I notice in my log files
> > that when I start fail2ban I get the following error
> > messages. I think maybe it's because
> > the /etc/fail2ban/filters.d directory has too much stuff in
> > it...? But if I try to move things out of there I get some
> > errors about the regex's. Or do I need to set ulimit? Any
> > advice would be appreciated. I'll include my fail2ban.conf
> > file after the following errors.
> >
> >
> > I notice there's a whole lot of stuff in jail.conf that I
> > don't need, but it says specifically to not edit it so I
> > have not.
> >
> >
> > Here are the errors:
> >
> >
> > 2015-08-24 08:42:49,660 fail2ban.server.jail[19511]: INFO
> > Initiated 'systemd' backend
> > 2015-08-24 08:42:49,663 fail2ban.server.filter[19511]: INFO
> > Set maxRetry = 3
> > 2015-08-24 08:42:49,665 fail2ban.server.actions[19511]:
> > INFO Set banTime = 600
> > 2015-08-24 08:42:49,667 fail2ban.server.filter[19511]: INFO
> > Set findtime = 600
> > 2015-08-24 08:42:49,670 fail2ban.server.filter[19511]: INFO
> > Date pattern set to `'^L %d/%m/%Y - %H:%M:%S'`: `^L Da
> > y/Month/Year - 24hour:Minute:Second`
> > 2015-08-24 08:42:49,690 fail2ban.server.jail[19511]: INFO
> > Jail 'sshd' started
> > 2015-08-24 08:42:49,690 fail2ban.server.action[19511]: ERROR
> > iptables -N f2b-sshd
> > iptables -A f2b-sshd -j RETURN
> > iptables -I INPUT -p tcp -m multiport --dports ssh -j
> > f2b-sshd -- failed with [Errno 24] Too many open files
> > 2015-08-24 08:42:49,690 fail2ban.server.actions[19511]:
> > ERROR Failed to start jail 'sshd' action
> > 'iptables-multipor
> > t': local variable 'retcode' referenced before assignment
> > 2015-08-24 08:42:49,696 fail2ban.server.jail[19511]: INFO
> > Jail 'sshd-ddos' started
> > 2015-08-24 08:42:49,698 fail2ban.server.actions[19511]:
> > ERROR Failed to start jail 'sshd-ddos' action
> > 'iptables-mul
> > tiport': [Errno 24] Too many open files:
> > '/tmp/fai2ban_Kfztgy.stderr'
> >
> >
> >
> >
> > # grep -v "^#" /etc/fail2ban/fail2ban.conf
> >
> >
> > [Definition]
> > loglevel = INFO
> >
> > logtarget = /var/log/fail2ban.log
> >
> > socket = /var/run/fail2ban/fail2ban.sock
> >
> > pidfile = /var/run/fail2ban/fail2ban.pid
> >
> > dbfile = /var/lib/fail2ban/fail2ban.sqlite3
> >
> > dbpurgeage = 86400
> >
> >
> >
> > (notice that my IP address has been munged to protect me...)
> >
> >
> > # grep -v '^#' /etc/fail2ban/jail.local
> > [INCLUDES]
> >
> >
> > [DEFAULT]
> > ignoreip = 127.0.0.1/8 X.Y.Z.A
> > bantime = 600
> >
> > findtime = 600
> >
> > maxretry = 3
> >
> > backend = systemd
> >
> > usedns = no
> > enabled = true
> > filter = %(__name__)s
> > destemail = root@localhost
> >
> > sender = root@localhost
> >
> >
> >
> > [sshd]
> >
> > port = ssh
> >
> > logpath = %(sshd_log)s
> > enabled = true
> >
> >
> > [sshd-ddos]
> > port = ssh
> > logpath = %(sshd_log)s
> >
> >
> > [dropbear]
> > port = ssh
> >
> > logpath = %(dropbear_log)s
> >
> >
> > [selinux-ssh]
> >
> > port = ssh
> >
> > logpath = %(auditd_log)s
> > maxretry = 5
> >
> >
> > --
> > -Mike Schwager
> >
> >
> ------------------------------------------------------------------------------
> > _______________________________________________
> > Fail2ban-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
>
>
>
>
>
> --
>
> -Mike Schwager
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
