Hi!
I am using fail2ban and very happy with that. But I have one use case where
behavior is not optimal.
I store my iptables rules in a file an occasionally run iptables-restore if
I have modified the rule set.
After I have done this, I see the following errors in fail2ban-log:
2015-11-16 07:58:26,043 fail2ban.action [3074]: ERROR iptables -D
INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
iptables -F f2b-sshd
iptables -X f2b-sshd -- stdout: b''
2015-11-16 07:58:26,044 fail2ban.action [3074]: ERROR iptables -D
INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
iptables -F f2b-sshd
iptables -X f2b-sshd -- stderr: b"iptables v1.4.21: Couldn't load target
`f2b-sshd':No such file or directory\n\nTry `iptables -h' or 'iptables
--help' for more information.\niptables: No chain/target/m$
2015-11-16 07:58:26,044 fail2ban.action [3074]: ERROR iptables -D
INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
iptables -F f2b-sshd
iptables -X f2b-sshd -- returned 1
2015-11-16 07:58:26,044 fail2ban.actions [3074]: ERROR Failed to
execute ban jail 'sshd' action 'iptables-multiport' info
'CallingMap({'ipmatches': <function Actions.__checkBan.<locals>.<lambda$
I think this is because the iptables entries for fail2ban have been
flushed, and it is trying to restore them - but cannot find the iptables
executable.
I have to do a sudo service fail2bank stop and then start to resolve this
issue. That restores iptables entries for fail2ban and fixes the issue.
I've examined the /etc/init.d/fail2ban script and find:
PATH=/usr/sbin:/usr/bin:/sbin:/bin
iptables is in /sbin, but it seems to use this PATH variable just when it
starts up - because it manages to set iptables rules OK on start - but not
when running.
I see that fail2ban process runs as root (from htop):
3580 root 20 0 282M 18196 6516 S 0.0 0.9 0:06.90 ├─
/usr/bin/python3 /usr/bin/fail2ban-server -s
/var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
I would rather not add fail2ban entries to my iptables rule file - but I
hope there is somehow to make fail2ban being able to execute iptables
runtime. A path variable somewhere that I can set to include /sbin.
Any ideas?
Best regards,
Stein Rune Risa
------------------------------------------------------------------------------
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
