Re: [Fail2ban-users] CentOS 7.2 fail2ban not correct working?

Günther J . Niederwimmer Sun, 21 Aug 2016 03:24:44 -0700

Hello
Am Samstag, 20. August 2016, 13:25:24 schrieb Bruno Miguel Queiros:
> Tried disabling firewalld and going with regular iptables?


On the Internet all say firewalld is working, and it is working, but only with 
CentOS 7.0 (????), but after update it is broken why???

this is my jail.local
#
[DEFAULT]
bantime = 2592000
findtime = 3600
ignoreip = 127.0.0.1/8 192.168.55.0/24 192.168.100.0/24 
maxretry = 2

#
[sshd-ddos]
enabled = true

[sshd]
enabled = true

[selinux-ssh]
enabled = true

and this thousands off Errors
2016-08-21 11:09:33,565 fail2ban.actions        [2066]: ERROR   Failed to 
execute ban jail 'sshd' action 'firewallcmd-ipset' info 
'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8baa0>, 
'matches': '2016-06-18T13:12:13.154635 yyy.xxxxx.com sshd[3705]: Invalid user 
john from 95.211.190.210\n2016-06-18T13:12:13.590404 yyy.xxxxx.com sshd[3707]: 
Invalid user nagios from 95.211.190.210', 'ip': '95.211.190.210', 'ipmatches': 
<function <lambda> at 0x7f19e1d8ba28>, 'ipfailures': <function <lambda> at 
0x7f19e1d8b9b0>, 'time': 1471770573.462379, 'failures': 2, 'ipjailfailures': 
<function <lambda> at 0x7f19e1d8b938>})': Error banning 95.211.190.210
2016-08-21 11:09:33,565 fail2ban.actions        [2066]: NOTICE  [sshd] Ban 
97.74.232.35
2016-08-21 11:09:33,668 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- stdout: ''
2016-08-21 11:09:33,668 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- stderr: 'ipset v6.19: The 
set with the given name does not exist\n'
2016-08-21 11:09:33,668 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- returned 1
2016-08-21 11:09:33,668 fail2ban.actions        [2066]: ERROR   Failed to 
execute ban jail 'sshd' action 'firewallcmd-ipset' info 
'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8b9b0>, 
'matches': '2016-08-14T16:19:53.289264 yyy.xxxxx.com sshd[24915]: Invalid user 
guest from 97.74.232.35\n2016-08-14T16:19:54.661401 yyy.xxxxx.com sshd[24917]: 
Invalid user pi from 97.74.232.35', 'ip': '97.74.232.35', 'ipmatches': 
<function <lambda> at 0x7f19e1d8b938>, 'ipfailures': <function <lambda> at 
0x7f19e1d8ba28>, 'time': 1471770573.565505, 'failures': 2, 'ipjailfailures': 
<function <lambda> at 0x7f19e1d8baa0>})': Error banning 97.74.232.35
2016-08-21 11:09:33,668 fail2ban.actions        [2066]: NOTICE  [sshd] Ban 
98.142.52.44
2016-08-21 11:09:33,771 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- stdout: ''
2016-08-21 11:09:33,771 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- stderr: 'ipset v6.19: The 
set with the given name does not exist\n'
2016-08-21 11:09:33,771 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- returned 1
2016-08-21 11:09:33,771 fail2ban.actions        [2066]: ERROR   Failed to 
execute ban jail 'sshd' action 'firewallcmd-ipset' info 
'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8ba28>, 
'matches': '2016-06-08T15:27:16.145465 yyy.xxxxx.com sshd[20294]: Invalid user 
a from 98.142.52.44\n2016-06-08T15:27:19.797928 yyy.xxxxx.com sshd[20297]: 
Invalid user ajay from 98.142.52.44', 'ip': '98.142.52.44', 'ipmatches': 
<function <lambda> at 0x7f19e1d8baa0>, 'ipfailures': <function <lambda> at 
0x7f19e1d8b938>, 'time': 1471770573.668562, 'failures': 2, 'ipjailfailures': 
<function <lambda> at 0x7f19e1d8b9b0>})': Error banning 98.142.52.44
2016-08-21 11:09:33,771 fail2ban.actions        [2066]: NOTICE  [sshd] Ban 
98.254.171.195
2016-08-21 11:09:33,874 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- stdout: ''
2016-08-21 11:09:33,874 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- stderr: 'ipset v6.19: 
The set with the given name does not exist\n'
2016-08-21 11:09:33,874 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- returned 1
2016-08-21 11:09:33,874 fail2ban.actions        [2066]: ERROR   Failed to 
execute ban jail 'sshd' action 'firewallcmd-ipset' info 
'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8b938>, 
'matches': '2016-06-01T03:21:56.504682 yyy.xxxxx.com sshd[8392]: Invalid user 
ubnt from 98.254.171.195\n2016-06-01T03:22:42.468330 yyy.xxxxx.com sshd[8473]: 
Invalid user pi from 98.254.171.195', 'ip': '98.254.171.195', 'ipmatches': 
<function <lambda> at 0x7f19e1d8b9b0>, 'ipfailures': <function <lambda> at 
0x7f19e1d8baa0>, 'time': 1471770573.771765, 'failures': 2, 'ipjailfailures': 
<function <lambda> at 0x7f19e1d8ba28>})': Error banning 98.254.171.195


is ipset broken v6.19 or iptables v1.4.21 and or 
 fail2ban-sendmail-0.9.3-1.el7.noarch
 fail2ban-firewalld-0.9.3-1.el7.noarch
 fail2ban-0.9.3-1.el7.noarch
 fail2ban-server-0.9.3-1.el7.noarch

I mean this is not only my problem :-((. 

> Às 11:31 de 20-08-2016, Günther J. Niederwimmer escreveu:
> > Hello,
> > 
> > I mean I have a big Problem with fail2ban :-(
> > when I make a restart / reload or reboot from fail2ban afterward my
> > firewalld status found this
> > 
> > ● firewalld.service - firewalld - dynamic firewall daemon
> > 
> >     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
> >     vendor
> > 
> > preset: enabled)
> > 
> >     Active: active (running) since Sa 2016-08-20 12:08:27 CEST; 4min 50s
> >     ago
> >   
> >   Main PID: 13158 (firewalld)
> >   
> >     CGroup: /system.slice/firewalld.service
> >     
> >             └─13158 /usr/bin/python -Es /usr/sbin/firewalld --nofork
> >             --nopid
> > 
> > Aug 20 12:12:23 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:23
> > ERROR:
> > NOT_ENABLED
> > Aug 20 12:12:24 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:24
> > ERROR:
> > NOT_ENABLED
> > Aug 20 12:12:25 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:25
> > ERROR:
> > NOT_ENABLED
> > Aug 20 12:12:27 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:27
> > ERROR:
> > NOT_ENABLED
> > Aug 20 12:12:27 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:27
> > ERROR:
> > NOT_ENABLED
> > Aug 20 12:12:28 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:28
> > ERROR:
> > NOT_ENABLED
> > Aug 20 12:12:29 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:29
> > ERROR:
> > NOT_ENABLED
> > Aug 20 12:12:30 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:30
> > ERROR:
> > NOT_ENABLED
> > Aug 20 12:12:31 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:31
> > ERROR:
> > NOT_ENABLED
> > Aug 20 12:12:31 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:31
> > ERROR:
> > NOT_ENABLED
> > 
> > fail2ban is working "normal" no errors
> > 
> > This is a installation from EPEL with all Updates ???
> > 
> > I don't change nothing only I make a jail.local for enabling filters
> > 
> > I found no way to have a working fail2ban :-((.
> > 
> > Thanks for any help

-- 
mit freundlichen Grüßen / best regards,

  Günther J. Niederwimmer

------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Re: [Fail2ban-users] CentOS 7.2 fail2ban not correct working?

Reply via email to