Re: [Fail2ban-users] CentOS 7.2 fail2ban not correct working?

Bruno Miguel Queiros Sun, 21 Aug 2016 03:55:02 -0700

What is the action of your sshd jail?


Às 11:21 de 21-08-2016, Günther J. Niederwimmer escreveu:
> Hello
> Am Samstag, 20. August 2016, 13:25:24 schrieb Bruno Miguel Queiros:
>> Tried disabling firewalld and going with regular iptables?
> On the Internet all say firewalld is working, and it is working, but only with
> CentOS 7.0 (????), but after update it is broken why???
>
> this is my jail.local
> #
> [DEFAULT]
> bantime = 2592000
> findtime = 3600
> ignoreip = 127.0.0.1/8 192.168.55.0/24 192.168.100.0/24
> maxretry = 2
>
> #
> [sshd-ddos]
> enabled = true
>
> [sshd]
> enabled = true
>
> [selinux-ssh]
> enabled = true
>
> and this thousands off Errors
> 2016-08-21 11:09:33,565 fail2ban.actions        [2066]: ERROR   Failed to
> execute ban jail 'sshd' action 'firewallcmd-ipset' info
> 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8baa0>,
> 'matches': '2016-06-18T13:12:13.154635 yyy.xxxxx.com sshd[3705]: Invalid user
> john from 95.211.190.210\n2016-06-18T13:12:13.590404 yyy.xxxxx.com sshd[3707]:
> Invalid user nagios from 95.211.190.210', 'ip': '95.211.190.210', 'ipmatches':
> <function <lambda> at 0x7f19e1d8ba28>, 'ipfailures': <function <lambda> at
> 0x7f19e1d8b9b0>, 'time': 1471770573.462379, 'failures': 2, 'ipjailfailures':
> <function <lambda> at 0x7f19e1d8b938>})': Error banning 95.211.190.210
> 2016-08-21 11:09:33,565 fail2ban.actions        [2066]: NOTICE  [sshd] Ban
> 97.74.232.35
> 2016-08-21 11:09:33,668 fail2ban.action         [2066]: ERROR   ipset add
> fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- stdout: ''
> 2016-08-21 11:09:33,668 fail2ban.action         [2066]: ERROR   ipset add
> fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- stderr: 'ipset v6.19: The
> set with the given name does not exist\n'
> 2016-08-21 11:09:33,668 fail2ban.action         [2066]: ERROR   ipset add
> fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- returned 1
> 2016-08-21 11:09:33,668 fail2ban.actions        [2066]: ERROR   Failed to
> execute ban jail 'sshd' action 'firewallcmd-ipset' info
> 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8b9b0>,
> 'matches': '2016-08-14T16:19:53.289264 yyy.xxxxx.com sshd[24915]: Invalid user
> guest from 97.74.232.35\n2016-08-14T16:19:54.661401 yyy.xxxxx.com sshd[24917]:
> Invalid user pi from 97.74.232.35', 'ip': '97.74.232.35', 'ipmatches':
> <function <lambda> at 0x7f19e1d8b938>, 'ipfailures': <function <lambda> at
> 0x7f19e1d8ba28>, 'time': 1471770573.565505, 'failures': 2, 'ipjailfailures':
> <function <lambda> at 0x7f19e1d8baa0>})': Error banning 97.74.232.35
> 2016-08-21 11:09:33,668 fail2ban.actions        [2066]: NOTICE  [sshd] Ban
> 98.142.52.44
> 2016-08-21 11:09:33,771 fail2ban.action         [2066]: ERROR   ipset add
> fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- stdout: ''
> 2016-08-21 11:09:33,771 fail2ban.action         [2066]: ERROR   ipset add
> fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- stderr: 'ipset v6.19: The
> set with the given name does not exist\n'
> 2016-08-21 11:09:33,771 fail2ban.action         [2066]: ERROR   ipset add
> fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- returned 1
> 2016-08-21 11:09:33,771 fail2ban.actions        [2066]: ERROR   Failed to
> execute ban jail 'sshd' action 'firewallcmd-ipset' info
> 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8ba28>,
> 'matches': '2016-06-08T15:27:16.145465 yyy.xxxxx.com sshd[20294]: Invalid user
> a from 98.142.52.44\n2016-06-08T15:27:19.797928 yyy.xxxxx.com sshd[20297]:
> Invalid user ajay from 98.142.52.44', 'ip': '98.142.52.44', 'ipmatches':
> <function <lambda> at 0x7f19e1d8baa0>, 'ipfailures': <function <lambda> at
> 0x7f19e1d8b938>, 'time': 1471770573.668562, 'failures': 2, 'ipjailfailures':
> <function <lambda> at 0x7f19e1d8b9b0>})': Error banning 98.142.52.44
> 2016-08-21 11:09:33,771 fail2ban.actions        [2066]: NOTICE  [sshd] Ban
> 98.254.171.195
> 2016-08-21 11:09:33,874 fail2ban.action         [2066]: ERROR   ipset add
> fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- stdout: ''
> 2016-08-21 11:09:33,874 fail2ban.action         [2066]: ERROR   ipset add
> fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- stderr: 'ipset v6.19:
> The set with the given name does not exist\n'
> 2016-08-21 11:09:33,874 fail2ban.action         [2066]: ERROR   ipset add
> fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- returned 1
> 2016-08-21 11:09:33,874 fail2ban.actions        [2066]: ERROR   Failed to
> execute ban jail 'sshd' action 'firewallcmd-ipset' info
> 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8b938>,
> 'matches': '2016-06-01T03:21:56.504682 yyy.xxxxx.com sshd[8392]: Invalid user
> ubnt from 98.254.171.195\n2016-06-01T03:22:42.468330 yyy.xxxxx.com sshd[8473]:
> Invalid user pi from 98.254.171.195', 'ip': '98.254.171.195', 'ipmatches':
> <function <lambda> at 0x7f19e1d8b9b0>, 'ipfailures': <function <lambda> at
> 0x7f19e1d8baa0>, 'time': 1471770573.771765, 'failures': 2, 'ipjailfailures':
> <function <lambda> at 0x7f19e1d8ba28>})': Error banning 98.254.171.195
>
>
> is ipset broken v6.19 or iptables v1.4.21 and or
>   fail2ban-sendmail-0.9.3-1.el7.noarch
>   fail2ban-firewalld-0.9.3-1.el7.noarch
>   fail2ban-0.9.3-1.el7.noarch
>   fail2ban-server-0.9.3-1.el7.noarch
>
> I mean this is not only my problem :-((.
>
>> Às 11:31 de 20-08-2016, Günther J. Niederwimmer escreveu:
>>> Hello,
>>>
>>> I mean I have a big Problem with fail2ban :-(
>>> when I make a restart / reload or reboot from fail2ban afterward my
>>> firewalld status found this
>>>
>>> ● firewalld.service - firewalld - dynamic firewall daemon
>>>
>>>      Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
>>>      vendor
>>>
>>> preset: enabled)
>>>
>>>      Active: active (running) since Sa 2016-08-20 12:08:27 CEST; 4min 50s
>>>      ago
>>>    
>>>    Main PID: 13158 (firewalld)
>>>    
>>>      CGroup: /system.slice/firewalld.service
>>>      
>>>              └─13158 /usr/bin/python -Es /usr/sbin/firewalld --nofork
>>>              --nopid
>>>
>>> Aug 20 12:12:23 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:23
>>> ERROR:
>>> NOT_ENABLED
>>> Aug 20 12:12:24 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:24
>>> ERROR:
>>> NOT_ENABLED
>>> Aug 20 12:12:25 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:25
>>> ERROR:
>>> NOT_ENABLED
>>> Aug 20 12:12:27 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:27
>>> ERROR:
>>> NOT_ENABLED
>>> Aug 20 12:12:27 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:27
>>> ERROR:
>>> NOT_ENABLED
>>> Aug 20 12:12:28 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:28
>>> ERROR:
>>> NOT_ENABLED
>>> Aug 20 12:12:29 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:29
>>> ERROR:
>>> NOT_ENABLED
>>> Aug 20 12:12:30 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:30
>>> ERROR:
>>> NOT_ENABLED
>>> Aug 20 12:12:31 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:31
>>> ERROR:
>>> NOT_ENABLED
>>> Aug 20 12:12:31 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:31
>>> ERROR:
>>> NOT_ENABLED
>>>
>>> fail2ban is working "normal" no errors
>>>
>>> This is a installation from EPEL with all Updates ???
>>>
>>> I don't change nothing only I make a jail.local for enabling filters
>>>
>>> I found no way to have a working fail2ban :-((.
>>>
>>> Thanks for any help


------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Re: [Fail2ban-users] CentOS 7.2 fail2ban not correct working?

Reply via email to