Hello Bruno Miguel, Am Sonntag, 21. August 2016, 11:52:08 schrieb Bruno Miguel Queiros: > What is the action of your sshd jail? mean you this
/etc/fail2ban/jail.d/00-firewalld.conf [DEFAULT] banaction = firewallcmd-ipset and a NOT changed /etc/fail2ban/jail.conf [DEFAULT] # # MISCELLANEOUS OPTIONS # # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1/8 # External command that will take an tagged arguments to ignore, e.g. <ip>, # and return true if the IP is to be ignored. False otherwise. # # ignorecommand = /path/to/command <ip> ignorecommand = # "bantime" is the number of seconds that a host is banned. bantime = 600 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 5 # "backend" specifies the backend used to get files modification. # Available options are "pyinotify", "gamin", "polling", "systemd" and "auto". # This option can be overridden in each jail as well. # # pyinotify: requires pyinotify (a file alteration monitor) to be installed. # If pyinotify is not installed, Fail2ban will use auto. # gamin: requires Gamin (a file alteration monitor) to be installed. # If Gamin is not installed, Fail2ban will use auto. # polling: uses a polling algorithm which does not require external libraries. # systemd: uses systemd python library to access the systemd journal. # Specifying "logpath" is not valid for this backend. # See "journalmatch" in the jails associated filter config # auto: will try to use the following backends, in order: # pyinotify, gamin, polling. # # Note: if systemd backend is choses as the default but you enable a jail # for which logs are present only in its own log files, specify some other # backend for that jail (e.g. polling) and provide empty value for # journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200 backend = auto # "usedns" specifies if jails should trust hostnames in logs, # warn when DNS lookups are performed, or ignore all hostnames in logs # # yes: if a hostname is encountered, a DNS lookup will be performed. # warn: if a hostname is encountered, a DNS lookup will be performed, # but it will be logged as a warning. # no: if a hostname is encountered, will not be used for banning, # but it will be logged as info. usedns = warn # "logencoding" specifies the encoding of the log files handled by the jail # This is used to decode the lines from the log file. # Typical examples: "ascii", "utf-8" # # auto: will use the system locale setting logencoding = auto # "enabled" enables the jails. # By default all jails are disabled, and it should stay this way. # Enable only relevant to your setup jails in your .local or jail.d/*.conf # # true: jail will be enabled and log files will get monitored for changes # false: jail is not enabled enabled = false # "filter" defines the filter to use by the jail. # By default jails have names matching their filter name # filter = %(__name__)s # # ACTIONS # # Some options used for actions # Destination email address used solely for the interpolations in # jail.{conf,local,d/*} configuration files. destemail = root@localhost # Sender email address used solely for some actions sender = root@localhost # E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the # mailing. Change mta configuration parameter to mail if you want to # revert to conventional 'mail'. mta = sendmail # Default protocol protocol = tcp # Specify chain where jumps would need to be added in iptables-* actions chain = INPUT # Ports to be banned # Usually should be overridden in a particular jail port = 0:65535 # # Action shortcuts. To be used to define action parameter # Default banning action (e.g. iptables, iptables-new, # iptables-multiport, shorewall, etc) It is used to define # action_* variables. Can be overridden globally or per # section within jail.local file banaction = iptables-multiport # The simplest action to take: ban only action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] ........ > Às 11:21 de 21-08-2016, Günther J. Niederwimmer escreveu: > > Hello > > > > Am Samstag, 20. August 2016, 13:25:24 schrieb Bruno Miguel Queiros: > >> Tried disabling firewalld and going with regular iptables? > > > > On the Internet all say firewalld is working, and it is working, but only > > with CentOS 7.0 (????), but after update it is broken why??? > > > > this is my jail.local > > # > > [DEFAULT] > > bantime = 2592000 > > findtime = 3600 > > ignoreip = 127.0.0.1/8 192.168.55.0/24 192.168.100.0/24 > > maxretry = 2 > > > > # > > [sshd-ddos] > > enabled = true > > > > [sshd] > > enabled = true > > > > [selinux-ssh] > > enabled = true > > > > and this thousands off Errors > > 2016-08-21 11:09:33,565 fail2ban.actions [2066]: ERROR Failed to > > execute ban jail 'sshd' action 'firewallcmd-ipset' info > > 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8baa0>, > > 'matches': '2016-06-18T13:12:13.154635 yyy.xxxxx.com sshd[3705]: Invalid > > user john from 95.211.190.210\n2016-06-18T13:12:13.590404 yyy.xxxxx.com > > sshd[3707]: Invalid user nagios from 95.211.190.210', 'ip': > > '95.211.190.210', 'ipmatches': <function <lambda> at 0x7f19e1d8ba28>, > > 'ipfailures': <function <lambda> at 0x7f19e1d8b9b0>, 'time': > > 1471770573.462379, 'failures': 2, 'ipjailfailures': <function <lambda> at > > 0x7f19e1d8b938>})': Error banning 95.211.190.210 2016-08-21 11:09:33,565 > > fail2ban.actions [2066]: NOTICE [sshd] Ban 97.74.232.35 > > 2016-08-21 11:09:33,668 fail2ban.action [2066]: ERROR ipset add > > fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- stdout: '' > > 2016-08-21 11:09:33,668 fail2ban.action [2066]: ERROR ipset add > > fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- stderr: 'ipset v6.19: > > The set with the given name does not exist\n' > > 2016-08-21 11:09:33,668 fail2ban.action [2066]: ERROR ipset add > > fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- returned 1 > > 2016-08-21 11:09:33,668 fail2ban.actions [2066]: ERROR Failed to > > execute ban jail 'sshd' action 'firewallcmd-ipset' info > > 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8b9b0>, > > 'matches': '2016-08-14T16:19:53.289264 yyy.xxxxx.com sshd[24915]: Invalid > > user guest from 97.74.232.35\n2016-08-14T16:19:54.661401 yyy.xxxxx.com > > sshd[24917]: Invalid user pi from 97.74.232.35', 'ip': '97.74.232.35', > > 'ipmatches': <function <lambda> at 0x7f19e1d8b938>, 'ipfailures': > > <function <lambda> at 0x7f19e1d8ba28>, 'time': 1471770573.565505, > > 'failures': 2, 'ipjailfailures': <function <lambda> at > > 0x7f19e1d8baa0>})': Error banning 97.74.232.35 2016-08-21 11:09:33,668 > > fail2ban.actions [2066]: NOTICE [sshd] Ban 98.142.52.44 > > 2016-08-21 11:09:33,771 fail2ban.action [2066]: ERROR ipset add > > fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- stdout: '' > > 2016-08-21 11:09:33,771 fail2ban.action [2066]: ERROR ipset add > > fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- stderr: 'ipset v6.19: > > The set with the given name does not exist\n' > > 2016-08-21 11:09:33,771 fail2ban.action [2066]: ERROR ipset add > > fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- returned 1 > > 2016-08-21 11:09:33,771 fail2ban.actions [2066]: ERROR Failed to > > execute ban jail 'sshd' action 'firewallcmd-ipset' info > > 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8ba28>, > > 'matches': '2016-06-08T15:27:16.145465 yyy.xxxxx.com sshd[20294]: Invalid > > user a from 98.142.52.44\n2016-06-08T15:27:19.797928 yyy.xxxxx.com > > sshd[20297]: Invalid user ajay from 98.142.52.44', 'ip': '98.142.52.44', > > 'ipmatches': <function <lambda> at 0x7f19e1d8baa0>, 'ipfailures': > > <function <lambda> at 0x7f19e1d8b938>, 'time': 1471770573.668562, > > 'failures': 2, 'ipjailfailures': <function <lambda> at > > 0x7f19e1d8b9b0>})': Error banning 98.142.52.44 2016-08-21 11:09:33,771 > > fail2ban.actions [2066]: NOTICE [sshd] Ban 98.254.171.195 > > 2016-08-21 11:09:33,874 fail2ban.action [2066]: ERROR ipset add > > fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- stdout: '' > > 2016-08-21 11:09:33,874 fail2ban.action [2066]: ERROR ipset add > > fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- stderr: 'ipset > > v6.19: The set with the given name does not exist\n' > > 2016-08-21 11:09:33,874 fail2ban.action [2066]: ERROR ipset add > > fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- returned 1 > > 2016-08-21 11:09:33,874 fail2ban.actions [2066]: ERROR Failed to > > execute ban jail 'sshd' action 'firewallcmd-ipset' info > > 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8b938>, > > 'matches': '2016-06-01T03:21:56.504682 yyy.xxxxx.com sshd[8392]: Invalid > > user ubnt from 98.254.171.195\n2016-06-01T03:22:42.468330 yyy.xxxxx.com > > sshd[8473]: Invalid user pi from 98.254.171.195', 'ip': '98.254.171.195', > > 'ipmatches': <function <lambda> at 0x7f19e1d8b9b0>, 'ipfailures': > > <function <lambda> at 0x7f19e1d8baa0>, 'time': 1471770573.771765, > > 'failures': 2, 'ipjailfailures': <function <lambda> at > > 0x7f19e1d8ba28>})': Error banning 98.254.171.195 > > > > > > is ipset broken v6.19 or iptables v1.4.21 and or > > > > fail2ban-sendmail-0.9.3-1.el7.noarch > > fail2ban-firewalld-0.9.3-1.el7.noarch > > fail2ban-0.9.3-1.el7.noarch > > fail2ban-server-0.9.3-1.el7.noarch > > > > I mean this is not only my problem :-((. > > > >> Às 11:31 de 20-08-2016, Günther J. Niederwimmer escreveu: > >>> Hello, > >>> > >>> I mean I have a big Problem with fail2ban :-( > >>> when I make a restart / reload or reboot from fail2ban afterward my > >>> firewalld status found this > >>> > >>> ● firewalld.service - firewalld - dynamic firewall daemon > >>> > >>> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; > >>> vendor > >>> > >>> preset: enabled) > >>> > >>> Active: active (running) since Sa 2016-08-20 12:08:27 CEST; 4min > >>> 50s > >>> ago > >>> > >>> Main PID: 13158 (firewalld) > >>> > >>> CGroup: /system.slice/firewalld.service > >>> > >>> └─13158 /usr/bin/python -Es /usr/sbin/firewalld --nofork > >>> --nopid > >>> > >>> Aug 20 12:12:23 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:23 > >>> ERROR: > >>> NOT_ENABLED > >>> Aug 20 12:12:24 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:24 > >>> ERROR: > >>> NOT_ENABLED > >>> Aug 20 12:12:25 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:25 > >>> ERROR: > >>> NOT_ENABLED > >>> Aug 20 12:12:27 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:27 > >>> ERROR: > >>> NOT_ENABLED > >>> Aug 20 12:12:27 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:27 > >>> ERROR: > >>> NOT_ENABLED > >>> Aug 20 12:12:28 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:28 > >>> ERROR: > >>> NOT_ENABLED > >>> Aug 20 12:12:29 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:29 > >>> ERROR: > >>> NOT_ENABLED > >>> Aug 20 12:12:30 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:30 > >>> ERROR: > >>> NOT_ENABLED > >>> Aug 20 12:12:31 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:31 > >>> ERROR: > >>> NOT_ENABLED > >>> Aug 20 12:12:31 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:31 > >>> ERROR: > >>> NOT_ENABLED > >>> > >>> fail2ban is working "normal" no errors > >>> > >>> This is a installation from EPEL with all Updates ??? > >>> > >>> I don't change nothing only I make a jail.local for enabling filters > >>> > >>> I found no way to have a working fail2ban :-((. > >>> > >>> Thanks for any help -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
