Hello Bruno Miguel, thanks for your help....
Am Sonntag, 21. August 2016, 12:46:42 schrieb Bruno Miguel Queiros: > Yes. ;-))) mean you also, it is broken ? > It could be something wrong with firewallcmd-ipset. Have you tried with > different versions (older) of fail2ban and/or even firewalld? all I can found I tested, but I am not a programmer :-) the last I mean from github net. I mean something have changed with iptables or ipset ? I mean I must have a newer then a older ;-). the last I found now with iptables -L -n -v is iptables v1.4.21: chain name not allowed to start with `-' I mean it looks like a problem with firewallcmd-ipset ? but I can't understand, why no other found a problem with fail2ban and Centos 7.2 ??? the only thing I can do now, waiting..... and hope a programmer can found the mistake :-( > Às 12:24 de 21-08-2016, Günther J. Niederwimmer escreveu: > > Hello Bruno Miguel, > > > > Am Sonntag, 21. August 2016, 11:52:08 schrieb Bruno Miguel Queiros: > >> What is the action of your sshd jail? > > > > mean you this > > > > /etc/fail2ban/jail.d/00-firewalld.conf > > [DEFAULT] > > banaction = firewallcmd-ipset > > > > and a NOT changed > > /etc/fail2ban/jail.conf > > [DEFAULT] > > > > # > > # MISCELLANEOUS OPTIONS > > # > > > > # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban > > will > > not > > # ban a host which matches an address in this list. Several addresses can > > be # defined using space separator. > > ignoreip = 127.0.0.1/8 > > > > # External command that will take an tagged arguments to ignore, e.g. > > <ip>, > > # and return true if the IP is to be ignored. False otherwise. > > # > > # ignorecommand = /path/to/command <ip> > > ignorecommand = > > > > # "bantime" is the number of seconds that a host is banned. > > bantime = 600 > > > > # A host is banned if it has generated "maxretry" during the last > > "findtime" # seconds. > > findtime = 600 > > > > # "maxretry" is the number of failures before a host get banned. > > maxretry = 5 > > > > # "backend" specifies the backend used to get files modification. > > # Available options are "pyinotify", "gamin", "polling", "systemd" and > > "auto". # This option can be overridden in each jail as well. > > # > > # pyinotify: requires pyinotify (a file alteration monitor) to be > > installed. # If pyinotify is not installed, Fail2ban will > > use auto. # gamin: requires Gamin (a file alteration monitor) to be > > installed. # If Gamin is not installed, Fail2ban will use > > auto. > > # polling: uses a polling algorithm which does not require external > > libraries. > > # systemd: uses systemd python library to access the systemd journal. > > # Specifying "logpath" is not valid for this backend. > > # See "journalmatch" in the jails associated filter config > > # auto: will try to use the following backends, in order: > > # pyinotify, gamin, polling. > > # > > # Note: if systemd backend is choses as the default but you enable a jail > > # for which logs are present only in its own log files, specify some > > other > > # backend for that jail (e.g. polling) and provide empty value for > > # journalmatch. See > > https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200 > > backend = auto > > > > # "usedns" specifies if jails should trust hostnames in logs, > > # warn when DNS lookups are performed, or ignore all hostnames in logs > > # > > # yes: if a hostname is encountered, a DNS lookup will be performed. > > # warn: if a hostname is encountered, a DNS lookup will be performed, > > # but it will be logged as a warning. > > # no: if a hostname is encountered, will not be used for banning, > > # but it will be logged as info. > > usedns = warn > > > > # "logencoding" specifies the encoding of the log files handled by the > > jail > > # This is used to decode the lines from the log file. > > # Typical examples: "ascii", "utf-8" > > # > > # auto: will use the system locale setting > > logencoding = auto > > > > # "enabled" enables the jails. > > # By default all jails are disabled, and it should stay this way. > > # Enable only relevant to your setup jails in your .local or > > jail.d/*.conf > > # > > # true: jail will be enabled and log files will get monitored for changes > > # false: jail is not enabled > > enabled = false > > > > > > # "filter" defines the filter to use by the jail. > > # By default jails have names matching their filter name > > # > > filter = %(__name__)s > > > > > > # > > # ACTIONS > > # > > > > # Some options used for actions > > > > # Destination email address used solely for the interpolations in > > # jail.{conf,local,d/*} configuration files. > > destemail = root@localhost > > > > # Sender email address used solely for some actions > > sender = root@localhost > > > > # E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the > > # mailing. Change mta configuration parameter to mail if you want to > > # revert to conventional 'mail'. > > mta = sendmail > > > > # Default protocol > > protocol = tcp > > > > # Specify chain where jumps would need to be added in iptables-* actions > > chain = INPUT > > > > # Ports to be banned > > # Usually should be overridden in a particular jail > > port = 0:65535 > > > > # > > # Action shortcuts. To be used to define action parameter > > > > # Default banning action (e.g. iptables, iptables-new, > > # iptables-multiport, shorewall, etc) It is used to define > > # action_* variables. Can be overridden globally or per > > # section within jail.local file > > banaction = iptables-multiport > > > > # The simplest action to take: ban only > > action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", > > port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] > > ........ > > > >> Às 11:21 de 21-08-2016, Günther J. Niederwimmer escreveu: > >>> Hello > >>> > >>> Am Samstag, 20. August 2016, 13:25:24 schrieb Bruno Miguel Queiros: > >>>> Tried disabling firewalld and going with regular iptables? > >>> > >>> On the Internet all say firewalld is working, and it is working, but > >>> only > >>> with CentOS 7.0 (????), but after update it is broken why??? > >>> > >>> this is my jail.local > >>> # > >>> [DEFAULT] > >>> bantime = 2592000 > >>> findtime = 3600 > >>> ignoreip = 127.0.0.1/8 192.168.55.0/24 192.168.100.0/24 > >>> maxretry = 2 > >>> > >>> # > >>> [sshd-ddos] > >>> enabled = true > >>> > >>> [sshd] > >>> enabled = true > >>> > >>> [selinux-ssh] > >>> enabled = true > >>> > >>> and this thousands off Errors > >>> 2016-08-21 11:09:33,565 fail2ban.actions [2066]: ERROR Failed > >>> to > >>> execute ban jail 'sshd' action 'firewallcmd-ipset' info > >>> 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8baa0>, > >>> 'matches': '2016-06-18T13:12:13.154635 yyy.xxxxx.com sshd[3705]: Invalid > >>> user john from 95.211.190.210\n2016-06-18T13:12:13.590404 yyy.xxxxx.com > >>> sshd[3707]: Invalid user nagios from 95.211.190.210', 'ip': > >>> '95.211.190.210', 'ipmatches': <function <lambda> at 0x7f19e1d8ba28>, > >>> 'ipfailures': <function <lambda> at 0x7f19e1d8b9b0>, 'time': > >>> 1471770573.462379, 'failures': 2, 'ipjailfailures': <function <lambda> > >>> at > >>> 0x7f19e1d8b938>})': Error banning 95.211.190.210 2016-08-21 11:09:33,565 > >>> fail2ban.actions [2066]: NOTICE [sshd] Ban 97.74.232.35 > >>> 2016-08-21 11:09:33,668 fail2ban.action [2066]: ERROR ipset > >>> add > >>> fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- stdout: '' > >>> 2016-08-21 11:09:33,668 fail2ban.action [2066]: ERROR ipset > >>> add > >>> fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- stderr: 'ipset > >>> v6.19: > >>> The set with the given name does not exist\n' > >>> 2016-08-21 11:09:33,668 fail2ban.action [2066]: ERROR ipset > >>> add > >>> fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- returned 1 > >>> 2016-08-21 11:09:33,668 fail2ban.actions [2066]: ERROR Failed > >>> to > >>> execute ban jail 'sshd' action 'firewallcmd-ipset' info > >>> 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8b9b0>, > >>> 'matches': '2016-08-14T16:19:53.289264 yyy.xxxxx.com sshd[24915]: > >>> Invalid > >>> user guest from 97.74.232.35\n2016-08-14T16:19:54.661401 yyy.xxxxx.com > >>> sshd[24917]: Invalid user pi from 97.74.232.35', 'ip': '97.74.232.35', > >>> 'ipmatches': <function <lambda> at 0x7f19e1d8b938>, 'ipfailures': > >>> <function <lambda> at 0x7f19e1d8ba28>, 'time': 1471770573.565505, > >>> 'failures': 2, 'ipjailfailures': <function <lambda> at > >>> 0x7f19e1d8baa0>})': Error banning 97.74.232.35 2016-08-21 11:09:33,668 > >>> fail2ban.actions [2066]: NOTICE [sshd] Ban 98.142.52.44 > >>> 2016-08-21 11:09:33,771 fail2ban.action [2066]: ERROR ipset > >>> add > >>> fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- stdout: '' > >>> 2016-08-21 11:09:33,771 fail2ban.action [2066]: ERROR ipset > >>> add > >>> fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- stderr: 'ipset > >>> v6.19: > >>> The set with the given name does not exist\n' > >>> 2016-08-21 11:09:33,771 fail2ban.action [2066]: ERROR ipset > >>> add > >>> fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- returned 1 > >>> 2016-08-21 11:09:33,771 fail2ban.actions [2066]: ERROR Failed > >>> to > >>> execute ban jail 'sshd' action 'firewallcmd-ipset' info > >>> 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8ba28>, > >>> 'matches': '2016-06-08T15:27:16.145465 yyy.xxxxx.com sshd[20294]: > >>> Invalid > >>> user a from 98.142.52.44\n2016-06-08T15:27:19.797928 yyy.xxxxx.com > >>> sshd[20297]: Invalid user ajay from 98.142.52.44', 'ip': '98.142.52.44', > >>> 'ipmatches': <function <lambda> at 0x7f19e1d8baa0>, 'ipfailures': > >>> <function <lambda> at 0x7f19e1d8b938>, 'time': 1471770573.668562, > >>> 'failures': 2, 'ipjailfailures': <function <lambda> at > >>> 0x7f19e1d8b9b0>})': Error banning 98.142.52.44 2016-08-21 11:09:33,771 > >>> fail2ban.actions [2066]: NOTICE [sshd] Ban 98.254.171.195 > >>> 2016-08-21 11:09:33,874 fail2ban.action [2066]: ERROR ipset > >>> add > >>> fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- stdout: '' > >>> 2016-08-21 11:09:33,874 fail2ban.action [2066]: ERROR ipset > >>> add > >>> fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- stderr: 'ipset > >>> v6.19: The set with the given name does not exist\n' > >>> 2016-08-21 11:09:33,874 fail2ban.action [2066]: ERROR ipset > >>> add > >>> fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- returned 1 > >>> 2016-08-21 11:09:33,874 fail2ban.actions [2066]: ERROR Failed > >>> to > >>> execute ban jail 'sshd' action 'firewallcmd-ipset' info > >>> 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8b938>, > >>> 'matches': '2016-06-01T03:21:56.504682 yyy.xxxxx.com sshd[8392]: Invalid > >>> user ubnt from 98.254.171.195\n2016-06-01T03:22:42.468330 yyy.xxxxx.com > >>> sshd[8473]: Invalid user pi from 98.254.171.195', 'ip': > >>> '98.254.171.195', > >>> 'ipmatches': <function <lambda> at 0x7f19e1d8b9b0>, 'ipfailures': > >>> <function <lambda> at 0x7f19e1d8baa0>, 'time': 1471770573.771765, > >>> 'failures': 2, 'ipjailfailures': <function <lambda> at > >>> 0x7f19e1d8ba28>})': Error banning 98.254.171.195 > >>> > >>> > >>> is ipset broken v6.19 or iptables v1.4.21 and or > >>> > >>> fail2ban-sendmail-0.9.3-1.el7.noarch > >>> fail2ban-firewalld-0.9.3-1.el7.noarch > >>> fail2ban-0.9.3-1.el7.noarch > >>> fail2ban-server-0.9.3-1.el7.noarch > >>> > >>> I mean this is not only my problem :-((. > >>> > >>>> Às 11:31 de 20-08-2016, Günther J. Niederwimmer escreveu: > >>>>> Hello, > >>>>> > >>>>> I mean I have a big Problem with fail2ban :-( > >>>>> when I make a restart / reload or reboot from fail2ban afterward my > >>>>> firewalld status found this > >>>>> > >>>>> ● firewalld.service - firewalld - dynamic firewall daemon > >>>>> > >>>>> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; > >>>>> enabled; > >>>>> vendor > >>>>> > >>>>> preset: enabled) > >>>>> > >>>>> Active: active (running) since Sa 2016-08-20 12:08:27 CEST; 4min > >>>>> 50s > >>>>> ago > >>>>> > >>>>> Main PID: 13158 (firewalld) > >>>>> > >>>>> CGroup: /system.slice/firewalld.service > >>>>> > >>>>> └─13158 /usr/bin/python -Es /usr/sbin/firewalld --nofork > >>>>> --nopid > >>>>> > >>>>> Aug 20 12:12:23 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:23 > >>>>> ERROR: > >>>>> NOT_ENABLED > >>>>> Aug 20 12:12:24 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:24 > >>>>> ERROR: > >>>>> NOT_ENABLED > >>>>> Aug 20 12:12:25 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:25 > >>>>> ERROR: > >>>>> NOT_ENABLED > >>>>> Aug 20 12:12:27 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:27 > >>>>> ERROR: > >>>>> NOT_ENABLED > >>>>> Aug 20 12:12:27 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:27 > >>>>> ERROR: > >>>>> NOT_ENABLED > >>>>> Aug 20 12:12:28 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:28 > >>>>> ERROR: > >>>>> NOT_ENABLED > >>>>> Aug 20 12:12:29 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:29 > >>>>> ERROR: > >>>>> NOT_ENABLED > >>>>> Aug 20 12:12:30 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:30 > >>>>> ERROR: > >>>>> NOT_ENABLED > >>>>> Aug 20 12:12:31 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:31 > >>>>> ERROR: > >>>>> NOT_ENABLED > >>>>> Aug 20 12:12:31 yyyy.xxxxxx.at firewalld[13158]: 2016-08-20 12:12:31 > >>>>> ERROR: > >>>>> NOT_ENABLED > >>>>> > >>>>> fail2ban is working "normal" no errors > >>>>> > >>>>> This is a installation from EPEL with all Updates ??? > >>>>> > >>>>> I don't change nothing only I make a jail.local for enabling filters > >>>>> > >>>>> I found no way to have a working fail2ban :-((. > >>>>> > >>>>> Thanks for any help -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
