CentOS 6.9 (Final), fully patched, fail2ban-0.9.6-1.el6 from EPEL,
iptables-1.4.7-16.el6
Jul 16 20:21:49 lake fail2ban.filter[2785]: INFO [ssh-iptables] Found
123.183.209.136
Jul 16 20:21:50 lake fail2ban.actions[2785]: NOTICE [ssh-iptables] Ban
123.183.209.136
Jul 16 20:21:50 lake fail2ban.CommandAction[2785]: ERROR Invariant check
failed. Trying to restore a sane environment
Jul 16 20:21:50 lake fail2ban.actions[2785]: ERROR Failed to execute ban
jail 'ssh-iptables' action 'iptables' info 'CallingMap({'ipjailmatches':
<function <lambda> at 0x7fccd19edcf8>, 'matches': u'Jul 16 20:20:08 lake
sshd[30231]: pam_unix(sshd:auth): authentication failure; logname= uid=0
euid=0 tty=ssh ruser= rhost=123.183.209.136 user=root\nJul 16 20:20:10
lake sshd[30231]: Failed password for root from 123.183.209.136 port
30358 ssh2\nJul 16 20:20:12 lake sshd[30231]: Failed password for root
from 123.183.209.136 port 30358 ssh2\nJul 16 20:20:16 lake sshd[30231]:
Failed password for root from 123.183.209.136 port 30358 ssh2\nJul 16
20:21:49 lake sshd[30252]: pam_unix(sshd:auth): authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=123.183.209.136 user=root',
'ip': '123.183.209.136', 'ipmatches': <function <lambda> at
0x7fccd19edd70>, 'ipfailures': <function <lambda> at 0x7fccd19edf50>,
'time': 1500236510.687964, 'failures': 5, 'ipjailfailures': <function
<lambda> at 0x7fccd19eded8>})': Error stopping action
Jul 16 20:21:51 lake fail2ban.filter[2785]: INFO [ssh-iptables] Found
123.183.209.136
Jul 16 20:21:54 lake fail2ban.filter[2785]: INFO [ssh-iptables] Found
123.183.209.136
Jul 16 20:21:55 lake fail2ban.filter[2785]: INFO [ssh-iptables] Found
123.183.209.136
[joliver@lake ~]$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp
ACCEPT udp -- anywhere anywhere udp
dpt:domain
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain
ACCEPT tcp -- anywhere anywhere tcp
dpt:http
ACCEPT tcp -- anywhere anywhere tcp
dpt:https
LOGGING all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain LOGGING (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning prefix `iptables '
DROP all -- anywhere anywhere
Clearly, something isn't right. Googling leads to a bunch of different
explanations. As I recall, all I did after installing was copy
jail.conf to jail.local and enabled ssh-iptables What am I missing?
--
***********************************************************************
* John Oliver, RHCE, LFCS http://www.john-oliver.net/ *
* *
***********************************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
