Hello,
fail2ban 0.10.3.fix1
opensuse 15.0
I created a new jail to block a denial-of-service DNS attack. The
source port of the attack can be anything. fail2ban-regex matches the
date and test patterns.
When I attempt to start the jail, I receive
$ fail2ban-client restart suricata-1
2019-09-17 13:12:55,019 fail2ban [12287]: ERROR NOK: ('suricata-1',)
Sorry but the jail 'suricata-1' does not exist
The log file proclaims there is an UnknownJailException.
Does anyone see what the "unknown" error is?
----[ jail ]----
[suricata-1]
enabled = true
logpath = /data01/var/log/suricata/fast.log
datepattern = %%m/%%d/%%Y-%%H:%%M:%%S
#
bantime = 12w
maxretry = 1
findtime = 3w
action = iptables[name=suri-1, protocol=udp]
----[ end ]----
----[ filter ]----
[Definition]
__suricata-1_actions = (?:dropping|refusing)
# Capture DoS DNS Apmlification attack
# 09/17/2019-12:12:58.002288 [Drop] [**] [1:2016016:8] ET DOS DNS
Amplification Attack Inbound [**] [Classification: Potentially Bad
Traffic] [Priority: 2] {UDP} 216.98.62.45:39918 -> 192.168.69.246:53
#
failregex = ^.*\[1\:2016016\:.*\].*? \{UDP\} <HOST>\:.*?
ignoreregex =
datepattern = %%m/%%d/%%Y-%%H:%%M:%%S
----[ end ]----
----[ log ]----
2019-09-17 13:12:55,018 fail2ban.server [7485]: INFO Reload
jail suricata-1
2019-09-17 13:12:55,018 fail2ban.server [7485]: INFO Reload
finished.
2019-09-17 13:12:55,018 fail2ban.transmitter [7485]: WARNING Command
['reload', 'suricata-1', ['--restart'], [['set', 'syslogsocket',
'auto'], ['set', 'loglevel', 'INFO'], ['set', 'logtarget',
'/data01/var/log/fail2ban/fail2ban.log'], ['set', 'dbfile',
'/data01/var/lib/fail2ban/fail2ban.sqlite3'], ['set', 'dbpurgeage',
'1d'], ['add', 'suricata-1', 'auto'], ['set', 'suricata-1',
'addfailregex', '^.*\\[1\\:2016016\\:.*\\].*? \\{UDP\\} <HOST>\\:.*?'],
['set', 'suricata-1', 'usedns', 'warn'], ['set', 'suricata-1',
'addlogpath', '/data01/var/log/suricata/fast.log', 'head'], ['set',
'suricata-1', 'maxretry', 1], ['set', 'suricata-1', 'datepattern',
'%m/%d/%Y-%H:%M:%S'], ['set', 'suricata-1', 'logencoding', 'auto'],
['set', 'suricata-1', 'bantime', '12w'], ['set', 'suricata-1',
'ignorecommand', ''], ['set', 'suricata-1', 'findtime', '3w'], ['set',
'suricata-1', 'addaction', 'iptables'], ['multi-set', 'suricata-1',
'action', 'iptables', [['actionunban', '<iptables> -D f2b-suri-1 -s <ip>
-j <blocktype>'], ['actionflush', '<iptables> -F f2b-suri-1'],
['actionstop', '<iptables> -D INPUT -p udp --dport ssh -j
f2b-suri-1\n<iptables> -F f2b-suri-1\n<iptables> -X f2b-suri-1'],
['actionstart', '<iptables> -N f2b-suri-1\n<iptables> -A f2b-suri-1 -j
RETURN\n<iptables> -I INPUT -p udp --dport ssh -j f2b-suri-1'],
['actionban', '<iptables> -I f2b-suri-1 1 -s <ip> -j <blocktype>'],
['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-suri-1[ \\t]'"],
['iptables', 'iptables <lockingopt>'], ['lockingopt', '-w'],
['blocktype?family=inet6', 'REJECT --reject-with
icmp6-port-unreachable'], ['protocol', 'udp'], ['name', 'suri-1'],
['chain', 'INPUT'], ['returntype', 'RETURN'], ['iptables?family=inet6',
'ip6tables <lockingopt>'], ['blocktype', 'REJECT --reject-with
icmp-port-unreachable'], ['actname', 'iptables'], ['port', 'ssh']]],
['start', 'suricata-1']]] has failed.
Received UnknownJailException('suricata-1',)
----[ end ]----
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
