Public bug reported:
1. We have just upgraded to Ubuntu Server 20.04 LTS (from 18.04 LTS),
using the usual do-release-upgrade command.
2. Fail2Ban was upgraded from 0.10.2-2 to 0.11.1-1 and now I does not
insert the usual match-set rules into iptables, although it seems to be
finding IP's, banning and trying to insert those rules. The filter.d and
jail.d scripts that we customized were left untouched from the
previously working setup and are all present in the current directories.
3. Runing systemctl status --no-pager -l fail2ban.service shows:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor
preset: enabled)
Active: active (running) since Sun 2020-04-26 11:22:37 CEST; 1h 40min ago
Docs: man:fail2ban(1)
Process: 8769 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited,
status=0/SUCCESS)
Main PID: 8770 (f2b/server)
Tasks: 11 (limit: 4654)
Memory: 12.4M
CGroup: /system.slice/fail2ban.service
└─8770 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
abr 26 11:22:37 mx systemd[1]: Starting Fail2Ban Service...
abr 26 11:22:37 mx systemd[1]: Started Fail2Ban Service.
abr 26 11:22:38 mx fail2ban-server[8770]: Server ready
4. The log at /var/log/fail2ban.log, shows:
4.1. the usual entries:
2020-04-26 12:44:37,284 fail2ban.filter [8770]: INFO [some-filter]
Found 185.39.10.73 - 2020-04-26 12:44:37
2020-04-26 12:44:37,594 fail2ban.actions [8770]: NOTICE [some-filter]
Ban 185.39.10.73
4.2. many previously not found ERRORS like:
2020-04-26 12:44:37,607 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 --
exec: ipset create f2b-some-filter hash:ip timeout <bantime>
iptables -w -I INPUT 6 -m set --match-set f2b-some-filter src -j DROP
2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 --
stderr: '/bin/sh: 2: Syntax error: newline unexpected'
2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 --
returned 2
2020-04-26 12:44:37,608 fail2ban.actions [8770]: ERROR Failed to
execute ban jail 'some-filter' action 'iptables-ipset-proto6-allports' info
'ActionInfo({'ip': '185.39.10.73', 'family': 'inet4', 'fid': <function
Actions.ActionInfo.<lambda> at 0x7fc2d9f0a430>, 'raw-ticket': <function
Actions.ActionInfo.<lambda> at 0x7fc2d9f0aaf0>})': Error starting action
Jail('some-filter')/iptables-ipset-proto6-allports: 'Script error'
5. In the current setup although the Fail2Ban daemon seems to be
running, there seems to be some change in the Fail2Ban v.0.11.x script's
parser that blocks Fail2Ban from inserting iptables --match-set rules
and rendering the application useless.
Thank you.
MA
** Affects: fail2ban (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
1. We have just upgraded to Ubuntu Server 20.04 LTS (from 18.04 LTS),
using the usual do-release-upgrade command.
2. Fail2Ban was upgraded from 0.10.2-2 to 0.11.1-1 and now I does not
insert the usual match-set rules into iptables, although it seems to be
- finding IP's, banning and trying to insert those rules. The previous
- user changed filter.d and jail.d scripts were left untouched from the
- previously working setup.
+ finding IP's, banning and trying to insert those rules. The filter.d and
+ jail.d scripts that we customized were left untouched from the
+ previously working setup and are all present in the current
+ diretctories.
3. Runing systemctl status --no-pager -l fail2ban.service shows:
● fail2ban.service - Fail2Ban Service
- Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor
preset: enabled)
- Active: active (running) since Sun 2020-04-26 11:22:37 CEST; 1h 40min ago
- Docs: man:fail2ban(1)
- Process: 8769 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited,
status=0/SUCCESS)
- Main PID: 8770 (f2b/server)
- Tasks: 11 (limit: 4654)
- Memory: 12.4M
- CGroup: /system.slice/fail2ban.service
- └─8770 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
+ Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor
preset: enabled)
+ Active: active (running) since Sun 2020-04-26 11:22:37 CEST; 1h 40min ago
+ Docs: man:fail2ban(1)
+ Process: 8769 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited,
status=0/SUCCESS)
+ Main PID: 8770 (f2b/server)
+ Tasks: 11 (limit: 4654)
+ Memory: 12.4M
+ CGroup: /system.slice/fail2ban.service
+ └─8770 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
abr 26 11:22:37 mx systemd[1]: Starting Fail2Ban Service...
abr 26 11:22:37 mx systemd[1]: Started Fail2Ban Service.
abr 26 11:22:38 mx fail2ban-server[8770]: Server ready
4. The log at /var/log/fail2ban.log, shows:
4.1. the usual entries:
2020-04-26 12:44:37,284 fail2ban.filter [8770]: INFO [some-filter]
Found 185.39.10.73 - 2020-04-26 12:44:37
2020-04-26 12:44:37,594 fail2ban.actions [8770]: NOTICE [some-filter]
Ban 185.39.10.73
4.2. many previously not found ERRORS like:
2020-04-26 12:44:37,607 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0
-- exec: ipset create f2b-some-filter hash:ip timeout <bantime>
iptables -w -I INPUT 6 -m set --match-set f2b-some-filter src -j DROP
2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0
-- stderr: '/bin/sh: 2: Syntax error: newline unexpected'
2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0
-- returned 2
2020-04-26 12:44:37,608 fail2ban.actions [8770]: ERROR Failed to
execute ban jail 'some-filter' action 'iptables-ipset-proto6-allports' info
'ActionInfo({'ip': '185.39.10.73', 'family': 'inet4', 'fid': <function
Actions.ActionInfo.<lambda> at 0x7fc2d9f0a430>, 'raw-ticket': <function
Actions.ActionInfo.<lambda> at 0x7fc2d9f0aaf0>})': Error starting action
Jail('some-filter')/iptables-ipset-proto6-allports: 'Script error'
5. In the current setup although the Fail2Ban daemon seems to be
running, there seems to be some change in the Fail2Ban v.0.11.x script's
parser that blocks Fail2Ban from working as expected.
Thank you.
MA
** Description changed:
1. We have just upgraded to Ubuntu Server 20.04 LTS (from 18.04 LTS),
using the usual do-release-upgrade command.
2. Fail2Ban was upgraded from 0.10.2-2 to 0.11.1-1 and now I does not
insert the usual match-set rules into iptables, although it seems to be
finding IP's, banning and trying to insert those rules. The filter.d and
jail.d scripts that we customized were left untouched from the
- previously working setup and are all present in the current
- diretctories.
+ previously working setup and are all present in the current directories.
3. Runing systemctl status --no-pager -l fail2ban.service shows:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor
preset: enabled)
Active: active (running) since Sun 2020-04-26 11:22:37 CEST; 1h 40min ago
Docs: man:fail2ban(1)
Process: 8769 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited,
status=0/SUCCESS)
Main PID: 8770 (f2b/server)
Tasks: 11 (limit: 4654)
Memory: 12.4M
CGroup: /system.slice/fail2ban.service
└─8770 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
abr 26 11:22:37 mx systemd[1]: Starting Fail2Ban Service...
abr 26 11:22:37 mx systemd[1]: Started Fail2Ban Service.
abr 26 11:22:38 mx fail2ban-server[8770]: Server ready
4. The log at /var/log/fail2ban.log, shows:
4.1. the usual entries:
2020-04-26 12:44:37,284 fail2ban.filter [8770]: INFO [some-filter]
Found 185.39.10.73 - 2020-04-26 12:44:37
2020-04-26 12:44:37,594 fail2ban.actions [8770]: NOTICE [some-filter]
Ban 185.39.10.73
4.2. many previously not found ERRORS like:
2020-04-26 12:44:37,607 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0
-- exec: ipset create f2b-some-filter hash:ip timeout <bantime>
iptables -w -I INPUT 6 -m set --match-set f2b-some-filter src -j DROP
2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0
-- stderr: '/bin/sh: 2: Syntax error: newline unexpected'
2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0
-- returned 2
2020-04-26 12:44:37,608 fail2ban.actions [8770]: ERROR Failed to
execute ban jail 'some-filter' action 'iptables-ipset-proto6-allports' info
'ActionInfo({'ip': '185.39.10.73', 'family': 'inet4', 'fid': <function
Actions.ActionInfo.<lambda> at 0x7fc2d9f0a430>, 'raw-ticket': <function
Actions.ActionInfo.<lambda> at 0x7fc2d9f0aaf0>})': Error starting action
Jail('some-filter')/iptables-ipset-proto6-allports: 'Script error'
5. In the current setup although the Fail2Ban daemon seems to be
running, there seems to be some change in the Fail2Ban v.0.11.x script's
parser that blocks Fail2Ban from working as expected.
Thank you.
MA
** Description changed:
1. We have just upgraded to Ubuntu Server 20.04 LTS (from 18.04 LTS),
using the usual do-release-upgrade command.
2. Fail2Ban was upgraded from 0.10.2-2 to 0.11.1-1 and now I does not
insert the usual match-set rules into iptables, although it seems to be
finding IP's, banning and trying to insert those rules. The filter.d and
jail.d scripts that we customized were left untouched from the
previously working setup and are all present in the current directories.
3. Runing systemctl status --no-pager -l fail2ban.service shows:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor
preset: enabled)
Active: active (running) since Sun 2020-04-26 11:22:37 CEST; 1h 40min ago
Docs: man:fail2ban(1)
Process: 8769 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited,
status=0/SUCCESS)
Main PID: 8770 (f2b/server)
Tasks: 11 (limit: 4654)
Memory: 12.4M
CGroup: /system.slice/fail2ban.service
└─8770 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
abr 26 11:22:37 mx systemd[1]: Starting Fail2Ban Service...
abr 26 11:22:37 mx systemd[1]: Started Fail2Ban Service.
abr 26 11:22:38 mx fail2ban-server[8770]: Server ready
4. The log at /var/log/fail2ban.log, shows:
4.1. the usual entries:
2020-04-26 12:44:37,284 fail2ban.filter [8770]: INFO [some-filter]
Found 185.39.10.73 - 2020-04-26 12:44:37
2020-04-26 12:44:37,594 fail2ban.actions [8770]: NOTICE [some-filter]
Ban 185.39.10.73
4.2. many previously not found ERRORS like:
2020-04-26 12:44:37,607 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0
-- exec: ipset create f2b-some-filter hash:ip timeout <bantime>
iptables -w -I INPUT 6 -m set --match-set f2b-some-filter src -j DROP
2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0
-- stderr: '/bin/sh: 2: Syntax error: newline unexpected'
2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0
-- returned 2
2020-04-26 12:44:37,608 fail2ban.actions [8770]: ERROR Failed to
execute ban jail 'some-filter' action 'iptables-ipset-proto6-allports' info
'ActionInfo({'ip': '185.39.10.73', 'family': 'inet4', 'fid': <function
Actions.ActionInfo.<lambda> at 0x7fc2d9f0a430>, 'raw-ticket': <function
Actions.ActionInfo.<lambda> at 0x7fc2d9f0aaf0>})': Error starting action
Jail('some-filter')/iptables-ipset-proto6-allports: 'Script error'
5. In the current setup although the Fail2Ban daemon seems to be
running, there seems to be some change in the Fail2Ban v.0.11.x script's
- parser that blocks Fail2Ban from working as expected.
+ parser that blocks Fail2Ban from inserting iptables --match-set rules
+ and rendering the application useless.
Thank you.
MA
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875169
Title:
After upgrading to Ubuntu 20.04 (from 18.04) Fail2Ban no longer
inserts iptables --match-set rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/1875169/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
