Re: fail2ban

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




 


On 2017-09-25 00:33, Bill Shirley wrote:

Looks like your ipset wasn't created or something caused it to be deleted.
ipset v6.29: The set with the given name does not exist

Do you find the named ipset with: ipset -L -n

Also, your default action (firewallcmd-allports.conf) doesn't use ipset. Somehow
your jail is using firewallcmd-ipset.conf.  Use fail2ban-client -d to figure out how
fail2ban is configured.

Bill

On 9/24/2017 4:26 PM, Jeffrey Ross wrote:
I'm trying to configure fail2ban and it appears as if it is correctly identifying addresses to ban however it doesn't appear to be successful in banning hosts:


2017-09-24 16:01:46,073 fail2ban.actions        [3591]: NOTICE  [sshd] Ban 91.210.178.96
2017-09-24 16:01:46,494 fail2ban.action         [3591]: ERROR   ipset add fail2ban-sshd 91.210.178.96 timeout 31536000 -exist -- stdout: b''
2017-09-24 16:01:46,494 fail2ban.action         [3591]: ERROR   ipset add fail2ban-sshd 91.210.178.96 timeout 31536000 -exist -- stderr: b'ipset v6.29: The set with the given name does not exist\n'
2017-09-24 16:01:46,495 fail2ban.action         [3591]: ERROR   ipset add fail2ban-sshd 91.210.178.96 timeout 31536000 -exist -- returned 1
2017-09-24 16:01:46,495 fail2ban.actions        [3591]: ERROR   Failed to execute ban jail 'sshd' action 'firewallcmd-ipset' info 'CallingMap({'ip': '91.210.178.96', 'failures': 25, 'time': 1506283306.0737438, 'matches': '2017-09-24T12:50:33.918187xyzzy.bubble.org sshd[31335]: Invalid user admin from 91.210.178.96 port 51448\n2017-09-24T12:50:35.229995xyzzy.bubble.org sshd[31337]: Invalid user admin from 91.210.178.96 port 51456\n2017-09-24T12:50:36.520259xyzzy.bubble.org sshd[31339]: Invalid user admin from 91.210.178.96 port 51461\n2017-09-24T12:50:37.869954xyzzy.bubble.org sshd[31343]:

{removed part of the very long line showing all the matches in fail2 ban}


91.210.178.96 port 51705', 'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7f3ed78c7950>, 'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7f3ed78c7c80>, 'ipfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7f3ed78c7d90>, 'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7f3ed78c7d08>})': Error banning 91.210.178.96
2017-09-24 16:01:46,909 fail2ban.actions        [3591]: NOTICE  [sshd] 91.210.178.96 already banned
2017-09-24 16:01:47,911 fail2ban.actions        [3591]: NOTICE  [sshd] 91.210.178.96 already banned

This is Fedora 26

/etc/fail2ban/fail2ban.conf is set to distribution default
/etc/fail2ban/jail.conf is set to distribution default

I've added in to fail2ban.d/local.conf
[fail2ban]
enabled = true
filter = fail2ban
action = "" /> logpath = /var/log/fail2ban.log
# findtime: 1 day
findtime = 86400
# bantime: 1 year
bantime = 31536000
maxretry = 5
to jail.d/00-firewalld.conf

[DEFAULT]
banaction = firewallcmd-ipset
sender = fail2ban@xxxxxxxxxxx
destemail = root
action = ""> to jaild/10-sshd.conf
[sshd]
enabled=true
# findtime: 1 day
findtime = 86400
# bantime: 1 year
bantime = 31536000


and yes the system is currently setup to accept only public/private key authentication for SSH, I'm assuming that once I get ssh figured out I can get the other services figured out.

Thanks, Jeff



_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
 
 
 
"ipset -L -n" returns nothing, no output, nor any error, and what should I be looking for with "fail2ban-client -d" as it returns a large amount of "stuff"
 
Jeff
 
 
 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux