fail2ban

Sun, 24 Sep 2017 13:29:15 -0700

I'm trying to configure fail2ban and it appears as if it is correctly identifying addresses to ban however it doesn't appear to be successful in banning hosts: 


2017-09-24 16:01:46,073 fail2ban.actions        [3591]: NOTICE [sshd] 
Ban 91.210.178.96
2017-09-24 16:01:46,494 fail2ban.action         [3591]: ERROR ipset add 
fail2ban-sshd 91.210.178.96 timeout 31536000 -exist -- stdout: b''
2017-09-24 16:01:46,494 fail2ban.action         [3591]: ERROR ipset add 
fail2ban-sshd 91.210.178.96 timeout 31536000 -exist -- stderr: b'ipset 
v6.29: The set with the given name does not exist\n'
2017-09-24 16:01:46,495 fail2ban.action         [3591]: ERROR ipset add 
fail2ban-sshd 91.210.178.96 timeout 31536000 -exist -- returned 1
2017-09-24 16:01:46,495 fail2ban.actions        [3591]: ERROR Failed to 
execute ban jail 'sshd' action 'firewallcmd-ipset' info 
'CallingMap({'ip': '91.210.178.96', 'failures': 25, 'time': 
1506283306.0737438, 'matches': 
'2017-09-24T12:50:33.918187xyzzy.bubble.org sshd[31335]: Invalid user 
admin from 91.210.178.96 port 
51448\n2017-09-24T12:50:35.229995xyzzy.bubble.org sshd[31337]: Invalid 
user admin from 91.210.178.96 port 
51456\n2017-09-24T12:50:36.520259xyzzy.bubble.org sshd[31339]: Invalid 
user admin from 91.210.178.96 port 
51461\n2017-09-24T12:50:37.869954xyzzy.bubble.org sshd[31343]:


{removed part of the very long line showing all the matches in fail2 ban}



91.210.178.96 port 51705', 'ipmatches': <function 
Actions.__checkBan.<locals>.<lambda> at 0x7f3ed78c7950>, 
'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda> at 
0x7f3ed78c7c80>, 'ipfailures': <function 
Actions.__checkBan.<locals>.<lambda> at 0x7f3ed78c7d90>, 
'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 
0x7f3ed78c7d08>})': Error banning 91.210.178.96
2017-09-24 16:01:46,909 fail2ban.actions        [3591]: NOTICE [sshd] 
91.210.178.96 already banned
2017-09-24 16:01:47,911 fail2ban.actions        [3591]: NOTICE [sshd] 
91.210.178.96 already banned


This is Fedora 26

/etc/fail2ban/fail2ban.conf is set to distribution default
/etc/fail2ban/jail.conf is set to distribution default

I've added in to fail2ban.d/local.conf

       [fail2ban]
       enabled = true
       filter = fail2ban
       action = iptables-allports[name=fail2ban]
       logpath = /var/log/fail2ban.log
       # findtime: 1 day
       findtime = 86400
       # bantime: 1 year
       bantime = 31536000
       maxretry = 5

to jail.d/00-firewalld.conf

   [DEFAULT]
   banaction = firewallcmd-ipset
   sender = fail2...@example.com
   destemail = root
   action = %(action_mwl)s

to jaild/10-sshd.conf

   [sshd]
   enabled=true
   # findtime: 1 day
   findtime = 86400
   # bantime: 1 year
   bantime = 31536000




and yes the system is currently setup to accept only public/private key 
authentication for SSH, I'm assuming that once I get ssh figured out I 
can get the other services figured out.


Thanks, Jeff


_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org






















					Reply via email to