Fail2ban: Difference between revisions
No edit summary |
No edit summary |
||
| Line 58: | Line 58: | ||
I think this is a pretty minor problem but it would be nice to fix. note the the attempt to fix above did nothing. | I think this is a pretty minor problem but it would be nice to fix. note the the attempt to fix above did nothing. | ||
==unban== | |||
fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE | |||
The hard part is finding the right jail: | |||
Use iptables -L -n to find the rule name... | |||
...then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which. | |||
Revision as of 01:13, 24 March 2018
sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
to edit config edit the jail.local file!!!
sudo nano /etc/fail2ban/jail.local
Log Files
sudo nano /var/log/fail2ban.log
trying to resolve errors:
<poem> 018-03-14 19:45:55,363 fail2ban.action [571]: ERROR iptables -w -D INPUT -p tcp -j f2b-recidive iptables -w -F f2b-recidive iptables -w -X f2b-recidive -- stdout: b 2018-03-14 19:45:55,364 fail2ban.action [571]: ERROR iptables -w -D INPUT -p tcp -j f2b-recidive iptables -w -F f2b-recidive iptables -w -X f2b-recidive -- stderr: b'iptables: Too many links.\n' 2018-03-14 19:45:55,365 fail2ban.action [571]: ERROR iptables -w -D INPUT -p tcp -j f2b-recidive iptables -w -F f2b-recidive iptables -w -X f2b-recidive -- returned 1 2018-03-14 19:45:55,366 fail2ban.actions [571]: ERROR Failed to stop jail 'recidive' action 'iptables-allports': Error stopping action 2018-03-14 19:45:55,367 fail2ban.jail [571]: INFO Jail 'recidive' stopped 2018-03-14 19:45:56,450 fail2ban.action [571]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports 2222 -j f2b-sshd iptables -w -F f2b-sshd iptables -w -X f2b-sshd -- stdout: b 2018-03-14 19:45:56,451 fail2ban.action [571]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports 2222 -j f2b-sshd iptables -w -F f2b-sshd iptables -w -X f2b-sshd -- stderr: b'iptables: Too many links.\n' 2018-03-14 19:45:56,452 fail2ban.action [571]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports 2222 -j f2b-sshd iptables -w -F f2b-sshd iptables -w -X f2b-sshd -- returned 1 2018-03-14 19:45:56,453 fail2ban.actions [571]: ERROR Failed to stop jail 'sshd' action 'iptables-multiport': Error stopping action 2018-03-14 19:45:56,454 fail2ban.jail [571]: INFO Jail 'sshd' stopped 2018-03-14 19:45:57,452 fail2ban.jail [571]: INFO Jail 'sshd-ddos' stopped 2018-03-14 19:45:57,457 fail2ban.server [571]: INFO Exiting Fail2ban 2018-03-14 19:46:16,950 fail2ban.server [588]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6 2018-03-14 19:46:16,972 fail2ban.database [588]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2018-03-14 19:46:16,992 fail2ban.jail [588]: INFO Creating new jail 'sshd' 2018-03-14 19:46:17,099 fail2ban.jail [588]: INFO Jail 'sshd' uses pyinotify {} 2018-03-14 19:46:17,200 fail2ban.jail [588]: INFO Initiated 'pyinotify' backend 2018-03-14 19:46:17,203 fail2ban.filter [588]: INFO Set jail log file encoding to UTF-8 </poem>
steps taken:
sudo apt install python-pyinotify
sudo nano /etc/fail2ban/jail.local
changed: backend = auto
to: backend = pyinotify
then: sudo systemctl restart fail2ban
I notice restarting f2b re-created the errors in the logs. It seems that the problem is with deleting the iptables rules (banned ips from recdrive)...it gets the 'too many links' error when it tries.
I think this is a pretty minor problem but it would be nice to fix. note the the attempt to fix above did nothing.
unban
fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE
The hard part is finding the right jail:
Use iptables -L -n to find the rule name... ...then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which.
