Bug#650678: fail2ban: Random iptables errors on start

Thu, 01 Dec 2011 12:24:18 -0800 

Package: fail2ban
Version: 0.8.4-3
Severity: grave
Tags: security
Justification: user security hole

I have used fail2ban but this is very strange. According to fail2ban log
and the output of iptables some of the iptables commands in the
iptables-multiport action script fail. I can't see any sytem behind the
errors. This is a fairly mixed system (packages from lenny & squeeze,
some fron even older versions) but I don't see how that would cause
that. iptables & python are from squeeze.

Here is a typical log output

2011-12-01 20:03:00,662 fail2ban.filter : INFO   Set findtime = 600
2011-12-01 20:03:00,662 fail2ban.actions: INFO   Set banTime = 600
2011-12-01 20:03:00,675 fail2ban.jail   : INFO   Jail 'ssh-ddos' started
2011-12-01 20:03:00,683 fail2ban.jail   : INFO   Jail 'introspection'
started
2011-12-01 20:03:00,687 fail2ban.jail   : INFO   Jail 'apache-overflows'
started
2011-12-01 20:03:00,693 fail2ban.jail   : INFO   Jail 'ssh' started
2011-12-01 20:03:00,695 fail2ban.jail   : INFO   Jail 'proftpd' started
2011-12-01 20:03:00,712 fail2ban.actions.action: ERROR  iptables -N
fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
returned 200

But this is totally random. Sometimes one jail fails, sometimes another,
sometimes more than one.

Note that due to fail2ban's architecture it doesn't report that
something failed on start-up. Admins relying on fail2ban (a bad idea
IMHO) are facing a potential security risk!

Thanks 

-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (1, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.26-2-amd64
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)

Versions of packages fail2ban depends on:
ii  lsb-base                3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii  python                  2.6.6-3+squeeze6 interactive high-level object-orie
ii  python-central          0.6.16+nmu1      register and build utility for Pyt

Versions of packages fail2ban recommends:
ii  iptables                      1.4.8-3    administration tools for packet fi
ii  whois                         4.7.30     an intelligent whois client

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to