[Fail2ban-users] Fail2Ban on CentOS7 issues - not banning

Mon, 27 Apr 2015 12:13:35 -0700 

Hello list, I installed Fail2Ban - yum install fail2ban, gave me v0.9.1This is 
Asterisk system, all I need is to block password attempts for asterisk.I'm NEW 
to Linux, so I'm just looking forward, i.e. CentOS7, systemd, firewalld... The 
only thing I did is configured jail.local like so:
[DEFAULT]
banaction = firewallcmd-ipset
destemail = [email protected]
backend = polling ;This option FIXED issue with CRITICAL crash on startup and 
fail2ban.log started to look as it should be [asterisk]
enabled = true
logpath  = /var/log/asterisk/messages
maxretry = 5
bantime = 86400 Main issue. Log looks correct but even from log you can tell 
it's not banning. Something going on with firewalld. No errors, but it's not 
taking those rules?Basically, looks like part of fail2ban which detects and 
takes on action works correctly, but actual "ban" part not working without any 
error? 2015-04-27 13:56:13,241 fail2ban.actions        [2944]: NOTICE  
[asterisk] 212.129.1.26 already banned
2015-04-27 13:56:57,514 fail2ban.filter         [2944]: INFO    [asterisk] 
Found 212.129.1.26
2015-04-27 13:57:10,552 fail2ban.filter         [2944]: INFO    [asterisk] 
Found 212.129.1.26
2015-04-27 13:57:30,600 fail2ban.filter         [2944]: INFO    [asterisk] 
Found 212.129.1.26
2015-04-27 13:58:45,766 fail2ban.filter         [2944]: INFO    [asterisk] 
Found 212.129.1.26
2015-04-27 13:59:17,840 fail2ban.filter         [2944]: INFO    [asterisk] 
Found 212.129.1.26
2015-04-27 13:59:18,672 fail2ban.actions        [2944]: NOTICE  [asterisk] 
212.129.1.26 already banned
2015-04-27 13:59:49,926 fail2ban.filter         [2944]: INFO    [asterisk] 
Found 212.129.1.26
2015-04-27 14:00:24,002 fail2ban.filter         [2944]: INFO    [asterisk] 
Found 212.129.1.26 If I restart service - service fail2ban restart - here is 
what I get, everything looks great, and I even get email (issue with sender was 
solved in other email)2015-04-27 14:02:10,982 fail2ban.server         [2944]: 
INFO    Stopping all jails
2015-04-27 14:02:11,079 fail2ban.actions        [2944]: NOTICE  [asterisk] 
Unban 212.129.1.26
2015-04-27 14:02:11,291 fail2ban.actions        [2944]: NOTICE  [asterisk] 
Unban 212.83.187.182
2015-04-27 14:02:12,228 fail2ban.jail           [2944]: INFO    Jail 'asterisk' 
stopped
2015-04-27 14:02:12,239 fail2ban.server         [2944]: INFO    Exiting Fail2ban
2015-04-27 14:02:12,477 fail2ban.server         [5140]: INFO    Changed logging 
target to /var/log/fail2ban.log for Fail2ban v0.9.1
2015-04-27 14:02:12,478 fail2ban.database       [5140]: INFO    Connected to 
fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2015-04-27 14:02:12,485 fail2ban.jail           [5140]: INFO    Creating new 
jail 'asterisk'
2015-04-27 14:02:12,485 fail2ban.jail           [5140]: INFO    Jail 'asterisk' 
uses poller
2015-04-27 14:02:12,511 fail2ban.filter         [5140]: INFO    Set jail log 
file encoding to UTF-8
2015-04-27 14:02:12,512 fail2ban.jail           [5140]: INFO    Initiated 
'polling' backend
2015-04-27 14:02:12,521 fail2ban.filter         [5140]: INFO    Added logfile = 
/var/log/asterisk/messages
2015-04-27 14:02:12,522 fail2ban.filter         [5140]: INFO    Set maxRetry = 5
2015-04-27 14:02:12,523 fail2ban.filter         [5140]: INFO    Set jail log 
file encoding to UTF-8
2015-04-27 14:02:12,524 fail2ban.actions        [5140]: INFO    Set banTime = 
86400
2015-04-27 14:02:12,525 fail2ban.filter         [5140]: INFO    Set findtime = 
600
2015-04-27 14:02:12,657 fail2ban.jail           [5140]: INFO    Jail 'asterisk' 
started
2015-04-27 14:02:13,476 fail2ban.actions        [5140]: NOTICE  [asterisk] Ban 
212.129.1.26
2015-04-27 14:02:14,311 fail2ban.actions        [5140]: NOTICE  [asterisk] Ban 
212.83.187.182
  Now if I reboot machine (important, not restarting service, rebooting 
server!) I get ERRORS in fail2ban.logIt seems that fail2ban doesn't do 
permanent (or at least should do permanent) rules in firewalld. Can somebody 
help with WHAT need to be set/changed to get banning working ?  2015-04-27 
14:03:40,109 fail2ban.server         [5140]: INFO    Stopping all jails
2015-04-27 14:03:41,074 fail2ban.actions        [5140]: NOTICE  [asterisk] 
Unban 212.129.1.26
2015-04-27 14:03:41,285 fail2ban.actions        [5140]: NOTICE  [asterisk] 
Unban 212.83.187.182
2015-04-27 14:03:41,915 fail2ban.action         [5140]: ERROR   firewall-cmd 
--direct --remove-rule ipv4 filter INPUT 0 -p udp -m multiport --dports 
5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT --reject-with 
icmp-port-unreachable
ipset flush fail2ban-asterisk-udp
ipset destroy fail2ban-asterisk-udp -- stdout: 'Not using slip\n'
2015-04-27 14:03:41,915 fail2ban.action         [5140]: ERROR   firewall-cmd 
--direct --remove-rule ipv4 filter INPUT 0 -p udp -m multiport --dports 
5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT --reject-with 
icmp-port-unreachable
ipset flush fail2ban-asterisk-udp
ipset destroy fail2ban-asterisk-udp -- stderr: 'Traceback (most recent call 
last):\n  File "/usr/bin/firewall-cmd", line 703, in <module>\n    fw = 
FirewallClient()\n  File "<string>", line 2, in __init__\n  File 
"/usr/lib/python2.7/site-packages/firewall/client.py", line 52, in 
handle_exceptions\n    return func(*args, **kwargs)\n  File 
"/usr/lib/python2.7/site-packages/firewall/client.py", line 1594, in __init__\n 
   self.bus = dbus.SystemBus()\n  File 
"/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 194, in __new__\n    
private=private)\n  File "/usr/lib64/python2.7/site-packages/dbus/_dbus.py", 
line 100, in __new__\n    bus = BusConnection.__new__(subclass, bus_type, 
mainloop=mainloop)\n  File "/usr/lib64/python2.7/site-packages/dbus/bus.py", 
line 122, in __new__\n    bus = cls._new_for_bus(address_or_type, 
mainloop=mainloop)\ndbus.exceptions.DBusException: 
org.freedesktop.DBus.Error.NoServer: Failed to connect to socket 
/var/run/dbus/system_bus_socket: Connection refused\nipset v6.19: Set cannot be 
destroyed: it is in use by a kernel component\n'
2015-04-27 14:03:41,915 fail2ban.action         [5140]: ERROR   firewall-cmd 
--direct --remove-rule ipv4 filter INPUT 0 -p udp -m multiport --dports 
5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT --reject-with 
icmp-port-unreachable
ipset flush fail2ban-asterisk-udp
ipset destroy fail2ban-asterisk-udp -- returned 1
2015-04-27 14:03:41,915 fail2ban.actions        [5140]: ERROR   Failed to stop 
jail 'asterisk' action 'firewallcmd-ipset-udp': Error stopping action
2015-04-27 14:03:42,222 fail2ban.action         [5140]: ERROR   firewall-cmd 
--direct --remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports 
5060,5061 -m set --match-set fail2ban-asterisk-tcp src -j REJECT --reject-with 
icmp-port-unreachable
ipset flush fail2ban-asterisk-tcp
ipset destroy fail2ban-asterisk-tcp -- stdout: 'Not using slip\n'
2015-04-27 14:03:42,222 fail2ban.action         [5140]: ERROR   firewall-cmd 
--direct --remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports 
5060,5061 -m set --match-set fail2ban-asterisk-tcp src -j REJECT --reject-with 
icmp-port-unreachable
ipset flush fail2ban-asterisk-tcp
ipset destroy fail2ban-asterisk-tcp -- stderr: 'Traceback (most recent call 
last):\n  File "/usr/bin/firewall-cmd", line 703, in <module>\n    fw = 
FirewallClient()\n  File "<string>", line 2, in __init__\n  File 
"/usr/lib/python2.7/site-packages/firewall/client.py", line 52, in 
handle_exceptions\n    return func(*args, **kwargs)\n  File 
"/usr/lib/python2.7/site-packages/firewall/client.py", line 1594, in __init__\n 
   self.bus = dbus.SystemBus()\n  File 
"/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 194, in __new__\n    
private=private)\n  File "/usr/lib64/python2.7/site-packages/dbus/_dbus.py", 
line 100, in __new__\n    bus = BusConnection.__new__(subclass, bus_type, 
mainloop=mainloop)\n  File "/usr/lib64/python2.7/site-packages/dbus/bus.py", 
line 122, in __new__\n    bus = cls._new_for_bus(address_or_type, 
mainloop=mainloop)\ndbus.exceptions.DBusException: 
org.freedesktop.DBus.Error.NoServer: Failed to connect to socket 
/var/run/dbus/system_bus_socket: Connection refused\nipset v6.19: Set cannot be 
destroyed: it is in use by a kernel component\n'
2015-04-27 14:03:42,222 fail2ban.action         [5140]: ERROR   firewall-cmd 
--direct --remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports 
5060,5061 -m set --match-set fail2ban-asterisk-tcp src -j REJECT --reject-with 
icmp-port-unreachable
ipset flush fail2ban-asterisk-tcp
ipset destroy fail2ban-asterisk-tcp -- returned 1
2015-04-27 14:03:42,223 fail2ban.actions        [5140]: ERROR   Failed to stop 
jail 'asterisk' action 'firewallcmd-ipset-tcp': Error stopping action
2015-04-27 14:03:42,223 fail2ban.jail           [5140]: INFO    Jail 'asterisk' 
stopped
2015-04-27 14:03:42,230 fail2ban.server         [5140]: INFO    Exiting Fail2ban
 
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to