Hello,I installed fail2ban-0.10.0 on Scientific Linux 7.3 aka CentOS 7.3 with iptables v1.4.21, Python 2.7.5,
configured with paths-fedora.conf
I'm unable to get actions iptables or iptables-multiport to work.
There is no iptables chain f2b-...
I suspect, that no actionstart commands will be executed.
I added a simple /bin/date >> /tmp/... command to actionstart - with no effect.
See below the debug output when starting the jail.
Any hints are welcome! (The epel-RPM 0.9.6 is working).
Thanks,
Frank
+ 141 7F29DF244740 fail2ban.jail INFO Creating new jail 'horde'
+ 141 7F29DF244740 fail2ban.jail DEBUG Backend 'pyinotify' failed
to initialize due to No module named pyinotify
+ 142 7F29DF244740 fail2ban.jail DEBUG Backend 'gamin' failed to
initialize due to No module named gamin
+ 142 7F29DF244740 fail2ban.jail INFO Jail 'horde' uses poller {}
+ 142 7F29DF244740 fail2ban.filter DEBUG Setting usedns = warn for
FilterPoll(Jail('horde'))
+ 142 7F29DF244740 fail2ban.filter DEBUG Created
FilterPoll(Jail('horde'))
+ 142 7F29DF244740 fail2ban.filterpoll DEBUG Created FilterPoll
+ 143 7F29DF244740 fail2ban.jail INFO Initiated 'polling' backend
+ 143 7F29DF244740 fail2ban.server DEBUG failregex: '^ ERR: HORDE
\\[horde\\] FAILED LOGIN for \\S+ to horde \\(<HOST>\\)(\\(forwarded for
\\[\\S+\\]\\))? \\[pid \\d+ on line \\d+ of \\S+\\]$'
+ 145 7F29DF244740 fail2ban.filter DEBUG Setting usedns = warn for
FilterPoll(Jail('horde'))
+ 146 7F29DF244740 fail2ban.filter INFO Added logfile:
'/var/log/horde.log' (pos = 0, hash = d41d8cd98f00b204e9800998ecf8427e)
+ 147 7F29DF244740 fail2ban.filter INFO maxRetry: 6
+ 147 7F29DF244740 fail2ban.filter DEBUG Add 127.0.0.0/8 to
ignore list ('127.0.0.1/8')
+ 148 7F29DF244740 fail2ban.filter INFO encoding: UTF-8
+ 149 7F29DF244740 fail2ban.actions INFO banTime: 600
+ 150 7F29DF244740 fail2ban.filter INFO findtime: 600
+ 150 7F29DF244740 fail2ban.CommandAction DEBUG Created <class
'fail2ban.server.action.CommandAction'>
+ 151 7F29DF244740 fail2ban.CommandAction DEBUG Set actionunban = '<iptables> -D
f2b-HTTP -s <ip> -j <blocktype>'
+ 151 7F29DF244740 fail2ban.CommandAction DEBUG Set actionflush =
'<iptables> -F f2b-HTTP'
+ 152 7F29DF244740 fail2ban.CommandAction DEBUG Set actionstop = '<iptables> -D
INPUT -p tcp --dport https -j f2b-HTTP\n<iptables> -F f2b-HTTP\n<iptables> -X
f2b-HTTP'
+ 152 7F29DF244740 fail2ban.CommandAction DEBUG Set actionstart = '<iptables> -N
f2b-HTTP\n<iptables> -A f2b-HTTP -j RETURN\n<iptables> -I INPUT -p tcp --dport https
-j f2b-HTTP'
+ 152 7F29DF244740 fail2ban.CommandAction DEBUG Set actionban = '<iptables> -I
f2b-HTTP 1 -s <ip> -j <blocktype>'
+ 152 7F29DF244740 fail2ban.CommandAction DEBUG Set actioncheck = "<iptables>
-n -L INPUT | grep -q 'f2b-HTTP[ \\t]'"
+ 152 7F29DF244740 fail2ban.CommandAction DEBUG Set iptables = 'iptables
<lockingopt>'
+ 152 7F29DF244740 fail2ban.CommandAction DEBUG Set lockingopt = '-w'
+ 152 7F29DF244740 fail2ban.CommandAction DEBUG Set known/lockingopt =
'-w'
+ 152 7F29DF244740 fail2ban.CommandAction DEBUG Set
blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable'
+ 153 7F29DF244740 fail2ban.CommandAction DEBUG Set protocol = 'tcp'
+ 153 7F29DF244740 fail2ban.CommandAction DEBUG Set name = 'HTTP'
+ 153 7F29DF244740 fail2ban.CommandAction DEBUG Set chain = 'INPUT'
+ 153 7F29DF244740 fail2ban.CommandAction DEBUG Set
known/blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable'
+ 153 7F29DF244740 fail2ban.CommandAction DEBUG Set known/protocol =
'tcp'
+ 153 7F29DF244740 fail2ban.CommandAction DEBUG Set known/port = 'ssh'
+ 153 7F29DF244740 fail2ban.CommandAction DEBUG Set known/returntype =
'RETURN'
+ 153 7F29DF244740 fail2ban.CommandAction DEBUG Set known/iptables = 'iptables
<lockingopt>'
+ 154 7F29DF244740 fail2ban.CommandAction DEBUG Set known/chain = 'INPUT'
+ 154 7F29DF244740 fail2ban.CommandAction DEBUG Set returntype = 'RETURN'
+ 154 7F29DF244740 fail2ban.CommandAction DEBUG Set known/name =
'default'
+ 154 7F29DF244740 fail2ban.CommandAction DEBUG Set known/blocktype =
'REJECT --reject-with icmp-port-unreachable'
+ 154 7F29DF244740 fail2ban.CommandAction DEBUG Set iptables?family=inet6 =
'ip6tables <lockingopt>'
+ 154 7F29DF244740 fail2ban.CommandAction DEBUG Set
known/iptables?family=inet6 = 'ip6tables <lockingopt>'
+ 154 7F29DF244740 fail2ban.CommandAction DEBUG Set blocktype = 'REJECT
--reject-with icmp-port-unreachable'
+ 154 7F29DF244740 fail2ban.CommandAction DEBUG Set actname = 'iptables'
+ 155 7F29DF244740 fail2ban.CommandAction DEBUG Set port = 'https'
+ 155 7F29DF244740 fail2ban.CommandAction DEBUG Created <class
'fail2ban.server.action.CommandAction'>
+ 156 7F29DF244740 fail2ban.CommandAction DEBUG Set actionban = 'printf %b "Subject: [Fail2Ban] HTTP: banned
<ip> from <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban
<[email protected]>\nTo: [email protected]\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban
after\n<failures> attempts against HTTP.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f [email protected]
[email protected]'
+ 156 7F29DF244740 fail2ban.CommandAction DEBUG Set actionstop = 'printf %b "Subject: [Fail2Ban]
HTTP: stopped on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban
<[email protected]>\nTo: [email protected]\\n\nHi,\\n\nThe jail HTTP has been
stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f [email protected]
[email protected]'
+ 156 7F29DF244740 fail2ban.CommandAction DEBUG Set actioncheck = ''
+ 157 7F29DF244740 fail2ban.CommandAction DEBUG Set norestored = True
+ 157 7F29DF244740 fail2ban.CommandAction DEBUG Set actionstart = 'printf %b "Subject: [Fail2Ban]
HTTP: started on <fq-hostname>\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban
<[email protected]>\nTo: [email protected]\\n\nHi,\\n\nThe jail HTTP has been started
successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f [email protected]
[email protected]'
+ 157 7F29DF244740 fail2ban.CommandAction DEBUG Set actionunban = ''
+ 157 7F29DF244740 fail2ban.CommandAction DEBUG Set name = 'HTTP'
+ 157 7F29DF244740 fail2ban.CommandAction DEBUG Set known/sender =
'fail2ban'
+ 157 7F29DF244740 fail2ban.CommandAction DEBUG Set dest =
'[email protected]'
+ 157 7F29DF244740 fail2ban.CommandAction DEBUG Set known/dest = 'root'
+ 157 7F29DF244740 fail2ban.CommandAction DEBUG Set known/name =
'default'
+ 158 7F29DF244740 fail2ban.CommandAction DEBUG Set known/sendername =
'Fail2Ban'
+ 158 7F29DF244740 fail2ban.CommandAction DEBUG Set actname = 'sendmail'
+ 158 7F29DF244740 fail2ban.CommandAction DEBUG Set sendername =
'Fail2Ban'
+ 158 7F29DF244740 fail2ban.CommandAction DEBUG Set sender =
'[email protected]'
+ 158 7F29DF244740 fail2ban.jail DEBUG Starting jail 'sshd'
+ 160 7F29DF244740 fail2ban.jail INFO Jail 'sshd' started
+ 160 7F29DF244740 fail2ban.jail DEBUG Starting jail 'horde'
+ 160 7F29CDA16700 fail2ban.filterpoll DEBUG /var/log/horde.log has
been modified
+ 161 7F29CDA16700 fail2ban.filter DEBUG Seek to find time
1505379085.7 (2017-09-14 10:51:25), file size 0
+ 161 7F29CDA16700 fail2ban.filter DEBUG Position -1 from 0, found
time None () within 0 seeks
+ 161 7F29DF244740 fail2ban.jail INFO Jail 'horde' started
+ 164 7F29CD215700 fail2ban.action DEBUG printf %b "Subject: [Fail2Ban]
HTTP: started on <fq-hostname>
Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
From: Fail2Ban <[email protected]>
To: [email protected]\n
Hi,\n
The jail HTTP has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f [email protected]
[email protected]
+ 183 7F29CD215700 fail2ban.utils DEBUG 7f29b8001a40 -- returned
successfully 0
--
Frank Richter
Computing Services, Chemnitz University of Technology, Germany
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
