Re: [Fail2ban-users] Getting CRITICAL error after 'unban'

Jonathan Aquilina via Fail2ban-users Sun, 27 Sep 2020 02:54:35 -0700

Morning,

I hope you mean 18.04 as 8.04 is an ancient version of ubuntu to be using.


Regards,
Jonathan


-----Original Message-----
From: Chris Green <[email protected]> 
Sent: Saturday, 26 September 2020 23:30
To: [email protected]
Subject: [Fail2ban-users] Getting CRITICAL error after 'unban'

I have just installed fail2ban on a virtual server I run on Gandi Internet in 
France.

The virtual server runs Ubuntu 8.04.5 LTS and I installed fail2ban from the 
standard repositories, version 0.10.2-2.

I haven't changed the configuration at all, I just went with what 'apt install 
fai2ban' did for me.

It seems to be working (I installed it because I'm seeing crazy numbers of 
attempted ssh logins) but I'm getting CRITICAL errors when it tries to unban 
someone.  As follows:-


2020-09-26 16:24:54,491 fail2ban.actions        [1563]: NOTICE  [sshd] Unban 
51.68.44.154
2020-09-26 16:24:54,530 fail2ban.utils          [1563]: Level 39 7f20226c35e0 
-- exec: iptables -w -n -L INPUT | grep -q 'f2b-sshd[ \t]'
2020-09-26 16:24:54,531 fail2ban.utils          [1563]: ERROR   7f20226c35e0 -- 
stderr: 'modprobe: FATAL: Module ip_tables not found in directory 
/lib/modules/3.10.107-xenU-36-37a7b05-x86_64'
2020-09-26 16:24:54,531 fail2ban.utils          [1563]: ERROR   7f20226c35e0 -- 
stderr: "iptables v1.6.1: can't initialize iptables table `filter': Table does 
not exist (do you need to insmod?)"
2020-09-26 16:24:54,531 fail2ban.utils          [1563]: ERROR   7f20226c35e0 -- 
stderr: 'Perhaps iptables or your kernel needs to be upgraded.'
2020-09-26 16:24:54,531 fail2ban.utils          [1563]: ERROR   7f20226c35e0 -- 
returned 1
2020-09-26 16:24:54,532 fail2ban.CommandAction  [1563]: ERROR   Invariant check 
failed. Trying to restore a sane environment
2020-09-26 16:24:54,576 fail2ban.utils          [1563]: Level 39 7f20226c35e0 
-- exec: iptables -w -n -L INPUT | grep -q 'f2b-sshd[ \t]'
2020-09-26 16:24:54,577 fail2ban.utils          [1563]: ERROR   7f20226c35e0 -- 
stderr: 'modprobe: FATAL: Module ip_tables not found in directory 
/lib/modules/3.10.107-xenU-36-37a7b05-x86_64'
2020-09-26 16:24:54,577 fail2ban.utils          [1563]: ERROR   7f20226c35e0 -- 
stderr: "iptables v1.6.1: can't initialize iptables table `filter': Table does 
not exist (do you need to insmod?)"
2020-09-26 16:24:54,578 fail2ban.utils          [1563]: ERROR   7f20226c35e0 -- 
stderr: 'Perhaps iptables or your kernel needs to be upgraded.'
2020-09-26 16:24:54,578 fail2ban.utils          [1563]: ERROR   7f20226c35e0 -- 
returned 1
2020-09-26 16:24:54,578 fail2ban.CommandAction  [1563]: CRITICAL Unable to 
restore environment
2020-09-26 16:24:54,578 fail2ban.actions        [1563]: ERROR   Failed to 
execute unban jail 'sshd' action 'iptables-multiport' info 'ActionInfo({'ip': 
'51.68.44.154', 'family': 'inet4', 'ip-rev': '154.44.68.51.', 'ip-host': 
'154.ip-51-68-44.eu', 'fid': '51.68.44.154', 'failures': 5, 'time': 
1601129694.0, 'matches': 'Sep 26 16:06:35 isbdGandi sshd[3573]: Failed password 
for invalid user escaner from 51.68.44.154 port 55371 ssh2\nSep 26 16:14:54 
isbdGandi sshd[3800]: Failed password for invalid user r00t from 51.68.44.154 
port 38711 ssh2', 'restored': 0, 'F-*': {'matches': ['Sep 26 16:06:35 isbdGandi 
sshd[3573]: Failed password for invalid user escaner from 51.68.44.154 port 
55371 ssh2', 'Sep 26 16:14:54 isbdGandi sshd[3800]: Failed password for invalid 
user r00t from 51.68.44.154 port 38711 ssh2'], 'failures': 5, 'mlfid': ' 
isbdGandi sshd[3573]: ', 'user': 'escaner', 'ip4': '51.68.44.154'}, 
'ipmatches': 'Sep 26 15:05:48 isbdGandi sshd[2730]: Failed password for invalid 
user rohit from 51.68.44.154 port 53114 ssh2\nSep 26 15:09:54 isbdGandi 
sshd[2813]: Failed password for invalid user esadmin from 51.68.44.154 port 
58900 ssh2\nSep 26 15:17:47 isbdGandi sshd[2918]: Failed password for invalid 
user anonymous from 51.68.44.154 port 42243 ssh2\nSep 26 15:25:55 isbdGandi 
sshd[3030]: Failed password for invalid user tibero from 51.68.44.154 port 
53972 ssh2\nSep 26 15:42:10 isbdGandi sshd[3270]: Failed password for invalid 
user admin from 51.68.44.154 port 48886 ssh2\nSep 26 15:46:16 isbdGandi 
sshd[3302]: Failed password for invalid user martin from 51.68.44.154 port 
54672 ssh2\nSep 26 15:54:21 isbdGandi sshd[3408]: Failed password for invalid 
user jeff from 51.68.44.154 port 38013 ssh2\nSep 26 16:02:30 isbdGandi 
sshd[3506]: Failed password for invalid user user1 from 51.68.44.154 port 49586 
ssh2\nSep 26 16:06:35 isbdGandi sshd[3573]: Failed password for invalid user 
escaner from 51.68.44.154 port 55371 ssh2\nSep 26 16:14:54 isbdGandi 
sshd[3800]: Failed password for invalid user r00t from 51.68.44.154 port 38711 
ssh2', 'ipjailmatches': 'Sep 26 15:05:48 isbdGandi sshd[2730]: Failed password 
for invalid user rohit from 51.68.44.154 port 53114 ssh2\nSep 26 15:09:54 
isbdGandi sshd[2813]: Failed password for invalid user esadmin from 
51.68.44.154 port 58900 ssh2\nSep 26 15:17:47 isbdGandi sshd[2918]: Failed 
password for invalid user anonymous from 51.68.44.154 port 42243 ssh2\nSep 26 
15:25:55 isbdGandi sshd[3030]: Failed password for invalid user tibero from 
51.68.44.154 port 53972 ssh2\nSep 26 15:42:10 isbdGandi sshd[3270]: Failed 
password for invalid user admin from 51.68.44.154 port 48886 ssh2\nSep 26 
15:46:16 isbdGandi sshd[3302]: Failed password for invalid user martin from 
51.68.44.154 port 54672 ssh2\nSep 26 15:54:21 isbdGandi sshd[3408]: Failed 
password for invalid user jeff from 51.68.44.154 port 38013 ssh2\nSep 26 
16:02:30 isbdGandi sshd[3506]: Failed password for invalid user user1 from 
51.68.44.154 port 49586 ssh2\nSep 26 16:06:35 isbdGandi sshd[3573]: Failed 
password for invalid user escaner from 51.68.44.154 port 55371 ssh2\nSep 26 
16:14:54 isbdGandi sshd[3800]: Failed password for invalid user r00t from 
51.68.44.154 port 38711 ssh2', 'ipfailures': 25, 'ipjailfailures': 25})': Error 
unbanning 51.68.44.154


It carries on running OK but obviously there's something rather wrong somwhere.


So can someone point me in the right direction please, maybe I need to install 
something else as well or maybe I simply need to tweak the fail2ban 
configuration somewhere.

I'm a total newbie where fail2ban is concerned though I'm fairly OK with basic 
Linux system administration.

Oh, the virtual server doesn't have many ports open, just 22/ssh and 443/https, 
it's really only the ssh port I seem to need to protect.

--
Chris Green


_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users


_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Re: [Fail2ban-users] Getting CRITICAL error after 'unban'

Reply via email to