On a 5210r box, I get the logwatch email and I am seeing a lot of errors
relating to adding ip route commands:
7f84f87ca450 -- exec: ip route add unreachable 43.240.103.138: 2 Time(s)
7f84f87ca450 -- stderr: 'RTNETLINK answers: File exists': 2 Time(s)
7f8534ce0c38 -- exec: ip route del unreachable 43.240.103.138: 2 Time(s)
7f8534ce0c38 -- stderr: 'RTNETLINK answers: No such process': 2 Time(s)
There are a lot of these, with different IPs
Further down I see what appears to be matching entries from fail2ban:
Failed to execute ban jail 'pam-generic' action 'route' info
'ActionInfo({'ip': '43.240.103.138', 'family': 'inet4', 'fid': <function
Actions.ActionInfo.<lambda> at 0x7f8530f0b048>, 'raw-ticket': <function
Actions.ActionInfo.<lambda> at 0x7f8530f0b6a8>})': Error banning
43.240.103.138: 1 Time(s)
What is odd here is that I have fail2ban on two other (5209r) servers and they
appear to add the block rules with iptables with many "f2b-*" chains, but 5210r
doesn't do it that way? There are no f2b-* chains there
Thanks
Darren
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
