fail2ban iptables Errors

T

tomic

New Member
Hat dazu vielleicht jemand eine Idee?

Code: 
2011-10-10 10:51:14,677 fail2ban.actions: WARNING [courierauth] Ban 2.207.52.66
2011-10-10 11:21:14,767 fail2ban.actions: WARNING [courierauth] Unban 2.207.52.66
2011-10-10 11:30:25,419 fail2ban.actions: WARNING [courierauth] Ban 2.207.52.66
2011-10-10 11:50:50,781 fail2ban.filter : INFO   Log rotation detected for /var/log/mail.log
2011-10-10 11:50:50,786 fail2ban.filter : INFO   Log rotation detected for /var/log/mail.log
2011-10-10 11:50:52,783 fail2ban.filter : INFO   Log rotation detected for /var/log/mail.log
2011-10-10 11:50:52,788 fail2ban.filter : INFO   Log rotation detected for /var/log/mail.log
2011-10-10 11:50:58,857 fail2ban.jail   : INFO   Jail 'sasl' stopped
2011-10-10 11:50:58,880 fail2ban.actions: WARNING [courierauth] Unban 2.207.52.66
2011-10-10 11:50:59,795 fail2ban.jail   : INFO   Jail 'courierauth' stopped
2011-10-10 11:50:59,796 fail2ban.server : INFO   Exiting Fail2ban
2011-10-10 11:51:12,401 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2011-10-10 11:51:12,401 fail2ban.jail   : INFO   Creating new jail 'sasl'
2011-10-10 11:51:12,402 fail2ban.jail   : INFO   Jail 'sasl' uses poller
2011-10-10 11:51:12,415 fail2ban.filter : INFO   Added logfile = /var/log/mail.log
2011-10-10 11:51:12,415 fail2ban.filter : INFO   Set maxRetry = 3
2011-10-10 11:51:12,417 fail2ban.filter : INFO   Set findtime = 600
2011-10-10 11:51:12,417 fail2ban.actions: INFO   Set banTime = 1800
2011-10-10 11:51:12,423 fail2ban.jail   : INFO   Creating new jail 'courierauth'
2011-10-10 11:51:12,423 fail2ban.jail   : INFO   Jail 'courierauth' uses poller
2011-10-10 11:51:12,424 fail2ban.filter : INFO   Added logfile = /var/log/mail.log
2011-10-10 11:51:12,424 fail2ban.filter : INFO   Set maxRetry = 3
2011-10-10 11:51:12,426 fail2ban.filter : INFO   Set findtime = 600
2011-10-10 11:51:12,427 fail2ban.actions: INFO   Set banTime = 1800
2011-10-10 11:51:12,433 fail2ban.jail   : INFO   Jail 'sasl' started
2011-10-10 11:51:12,435 fail2ban.jail   : INFO   Jail 'courierauth' started
2011-10-10 11:51:12,442 fail2ban.actions.action: ERROR  iptables -N fail2ban-courierauth
iptables -A fail2ban-courierauth -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s -j fail2ban-courierauth returned 200
2011-10-10 11:59:16,995 fail2ban.actions: WARNING [courierauth] Ban 2.207.52.66
2011-10-10 11:59:17,002 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-courierauth returned 100
2011-10-10 11:59:17,002 fail2ban.actions.action: ERROR  Invariant check failed. Trying to restore a sane environment
2011-10-10 11:59:17,009 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s -j fail2ban-courierauth
iptables -F fail2ban-courierauth
iptables -X fail2ban-courierauth returned 100
2011-10-10 12:29:17,088 fail2ban.actions: WARNING [courierauth] Unban 2.207.52.66
 
Das passiert manchmal.

Was zeigt denn /var/log/fail2ban.log denn bei Eingabe von
fail2ban-client reload
in der Shell?

Oder hast du deinen vServer?
 
Es ist ein vServer.... aber mit OpenVZ virtualisiert. Jeder vServer hat sein eigenes iptables.

Code: 
fail2ban-client reload
WARNING 'findtime' not defined in 'apache-noscript'. Using default value
WARNING 'findtime' not defined in 'pam-generic'. Using default value
WARNING 'findtime' not defined in 'vsftpd'. Using default value
WARNING 'findtime' not defined in 'xinetd-fail'. Using default value
WARNING 'findtime' not defined in 'named-refused-udp'. Using default value
WARNING 'findtime' not defined in 'ssh-ddos'. Using default value
WARNING 'findtime' not defined in 'apache-multiport'. Using default value
WARNING 'findtime' not defined in 'apache-overflows'. Using default value
WARNING 'findtime' not defined in 'couriersmtp'. Using default value
WARNING 'findtime' not defined in 'wuftpd'. Using default value
WARNING 'findtime' not defined in 'ssh'. Using default value
WARNING 'findtime' not defined in 'postfix'. Using default value
WARNING 'findtime' not defined in 'sasl'. Using default value
WARNING 'findtime' not defined in 'apache'. Using default value
WARNING 'findtime' not defined in 'courierauth'. Using default value
WARNING 'findtime' not defined in 'proftpd'. Using default value
WARNING 'findtime' not defined in 'named-refused-tcp'. Using default value
 
Code: 
2011-10-11 11:04:42,645 fail2ban.jail   : INFO   Jail 'courierauth' started
2011-10-11 11:04:42,653 fail2ban.actions.action: ERROR  iptables -N fail2ban-courierauth
iptables -A fail2ban-courierauth -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s -j fail2ban-courierauth returned 200
 
Der Fehler kommt zustande, weil iptables -N schon die Regel hat.
Du änderst aber nicht noch mit anderen Programmen die Inhalte der Firewallregeln?

Dann mal
fail2ban-client stop
fail2ban-client start
fail2ban-client reload
 
Last edited by a moderator:
Das einzige, was ich zum Thema iptables installiert habe ist fail2ban.
Ansonsten dürfte nichts darauf zugreifen.

Der VServer wurde auch schon mehrfach neu gestartet, der Dienst ebenfalls...
Ich habe 2 Jails aktiv(sasl und courierauth), könnte es daran liegen, dass jemand versucht, sich durch beide Arten Zugriff zu verschaffen?
 
Wenn du fail2ban-client stoppst, dann iptables -L
existieren da schon regeln?

fail2ban-client stop
iptables -L
 
Wenn ich iptables -L ausführe während fail2ban noch läuft erhalte ich...

Code: 
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-sasl  tcp  --  anywhere             anywhere            FATAL: Could not load /lib/modules/2.6.32-5-openvz-amd64/modules.dep: No such file or directory
multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-sasl (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Wennn ich es ausführe wenn fail2ban nicht läuft habe ich

Code: 
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

FATAL: Could not load /lib/modules/2.6.32-5-openvz-amd64/modules.dep: No such file or directory

Verstehe ich nicht ganz...
 
Hi,

schau mal es geht wenn du statt Namen die Ports nimmst.
Kannst du das Modul/Paket(-dev) für /lib/modules/2.6.32-5-openvz-amd64/modules.dep nach installieren?
 
You must log in or register to reply here.
Back
Top