fail2ban

[kamilhlavka]

Dobrý den
Snažím se rozchodit fail2ban

Ale zdá se, že se pravidla neimportují do iptables

Status for the jail: file
|- filter
| |- File list: /var/log/apache2/error.log
| |- Currently failed: 5
| `- Total failed: 15
`- action
|- Currently banned: 1
| `- IP list: 31.184.236.8
`- Total banned: 1

Ale iptables -L
Mě ukáže tohle

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere FATAL: Could not load /lib/modules/2.6.18-308.8.2.el5.028stab101.3/modules.dep: No such file or directory
multiport dports ftp
fail2ban-ssh tcp -- anywhere anywhere multiport dports ftp
fail2ban-ssh tcp -- anywhere anywhere multiport dports ftp
fail2ban-apache tcp -- anywhere anywhere multiport dports www,https
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
fail2ban-apache-multiport tcp -- anywhere anywhere multiport dports www,https
fail2ban-ssh tcp -- anywhere anywhere multiport dports ftp
fail2ban-ssh tcp -- anywhere anywhere multiport dports ftp
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-apache (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-apache-multiport (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-file (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-phperror (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-postfix-connection (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain fail2ban-ssh (6 references)
target prot opt source destination
RETURN all -- anywhere anywhere

V logu fail2ban.log je

iptables -I INPUT -p tcp -m multiport --dports all -j fail2ban-file returned 200
2014-04-01 14:23:15,660 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-file returned 100
2014-04-01 14:23:15,660 fail2ban.actions.action: CRITICAL Unable to restore environment
2014-04-01 14:28:05,166 fail2ban.actions: WARNING [phperror] Ban 85.207.5.22
2014-04-01 14:28:05,172 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-phperror returned 100
2014-04-01 14:28:05,173 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment
2014-04-01 14:28:05,186 fail2ban.actions.action: ERROR iptables -N fail2ban-phperror
iptables -A fail2ban-phperror -j RETURN
iptables -I INPUT -p tcp -m multiport --dports all -j fail2ban-phperror returned 200
2014-04-01 14:28:05,191 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-phperror returned 100
2014-04-01 14:28:05,191 fail2ban.actions.action: CRITICAL Unable to restore environment
2014-04-01 14:31:33,067 fail2ban.actions: WARNING [phperror] Ban 95.82.153.215
2014-04-01 14:31:33,073 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-phperror returned 100
2014-04-01 14:31:33,073 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment
2014-04-01 14:31:33,085 fail2ban.actions.action: ERROR iptables -N fail2ban-phperror
iptables -A fail2ban-phperror -j RETURN
iptables -I INPUT -p tcp -m multiport --dports all -j fail2ban-phperror returned 200
2014-04-01 14:31:33,090 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-phperror returned 100
2014-04-01 14:31:33,090 fail2ban.actions.action: CRITICAL Unable to restore environment
2014-04-01 14:32:52,191 fail2ban.actions: WARNING [file] 31.184.236.8 already banned
2014-04-01 14:32:53,191 fail2ban.actions: WARNING [file] 31.184.236.8 already banned
2014-04-01 14:35:12,202 fail2ban.actions: WARNING [ssh] Ban 116.10.191.186
2014-04-01 14:39:56,316 fail2ban.actions: WARNING [file] Unban 31.184.236.8
2014-04-01 14:39:56,322 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-file returned 100
2014-04-01 14:39:56,363 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment
2014-04-01 14:39:56,375 fail2ban.actions.action: ERROR iptables -N fail2ban-file
iptables -A fail2ban-file -j RETURN
iptables -I INPUT -p tcp -m multiport --dports all -j fail2ban-file returned 200
2014-04-01 14:39:56,380 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-file returned 100
2014-04-01 14:39:56,380 fail2ban.actions.action: CRITICAL Unable to restore environment

Poradíte někdo na co se zaměřit - co je špatně ?
Děkuji Kamil

[4smart.cz]

Dobrý den,

fail2ban zřejmě požaduje rozšířené vlastnosti od iptables, než jaké 4smart.cz nabízí.

4smart.cz podporuje tyto chainy:
cat /proc/net/ip_tables_names

tyto cíle:
cat /proc/net/ip_tables_targets
- zde chybí například MASQUERADE

tyto (surove prelozeno) "shody":
cat /proc/ip_tables_matches

Dále může být problém v omezení množství pravidel/VPS, které lze samozřejmě pro konkrétní VPS rozšířit.

J.M.

[kamilhlavka]

iptables -n -L INPUT | grep -q fail2ban-file returned 100

To je asi nejaky retezec (promenna ?) ktery se snazi program fail2ban nacpat do iptables

Muže být problém v omezení množství pravidel/VP ?

ID VS je 320

Máte tip na nějaký jiný podobný program ?

[4smart.cz]

Na omezení počtu pravidel nyní nenarážíte.
Aktuálně používáte 55 pravidel z celkových 128 možných.

Doporučuji zaměřit se na podstatu návratového kódu 100, který vrací fail2ban-file.

Při troše snahy je možné, že Fail2Ban rozchodíte.