Fail2Ban starts and then stops – sends email

VitalPBX Community Support General Discussion Fail2Ban starts and then stops – sends email

Up
0
Down
  • Post
    • December 3, 2018 at 11:07 pm
    Up
    0
    Down
    Gotoogle
    Participant

    Hi,

    I have VitalPBX installed on as a VM on VMWare Version 2.02-2.

    Fail2Ban starts and then appears to stop and restarts sending an email notification. Did this 600+ times overnight according to the number of emails.

    Ran command…

    # fail2ban-client status asterisk

    RESULT…

    ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running? Traceback (most recent call last): File “/usr/bin/fail2ban-client”, line 472, in <module> if client.start(sys.argv): File “/usr/bin/fail2ban-client”, line 442, in start return self.__processCommand(args) File “/usr/bin/fail2ban-client”, line 281, in __processCommand return self.__processCmd([cmd]) File “/usr/bin/fail2ban-client”, line 185, in __processCmd client.close() File “/usr/lib/python2.7/site-packages/fail2ban/client/csocket.py”, line 55, in close self.__csock.sendall(CSPROTO.CLOSE + CSPROTO.END) File “/usr/lib64/python2.7/socket.py”, line 224, in meth return getattr(self._sock,name)(*args) socket.error: [Errno 32] Broken pipe

    Last cycle from log file follows…

    2018-12-04 09:47:15,909 fail2ban.filter [5364]: INFO Set findtime = 60 2018-12-04 09:47:16,052 fail2ban.jail [5364]: INFO Jail ‘sshd’ started 2018-12-04 09:47:16,060 fail2ban.jail [5364]: INFO Jail ‘sshd-ddos’ started 2018-12-04 09:47:16,061 fail2ban.filtersystemd [5364]: NOTICE Jail started without ‘journalmatch’ set. Jail regexs will be checked against all journal ent$ 2018-12-04 09:47:16,102 fail2ban.jail [5364]: INFO Jail ‘dropbear’ started 2018-12-04 09:47:16,195 fail2ban.jail [5364]: INFO Jail ‘apache-auth’ started 2018-12-04 09:47:16,232 fail2ban.jail [5364]: INFO Jail ‘apache-badbots’ started 2018-12-04 09:47:16,267 fail2ban.jail [5364]: INFO Jail ‘apache-overflows’ started 2018-12-04 09:47:16,270 fail2ban.jail [5364]: INFO Jail ‘apache-modsecurity’ started 2018-12-04 09:47:16,273 fail2ban.jail [5364]: INFO Jail ‘apache-shellshock’ started 2018-12-04 09:47:25,962 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd src -j REJECT –reject-with icmp-port-unreachable — stdout: ” 2018-12-04 09:47:25,963 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd src -j REJECT –reject-with icmp-port-unreachable — stderr: “$ 2018-12-04 09:47:25,963 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd src -j REJECT –reject-with icmp-port-unreachable — returned $ 2018-12-04 09:47:25,963 fail2ban.actions [5364]: ERROR Failed to start jail ‘sshd’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:25,964 fail2ban.actions [5364]: NOTICE [sshd] Ban 1.245.161.226 2018-12-04 09:47:28,018 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd-ddos src -j REJECT –reject-with icmp-port-unreachable — stdo$ 2018-12-04 09:47:28,018 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd-ddos src -j REJECT –reject-with icmp-port-unreachable — stde$ 2018-12-04 09:47:28,019 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd-ddos src -j REJECT –reject-with icmp-port-unreachable — retu$ 2018-12-04 09:47:28,019 fail2ban.actions [5364]: ERROR Failed to start jail ‘sshd-ddos’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:29,378 fail2ban.action [5364]: ERROR ipset create fail2ban-dropbear hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-dropbear src -j REJECT –reject-with icmp-port-unreachable — stdou$ 2018-12-04 09:47:29,379 fail2ban.action [5364]: ERROR ipset create fail2ban-dropbear hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-dropbear src -j REJECT –reject-with icmp-port-unreachable — stder$ 2018-12-04 09:47:29,379 fail2ban.action [5364]: ERROR ipset create fail2ban-dropbear hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-dropbear src -j REJECT –reject-with icmp-port-unreachable — retur$ 2018-12-04 09:47:29,380 fail2ban.actions [5364]: ERROR Failed to start jail ‘dropbear’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:29,862 fail2ban.filter [5364]: INFO [asterisk] Found 5.62.41.34 2018-12-04 09:47:29,863 fail2ban.filter [5364]: INFO [asterisk] Found 5.62.41.34 2018-12-04 09:47:34,829 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-auth hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — st$ 2018-12-04 09:47:34,830 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-auth hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — st$ 2018-12-04 09:47:34,830 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-auth hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — re$ 2018-12-04 09:47:34,830 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-auth’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,928 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-overflows’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:39,749 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-modsecurity’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:42,525 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.action [5364]: ERR
    OR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-shellshock’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:51:44,716 fail2ban.server [5364]: INFO Stopping all jails firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — st$ 2018-12-04 09:47:34,830 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-auth hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — re$ 2018-12-04 09:47:34,830 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-auth’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — st$ 2018-12-04 09:47:34,830 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-auth hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — re$ 2018-12-04 09:47:34,830 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-auth’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,928 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-overflows’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:39,749 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-modsecurity’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:42,525 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-shellshock’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:51:44,716 fail2ban.server [5364]: INFO Stopping all jails

     

     

     

    0
Viewing 9 replies - 1 through 9 (of 9 total)
  • Replies
    • December 4, 2018 at 7:45 pm
    Up
    0
    Down
    Jose Miguel Rivera
    Keymaster
    NI

    Restart the service and let me know its status, or if not start, or if there are any message during the service restarting

    0
    • December 4, 2018 at 11:06 pm
    Up
    0
    Down
    Gotoogle
    Participant

    Hi restarted, status shows that it is started. But GUI still shows that it is NOK and there is nothing in the Jail list.

     

    0
    • December 4, 2018 at 11:08 pm
    Up
    0
    Down
    Gotoogle
    Participant

    Further – it stops…

    Dec 05 09:39:01 vitalpbx.local systemd[1]: fail2ban.service holdoff time over, scheduling restart. Dec 05 09:39:01 vitalpbx.local systemd[1]: Starting Fail2Ban Service… [root@vitalpbx ~]# systemctl status fail2ban.service ● fail2ban.service – Fail2Ban Service Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled) Active: activating (start) since Wed 2018-12-05 09:40:36 +11; 25s ago Docs: man:fail2ban(1) Control: 15489 (fail2ban-client) CGroup: /system.slice/fail2ban.service ├─15175 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b └─15489 /usr/bin/python2 -s /usr/bin/fail2ban-client -x start Dec 05 09:40:36 vitalpbx.local systemd[1]: Starting Fail2Ban Service… [root@vitalpbx ~]# systemctl status fail2ban.service ● fail2ban.service – Fail2Ban Service Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled) Active: deactivating (final-sigterm) (Result: exit-code) Docs: man:fail2ban(1) Process: 17104 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=1/FAILURE) CGroup: /system.slice/fail2ban.service └─16558 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: File “/usr/bin/fail2ban-client”, line 153, in __ping Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: return self.__processCmd([[“ping”]], False) Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: File “/usr/bin/fail2ban-client”, line 185, in __processCmd Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: client.close() Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: File “/usr/lib/python2.7/site-packages/fail2ban/client/csocket.py”, line 55, in close Dec 05 10:05:10 vitalpbx.local systemd[1]: fail2ban.service: control process exited, code=exited status=1 Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: self.__csock.sendall(CSPROTO.CLOSE + CSPROTO.END) Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: File “/usr/lib64/python2.7/socket.py”, line 224, in meth Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: return getattr(self._sock,name)(*args) Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: socket.error: [Errno 32] Broken pipe

    0
    • December 6, 2018 at 4:11 pm
    Up
    0
    Down
    Jose Miguel Rivera
    Keymaster
    NI

    What files are in the following directory: 

    ll /etc/fail2ban/jail.d/
    0
    • December 27, 2018 at 4:51 am
    Up
    0
    Down
    toxicfusion
    Participant

    similar issue with my installs on 2.1.1 

    systemctl status fail2ban shows ACTIVE and OK.  but webUI shows NAN OK.  Also 100% CPU…

    complains about failed to reload iptables.

    0
    • April 8, 2019 at 1:15 am
    Up
    0
    Down
    VoBI
    Participant

    Hello All,

    New Installation over night and have not even configured anything yet, built from ISO. Woke up today to do work and have found myself dealing whit the CPU sitting at 100% looking at “top” fail2ban is sucking all the resources.

    0
    • April 8, 2019 at 4:41 pm
    Up
    0
    Down
    Jose Miguel Rivera
    Keymaster
    NI

    The fail2ban doesn’t work as expected on certain VPS.

    Did you know if your VPS has KVM or OpenVZ virtualization?

    0
    • April 9, 2019 at 1:01 am
    Up
    0
    Down
    VoBI
    Participant

    I cant ssh in either. it was all working and the VPS is using KVM. after 12 hours of sitting there ready to be configured the next day, the CPU was at 100% I had to restart and again at 100% I than ran vitalpbx integrity-check and it fixed the cpu issue and then the web interface and the ssh is broken, we have not even configured anything yet only created the first user.

    0
    • April 9, 2019 at 8:36 pm
    Up
    0
    Down
    Jose Miguel Rivera
    Keymaster
    NI

    You may send me the IP of your VPS and the SSH credentials to my email: miguel@vitalpbx.com

    With this data, I can check your PBX installation

    0
Viewing 9 replies - 1 through 9 (of 9 total)

Tagged: 

  • You must be logged in to reply to this topic.