› VitalPBX Community Support › General Discussion › Fail2Ban starts and then stops – sends email
- This topic has 9 replies, 4 voices, and was last updated 1 year, 9 months ago by
Jose Miguel Rivera.
- Post
-
- December 3, 2018 at 11:07 pm
Hi,
I have VitalPBX installed on as a VM on VMWare Version 2.02-2.
Fail2Ban starts and then appears to stop and restarts sending an email notification. Did this 600+ times overnight according to the number of emails.
Ran command…
# fail2ban-client status asterisk
RESULT…
ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running? Traceback (most recent call last): File “/usr/bin/fail2ban-client”, line 472, in <module> if client.start(sys.argv): File “/usr/bin/fail2ban-client”, line 442, in start return self.__processCommand(args) File “/usr/bin/fail2ban-client”, line 281, in __processCommand return self.__processCmd([cmd]) File “/usr/bin/fail2ban-client”, line 185, in __processCmd client.close() File “/usr/lib/python2.7/site-packages/fail2ban/client/csocket.py”, line 55, in close self.__csock.sendall(CSPROTO.CLOSE + CSPROTO.END) File “/usr/lib64/python2.7/socket.py”, line 224, in meth return getattr(self._sock,name)(*args) socket.error: [Errno 32] Broken pipe
Last cycle from log file follows…
2018-12-04 09:47:15,909 fail2ban.filter [5364]: INFO Set findtime = 60 2018-12-04 09:47:16,052 fail2ban.jail [5364]: INFO Jail ‘sshd’ started 2018-12-04 09:47:16,060 fail2ban.jail [5364]: INFO Jail ‘sshd-ddos’ started 2018-12-04 09:47:16,061 fail2ban.filtersystemd [5364]: NOTICE Jail started without ‘journalmatch’ set. Jail regexs will be checked against all journal ent$ 2018-12-04 09:47:16,102 fail2ban.jail [5364]: INFO Jail ‘dropbear’ started 2018-12-04 09:47:16,195 fail2ban.jail [5364]: INFO Jail ‘apache-auth’ started 2018-12-04 09:47:16,232 fail2ban.jail [5364]: INFO Jail ‘apache-badbots’ started 2018-12-04 09:47:16,267 fail2ban.jail [5364]: INFO Jail ‘apache-overflows’ started 2018-12-04 09:47:16,270 fail2ban.jail [5364]: INFO Jail ‘apache-modsecurity’ started 2018-12-04 09:47:16,273 fail2ban.jail [5364]: INFO Jail ‘apache-shellshock’ started 2018-12-04 09:47:25,962 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd src -j REJECT –reject-with icmp-port-unreachable — stdout: ” 2018-12-04 09:47:25,963 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd src -j REJECT –reject-with icmp-port-unreachable — stderr: “$ 2018-12-04 09:47:25,963 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd src -j REJECT –reject-with icmp-port-unreachable — returned $ 2018-12-04 09:47:25,963 fail2ban.actions [5364]: ERROR Failed to start jail ‘sshd’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:25,964 fail2ban.actions [5364]: NOTICE [sshd] Ban 1.245.161.226 2018-12-04 09:47:28,018 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd-ddos src -j REJECT –reject-with icmp-port-unreachable — stdo$ 2018-12-04 09:47:28,018 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd-ddos src -j REJECT –reject-with icmp-port-unreachable — stde$ 2018-12-04 09:47:28,019 fail2ban.action [5364]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-sshd-ddos src -j REJECT –reject-with icmp-port-unreachable — retu$ 2018-12-04 09:47:28,019 fail2ban.actions [5364]: ERROR Failed to start jail ‘sshd-ddos’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:29,378 fail2ban.action [5364]: ERROR ipset create fail2ban-dropbear hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-dropbear src -j REJECT –reject-with icmp-port-unreachable — stdou$ 2018-12-04 09:47:29,379 fail2ban.action [5364]: ERROR ipset create fail2ban-dropbear hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-dropbear src -j REJECT –reject-with icmp-port-unreachable — stder$ 2018-12-04 09:47:29,379 fail2ban.action [5364]: ERROR ipset create fail2ban-dropbear hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-dropbear src -j REJECT –reject-with icmp-port-unreachable — retur$ 2018-12-04 09:47:29,380 fail2ban.actions [5364]: ERROR Failed to start jail ‘dropbear’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:29,862 fail2ban.filter [5364]: INFO [asterisk] Found 5.62.41.34 2018-12-04 09:47:29,863 fail2ban.filter [5364]: INFO [asterisk] Found 5.62.41.34 2018-12-04 09:47:34,829 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-auth hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — st$ 2018-12-04 09:47:34,830 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-auth hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — st$ 2018-12-04 09:47:34,830 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-auth hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — re$ 2018-12-04 09:47:34,830 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-auth’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,928 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-overflows’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:39,749 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-modsecurity’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:42,525 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.action [5364]: ERR
OR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-shellshock’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:51:44,716 fail2ban.server [5364]: INFO Stopping all jails firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — st$ 2018-12-04 09:47:34,830 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-auth hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — re$ 2018-12-04 09:47:34,830 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-auth’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — st$ 2018-12-04 09:47:34,830 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-auth hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-auth src -j REJECT –reject-with icmp-port-unreachable — re$ 2018-12-04 09:47:34,830 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-auth’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,927 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-overflows hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-overflows src -j REJECT –reject-with icmp-port-unreachable $ 2018-12-04 09:47:37,928 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-overflows’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:39,749 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-modsecurity src -j REJECT –reject-with icmp-port-unreachabl$ 2018-12-04 09:47:39,750 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-modsecurity’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:47:42,525 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.action [5364]: ERROR ipset create fail2ban-apache-shellshock hash:ip timeout -1 firewall-cmd –direct –add-rule ipv4 filter ombu_fail2ban 0 -m set –match-set fail2ban-apache-shellshock src -j REJECT –reject-with icmp-port-unreachable$ 2018-12-04 09:47:42,526 fail2ban.actions [5364]: ERROR Failed to start jail ‘apache-shellshock’ action ‘firewallcmd-ipset’: Error starting action 2018-12-04 09:51:44,716 fail2ban.server [5364]: INFO Stopping all jails0
- Replies
-
- December 4, 2018 at 7:45 pm
- December 4, 2018 at 11:06 pm
- December 4, 2018 at 11:08 pm
Further – it stops…
Dec 05 09:39:01 vitalpbx.local systemd[1]: fail2ban.service holdoff time over, scheduling restart. Dec 05 09:39:01 vitalpbx.local systemd[1]: Starting Fail2Ban Service… [root@vitalpbx ~]# systemctl status fail2ban.service ● fail2ban.service – Fail2Ban Service Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled) Active: activating (start) since Wed 2018-12-05 09:40:36 +11; 25s ago Docs: man:fail2ban(1) Control: 15489 (fail2ban-client) CGroup: /system.slice/fail2ban.service ├─15175 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b └─15489 /usr/bin/python2 -s /usr/bin/fail2ban-client -x start Dec 05 09:40:36 vitalpbx.local systemd[1]: Starting Fail2Ban Service… [root@vitalpbx ~]# systemctl status fail2ban.service ● fail2ban.service – Fail2Ban Service Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled) Active: deactivating (final-sigterm) (Result: exit-code) Docs: man:fail2ban(1) Process: 17104 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=1/FAILURE) CGroup: /system.slice/fail2ban.service └─16558 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: File “/usr/bin/fail2ban-client”, line 153, in __ping Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: return self.__processCmd([[“ping”]], False) Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: File “/usr/bin/fail2ban-client”, line 185, in __processCmd Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: client.close() Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: File “/usr/lib/python2.7/site-packages/fail2ban/client/csocket.py”, line 55, in close Dec 05 10:05:10 vitalpbx.local systemd[1]: fail2ban.service: control process exited, code=exited status=1 Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: self.__csock.sendall(CSPROTO.CLOSE + CSPROTO.END) Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: File “/usr/lib64/python2.7/socket.py”, line 224, in meth Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: return getattr(self._sock,name)(*args) Dec 05 10:05:10 vitalpbx.local fail2ban-client[17104]: socket.error: [Errno 32] Broken pipe
0- December 6, 2018 at 4:11 pm
- December 27, 2018 at 4:51 am
- April 8, 2019 at 1:15 am
- April 8, 2019 at 4:41 pm
- April 9, 2019 at 1:01 am
I cant ssh in either. it was all working and the VPS is using KVM. after 12 hours of sitting there ready to be configured the next day, the CPU was at 100% I had to restart and again at 100% I than ran vitalpbx integrity-check and it fixed the cpu issue and then the web interface and the ssh is broken, we have not even configured anything yet only created the first user.
0- April 9, 2019 at 8:36 pm
You may send me the IP of your VPS and the SSH credentials to my email: miguel@vitalpbx.com
With this data, I can check your PBX installation
0
Tagged: Fail2Ban error
- You must be logged in to reply to this topic.