Issue with fail2ban not starting

VitalPBX Community Support General Discussion Issue with fail2ban not starting

  • Post
    • April 22, 2019 at 3:21 pm
    TheG-Man
    Participant

    Hello,

    Today I ran into an issue with fail2ban not starting and going into loop trying to start.

    I have tried restarting fail2ban, restarting pbx, reinstalling fail2ban.

    Running latest PBX version.

    Copy of the log showing error is below.

    Thanks!

     

    2019-04-22 10:49:47,094 fail2ban.server [18618]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.7
    2019-04-22 10:49:47,096 fail2ban.database [18618]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
    2019-04-22 10:49:47,103 fail2ban.jail [18618]: INFO Creating new jail 'sshd'
    2019-04-22 10:49:47,143 fail2ban.jail [18618]: INFO Jail 'sshd' uses systemd {}
    2019-04-22 10:49:47,169 fail2ban.jail [18618]: INFO Initiated 'systemd' backend
    2019-04-22 10:49:47,171 fail2ban.filter [18618]: INFO Set maxRetry = 3
    2019-04-22 10:49:47,173 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
    2019-04-22 10:49:47,174 fail2ban.actions [18618]: INFO Set banTime = 2592000
    2019-04-22 10:49:47,175 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:47,175 fail2ban.filter [18618]: INFO Set maxlines = 10
    2019-04-22 10:49:47,294 fail2ban.filtersystemd [18618]: INFO Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
    2019-04-22 10:49:47,325 fail2ban.jail [18618]: INFO Creating new jail 'sshd-ddos'
    2019-04-22 10:49:47,325 fail2ban.jail [18618]: INFO Jail 'sshd-ddos' uses systemd {}
    2019-04-22 10:49:47,326 fail2ban.jail [18618]: INFO Initiated 'systemd' backend
    2019-04-22 10:49:47,328 fail2ban.filter [18618]: INFO Set maxRetry = 3
    2019-04-22 10:49:47,330 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
    2019-04-22 10:49:47,331 fail2ban.actions [18618]: INFO Set banTime = 2592000
    2019-04-22 10:49:47,332 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:47,332 fail2ban.filter [18618]: INFO Set maxlines = 10
    2019-04-22 10:49:47,358 fail2ban.filtersystemd [18618]: INFO Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
    2019-04-22 10:49:47,389 fail2ban.jail [18618]: INFO Creating new jail 'dropbear'
    2019-04-22 10:49:47,389 fail2ban.jail [18618]: INFO Jail 'dropbear' uses systemd {}
    2019-04-22 10:49:47,390 fail2ban.jail [18618]: INFO Initiated 'systemd' backend
    2019-04-22 10:49:47,392 fail2ban.filter [18618]: INFO Set maxRetry = 3
    2019-04-22 10:49:47,394 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
    2019-04-22 10:49:47,395 fail2ban.actions [18618]: INFO Set banTime = 2592000
    2019-04-22 10:49:47,396 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:47,438 fail2ban.jail [18618]: INFO Creating new jail 'apache-auth'
    2019-04-22 10:49:47,465 fail2ban.jail [18618]: INFO Jail 'apache-auth' uses pyinotify {}
    2019-04-22 10:49:47,472 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
    2019-04-22 10:49:47,475 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_error_log
    2019-04-22 10:49:47,478 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/error_log
    2019-04-22 10:49:47,479 fail2ban.filter [18618]: INFO Set maxRetry = 3
    2019-04-22 10:49:47,482 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
    2019-04-22 10:49:47,482 fail2ban.actions [18618]: INFO Set banTime = 2592000
    2019-04-22 10:49:47,483 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:47,554 fail2ban.jail [18618]: INFO Creating new jail 'apache-badbots'
    2019-04-22 10:49:47,554 fail2ban.jail [18618]: INFO Jail 'apache-badbots' uses pyinotify {}
    2019-04-22 10:49:47,561 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
    2019-04-22 10:49:47,563 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_access_log
    2019-04-22 10:49:47,565 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/access_log
    2019-04-22 10:49:47,566 fail2ban.filter [18618]: INFO Set maxRetry = 1
    2019-04-22 10:49:47,569 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
    2019-04-22 10:49:47,569 fail2ban.actions [18618]: INFO Set banTime = 172800
    2019-04-22 10:49:47,570 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:47,615 fail2ban.jail [18618]: INFO Creating new jail 'apache-overflows'
    2019-04-22 10:49:47,615 fail2ban.jail [18618]: INFO Jail 'apache-overflows' uses pyinotify {}
    2019-04-22 10:49:47,621 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
    2019-04-22 10:49:47,623 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_error_log
    2019-04-22 10:49:47,625 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/error_log
    2019-04-22 10:49:47,626 fail2ban.filter [18618]: INFO Set maxRetry = 2
    2019-04-22 10:49:47,628 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
    2019-04-22 10:49:47,629 fail2ban.actions [18618]: INFO Set banTime = 2592000
    2019-04-22 10:49:47,630 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:47,665 fail2ban.jail [18618]: INFO Creating new jail 'apache-modsecurity'
    2019-04-22 10:49:47,665 fail2ban.jail [18618]: INFO Jail 'apache-modsecurity' uses pyinotify {}
    2019-04-22 10:49:47,671 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
    2019-04-22 10:49:47,673 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_error_log
    2019-04-22 10:49:47,674 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/error_log
    2019-04-22 10:49:47,675 fail2ban.filter [18618]: INFO Set maxRetry = 2
    2019-04-22 10:49:47,678 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
    2019-04-22 10:49:47,678 fail2ban.actions [18618]: INFO Set banTime = 2592000
    2019-04-22 10:49:47,680 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:47,713 fail2ban.jail [18618]: INFO Creating new jail 'apache-shellshock'
    2019-04-22 10:49:47,713 fail2ban.jail [18618]: INFO Jail 'apache-shellshock' uses pyinotify {}
    2019-04-22 10:49:47,720 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
    2019-04-22 10:49:47,722 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_error_log
    2019-04-22 10:49:47,723 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/error_log
    2019-04-22 10:49:47,724 fail2ban.filter [18618]: INFO Set maxRetry = 1
    2019-04-22 10:49:47,726 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
    2019-04-22 10:49:47,727 fail2ban.actions [18618]: INFO Set banTime = 2592000
    2019-04-22 10:49:47,728 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:47,764 fail2ban.jail [18618]: INFO Creating new jail 'apache-nokiddies'
    2019-04-22 10:49:47,764 fail2ban.jail [18618]: INFO Jail 'apache-nokiddies' uses pyinotify {}
    2019-04-22 10:49:47,770 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
    2019-04-22 10:49:47,772 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_access_log
    2019-04-22 10:49:47,773 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/access_log
    2019-04-22 10:49:47,775 fail2ban.filter [18618]: INFO Set maxRetry = 1
    2019-04-22 10:49:47,777 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
    2019-04-22 10:49:47,778 fail2ban.actions [18618]: INFO Set banTime = 2592000
    2019-04-22 10:49:47,779 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:47,833 fail2ban.jail [18618]: INFO Creating new jail 'asterisk'
    2019-04-22 10:49:47,833 fail2ban.jail [18618]: INFO Jail 'asterisk' uses pyinotify {}
    2019-04-22 10:49:47,864 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
    2019-04-22 10:49:47,866 fail2ban.filter [18618]: INFO Added logfile = /var/log/asterisk/fail2ban
    2019-04-22 10:49:47,867 fail2ban.filter [18618]: INFO Set maxRetry = 10
    2019-04-22 10:49:47,870 fail2ban.filter [18618]: INFO Set jail log file enc
	oding to UTF-8
    2019-04-22 10:49:47,870 fail2ban.actions [18618]: INFO Set banTime = 2592000
    2019-04-22 10:49:47,871 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:47,986 fail2ban.jail [18618]: INFO Creating new jail 'vitalpbx-gui'
    2019-04-22 10:49:47,986 fail2ban.jail [18618]: INFO Jail 'vitalpbx-gui' uses pyinotify {}
    2019-04-22 10:49:47,993 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
    2019-04-22 10:49:47,995 fail2ban.filter [18618]: INFO Added logfile = /var/log/vitalpbx/authentications.log
    2019-04-22 10:49:47,997 fail2ban.filter [18618]: INFO Set maxRetry = 3
    2019-04-22 10:49:47,999 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
    2019-04-22 10:49:48,000 fail2ban.actions [18618]: INFO Set banTime = 2592000
    2019-04-22 10:49:48,001 fail2ban.filter [18618]: INFO Set findtime = 3600
    2019-04-22 10:49:48,048 fail2ban.jail [18618]: INFO Jail 'sshd' started
    2019-04-22 10:49:48,053 fail2ban.jail [18618]: INFO Jail 'sshd-ddos' started
    2019-04-22 10:49:48,054 fail2ban.filtersystemd [18618]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
    2019-04-22 10:49:48,093 fail2ban.jail [18618]: INFO Jail 'dropbear' started
    2019-04-22 10:49:48,118 fail2ban.jail [18618]: INFO Jail 'apache-auth' started
    2019-04-22 10:49:48,131 fail2ban.jail [18618]: INFO Jail 'apache-badbots' started
    2019-04-22 10:49:48,152 fail2ban.jail [18618]: INFO Jail 'apache-overflows' started
    2019-04-22 10:49:48,154 fail2ban.jail [18618]: INFO Jail 'apache-modsecurity' started
    2019-04-22 10:49:48,157 fail2ban.jail [18618]: INFO Jail 'apache-shellshock' started
    2019-04-22 10:49:48,272 fail2ban.jail [18618]: INFO Jail 'apache-nokiddies' started
    2019-04-22 10:50:47,429 fail2ban.action [18618]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout 2592000
    firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-sshd-ddos src -j REJECT --reject-with icmp-port-unreachable -- failed with [Errno 12] Cannot allocate memory
    2019-04-22 10:50:47,509 fail2ban.action [18618]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout 2592000
    firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-sshd-ddos src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
    2019-04-22 10:50:47,510 fail2ban.action [18618]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout 2592000
    firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-sshd-ddos src -j REJECT --reject-with icmp-port-unreachable -- stderr: ''
    2019-04-22 10:50:47,512 fail2ban.actions [18618]: ERROR Failed to start jail 'sshd-ddos' action 'firewallcmd-ipset': local variable 'popen' referenced before assignment
    2019-04-22 10:50:47,518 fail2ban.action [18618]: ERROR ipset create fail2ban-dropbear hash:ip timeout 2592000
    firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-dropbear src -j REJECT --reject-with icmp-port-unreachable -- failed with [Errno 12] Cannot allocate memory
    2019-04-22 10:50:47,518 fail2ban.action [18618]: ERROR ipset create fail2ban-dropbear hash:ip timeout 2592000
    firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-dropbear src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
    2019-04-22 10:50:47,518 fail2ban.action [18618]: ERROR ipset create fail2ban-dropbear hash:ip timeout 2592000
    firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-dropbear src -j REJECT --reject-with icmp-port-unreachable -- stderr: ''
    2019-04-22 10:50:47,518 fail2ban.actions [18618]: ERROR Failed to start jail 'dropbear' action 'firewallcmd-ipset': local variable 'popen' referenced before assignment
    2019-04-22 10:50:47,519 fail2ban.action [18618]: ERROR printf %b "Subject: [Fail2Ban] dropbear: started on `uname -n`

     

    0
Viewing 8 replies - 1 through 8 (of 8 total)
  • Replies
    • April 22, 2019 at 5:07 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    0
    Down

    Did you configure the ban time to -1?

    0
    • April 22, 2019 at 5:22 pm
    TheG-Man
    Participant
    Up
    0
    Down

    No, ban time is set to 2592000 seconds, which is about 30 days.

    0
    • April 22, 2019 at 5:27 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    0
    Down

    Try to set the ban time to 24 hours (86400)

    Some questions:

    • What are your system specifications?
    • Where is installed?
    0
    • April 22, 2019 at 5:34 pm
    TheG-Man
    Participant
    Up
    0
    Down

    With ban time 86400 it starts fine.

    Virtualization XEN
    CPU Model Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
    CPU Cores 1
    RAM 2 GB / 2040 MB

    There are only two devices on it and it is pretty much unused.

    0
    • April 22, 2019 at 5:51 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    0
    Down

    Looks like a memory issue. Do you know how many IP addresses are banned?

    0
    • April 22, 2019 at 6:01 pm
    TheG-Man
    Participant
    Up
    0
    Down

    There were at some point. Over the weekend someone tried really hard. I got an email for something like 4000 attempts. Right now its 6.

    With fail2ban running, GUI shows high resource usage, especially CPU (100%). Running htop it doesn’t look that bad. Any reason why such discrepancy?

    0
    • April 22, 2019 at 6:17 pm
    TheG-Man
    Participant
    Up
    0
    Down

    Running following commands fixed the issue.

    systemctl stop fail2ban
    truncate -s 0 /var/log/fail2ban.log
    rm /var/lib/fail2ban/fail2ban.sqlite3
    systemctl stop fail2ban

    0
    • April 22, 2019 at 10:14 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    0
    Down

    We are working to improve the fail2ban & firewall-d behavior and performance

    0
Viewing 8 replies - 1 through 8 (of 8 total)

Tagged: 

  • You must be logged in to reply to this topic.