Issue with fail2ban not starting

This topic has 8 replies, 2 voices, and was last updated 2 years, 6 months ago by Jose Miguel Rivera.

Post

April 22, 2019 at 3:21 pm

Quote

TheG-Man

Participant

Down

Hello,

Today I ran into an issue with fail2ban not starting and going into loop trying to start.

I have tried restarting fail2ban, restarting pbx, reinstalling fail2ban.

Running latest PBX version.

Copy of the log showing error is below.

Thanks!

2019-04-22 10:49:47,094 fail2ban.server [18618]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.7
2019-04-22 10:49:47,096 fail2ban.database [18618]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2019-04-22 10:49:47,103 fail2ban.jail [18618]: INFO Creating new jail 'sshd'
2019-04-22 10:49:47,143 fail2ban.jail [18618]: INFO Jail 'sshd' uses systemd {}
2019-04-22 10:49:47,169 fail2ban.jail [18618]: INFO Initiated 'systemd' backend
2019-04-22 10:49:47,171 fail2ban.filter [18618]: INFO Set maxRetry = 3
2019-04-22 10:49:47,173 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
2019-04-22 10:49:47,174 fail2ban.actions [18618]: INFO Set banTime = 2592000
2019-04-22 10:49:47,175 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:47,175 fail2ban.filter [18618]: INFO Set maxlines = 10
2019-04-22 10:49:47,294 fail2ban.filtersystemd [18618]: INFO Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2019-04-22 10:49:47,325 fail2ban.jail [18618]: INFO Creating new jail 'sshd-ddos'
2019-04-22 10:49:47,325 fail2ban.jail [18618]: INFO Jail 'sshd-ddos' uses systemd {}
2019-04-22 10:49:47,326 fail2ban.jail [18618]: INFO Initiated 'systemd' backend
2019-04-22 10:49:47,328 fail2ban.filter [18618]: INFO Set maxRetry = 3
2019-04-22 10:49:47,330 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
2019-04-22 10:49:47,331 fail2ban.actions [18618]: INFO Set banTime = 2592000
2019-04-22 10:49:47,332 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:47,332 fail2ban.filter [18618]: INFO Set maxlines = 10
2019-04-22 10:49:47,358 fail2ban.filtersystemd [18618]: INFO Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2019-04-22 10:49:47,389 fail2ban.jail [18618]: INFO Creating new jail 'dropbear'
2019-04-22 10:49:47,389 fail2ban.jail [18618]: INFO Jail 'dropbear' uses systemd {}
2019-04-22 10:49:47,390 fail2ban.jail [18618]: INFO Initiated 'systemd' backend
2019-04-22 10:49:47,392 fail2ban.filter [18618]: INFO Set maxRetry = 3
2019-04-22 10:49:47,394 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
2019-04-22 10:49:47,395 fail2ban.actions [18618]: INFO Set banTime = 2592000
2019-04-22 10:49:47,396 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:47,438 fail2ban.jail [18618]: INFO Creating new jail 'apache-auth'
2019-04-22 10:49:47,465 fail2ban.jail [18618]: INFO Jail 'apache-auth' uses pyinotify {}
2019-04-22 10:49:47,472 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
2019-04-22 10:49:47,475 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_error_log
2019-04-22 10:49:47,478 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/error_log
2019-04-22 10:49:47,479 fail2ban.filter [18618]: INFO Set maxRetry = 3
2019-04-22 10:49:47,482 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
2019-04-22 10:49:47,482 fail2ban.actions [18618]: INFO Set banTime = 2592000
2019-04-22 10:49:47,483 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:47,554 fail2ban.jail [18618]: INFO Creating new jail 'apache-badbots'
2019-04-22 10:49:47,554 fail2ban.jail [18618]: INFO Jail 'apache-badbots' uses pyinotify {}
2019-04-22 10:49:47,561 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
2019-04-22 10:49:47,563 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_access_log
2019-04-22 10:49:47,565 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/access_log
2019-04-22 10:49:47,566 fail2ban.filter [18618]: INFO Set maxRetry = 1
2019-04-22 10:49:47,569 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
2019-04-22 10:49:47,569 fail2ban.actions [18618]: INFO Set banTime = 172800
2019-04-22 10:49:47,570 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:47,615 fail2ban.jail [18618]: INFO Creating new jail 'apache-overflows'
2019-04-22 10:49:47,615 fail2ban.jail [18618]: INFO Jail 'apache-overflows' uses pyinotify {}
2019-04-22 10:49:47,621 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
2019-04-22 10:49:47,623 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_error_log
2019-04-22 10:49:47,625 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/error_log
2019-04-22 10:49:47,626 fail2ban.filter [18618]: INFO Set maxRetry = 2
2019-04-22 10:49:47,628 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
2019-04-22 10:49:47,629 fail2ban.actions [18618]: INFO Set banTime = 2592000
2019-04-22 10:49:47,630 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:47,665 fail2ban.jail [18618]: INFO Creating new jail 'apache-modsecurity'
2019-04-22 10:49:47,665 fail2ban.jail [18618]: INFO Jail 'apache-modsecurity' uses pyinotify {}
2019-04-22 10:49:47,671 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
2019-04-22 10:49:47,673 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_error_log
2019-04-22 10:49:47,674 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/error_log
2019-04-22 10:49:47,675 fail2ban.filter [18618]: INFO Set maxRetry = 2
2019-04-22 10:49:47,678 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
2019-04-22 10:49:47,678 fail2ban.actions [18618]: INFO Set banTime = 2592000
2019-04-22 10:49:47,680 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:47,713 fail2ban.jail [18618]: INFO Creating new jail 'apache-shellshock'
2019-04-22 10:49:47,713 fail2ban.jail [18618]: INFO Jail 'apache-shellshock' uses pyinotify {}
2019-04-22 10:49:47,720 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
2019-04-22 10:49:47,722 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_error_log
2019-04-22 10:49:47,723 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/error_log
2019-04-22 10:49:47,724 fail2ban.filter [18618]: INFO Set maxRetry = 1
2019-04-22 10:49:47,726 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
2019-04-22 10:49:47,727 fail2ban.actions [18618]: INFO Set banTime = 2592000
2019-04-22 10:49:47,728 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:47,764 fail2ban.jail [18618]: INFO Creating new jail 'apache-nokiddies'
2019-04-22 10:49:47,764 fail2ban.jail [18618]: INFO Jail 'apache-nokiddies' uses pyinotify {}
2019-04-22 10:49:47,770 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
2019-04-22 10:49:47,772 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/ssl_access_log
2019-04-22 10:49:47,773 fail2ban.filter [18618]: INFO Added logfile = /var/log/httpd/access_log
2019-04-22 10:49:47,775 fail2ban.filter [18618]: INFO Set maxRetry = 1
2019-04-22 10:49:47,777 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
2019-04-22 10:49:47,778 fail2ban.actions [18618]: INFO Set banTime = 2592000
2019-04-22 10:49:47,779 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:47,833 fail2ban.jail [18618]: INFO Creating new jail 'asterisk'
2019-04-22 10:49:47,833 fail2ban.jail [18618]: INFO Jail 'asterisk' uses pyinotify {}
2019-04-22 10:49:47,864 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
2019-04-22 10:49:47,866 fail2ban.filter [18618]: INFO Added logfile = /var/log/asterisk/fail2ban
2019-04-22 10:49:47,867 fail2ban.filter [18618]: INFO Set maxRetry = 10
2019-04-22 10:49:47,870 fail2ban.filter [18618]: INFO Set jail log file enc
	oding to UTF-8
2019-04-22 10:49:47,870 fail2ban.actions [18618]: INFO Set banTime = 2592000
2019-04-22 10:49:47,871 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:47,986 fail2ban.jail [18618]: INFO Creating new jail 'vitalpbx-gui'
2019-04-22 10:49:47,986 fail2ban.jail [18618]: INFO Jail 'vitalpbx-gui' uses pyinotify {}
2019-04-22 10:49:47,993 fail2ban.jail [18618]: INFO Initiated 'pyinotify' backend
2019-04-22 10:49:47,995 fail2ban.filter [18618]: INFO Added logfile = /var/log/vitalpbx/authentications.log
2019-04-22 10:49:47,997 fail2ban.filter [18618]: INFO Set maxRetry = 3
2019-04-22 10:49:47,999 fail2ban.filter [18618]: INFO Set jail log file encoding to UTF-8
2019-04-22 10:49:48,000 fail2ban.actions [18618]: INFO Set banTime = 2592000
2019-04-22 10:49:48,001 fail2ban.filter [18618]: INFO Set findtime = 3600
2019-04-22 10:49:48,048 fail2ban.jail [18618]: INFO Jail 'sshd' started
2019-04-22 10:49:48,053 fail2ban.jail [18618]: INFO Jail 'sshd-ddos' started
2019-04-22 10:49:48,054 fail2ban.filtersystemd [18618]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2019-04-22 10:49:48,093 fail2ban.jail [18618]: INFO Jail 'dropbear' started
2019-04-22 10:49:48,118 fail2ban.jail [18618]: INFO Jail 'apache-auth' started
2019-04-22 10:49:48,131 fail2ban.jail [18618]: INFO Jail 'apache-badbots' started
2019-04-22 10:49:48,152 fail2ban.jail [18618]: INFO Jail 'apache-overflows' started
2019-04-22 10:49:48,154 fail2ban.jail [18618]: INFO Jail 'apache-modsecurity' started
2019-04-22 10:49:48,157 fail2ban.jail [18618]: INFO Jail 'apache-shellshock' started
2019-04-22 10:49:48,272 fail2ban.jail [18618]: INFO Jail 'apache-nokiddies' started
2019-04-22 10:50:47,429 fail2ban.action [18618]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout 2592000
firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-sshd-ddos src -j REJECT --reject-with icmp-port-unreachable -- failed with [Errno 12] Cannot allocate memory
2019-04-22 10:50:47,509 fail2ban.action [18618]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout 2592000
firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-sshd-ddos src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2019-04-22 10:50:47,510 fail2ban.action [18618]: ERROR ipset create fail2ban-sshd-ddos hash:ip timeout 2592000
firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-sshd-ddos src -j REJECT --reject-with icmp-port-unreachable -- stderr: ''
2019-04-22 10:50:47,512 fail2ban.actions [18618]: ERROR Failed to start jail 'sshd-ddos' action 'firewallcmd-ipset': local variable 'popen' referenced before assignment
2019-04-22 10:50:47,518 fail2ban.action [18618]: ERROR ipset create fail2ban-dropbear hash:ip timeout 2592000
firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-dropbear src -j REJECT --reject-with icmp-port-unreachable -- failed with [Errno 12] Cannot allocate memory
2019-04-22 10:50:47,518 fail2ban.action [18618]: ERROR ipset create fail2ban-dropbear hash:ip timeout 2592000
firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-dropbear src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2019-04-22 10:50:47,518 fail2ban.action [18618]: ERROR ipset create fail2ban-dropbear hash:ip timeout 2592000
firewall-cmd --direct --add-rule ipv4 filter ombu_fail2ban 0 -m set --match-set fail2ban-dropbear src -j REJECT --reject-with icmp-port-unreachable -- stderr: ''
2019-04-22 10:50:47,518 fail2ban.actions [18618]: ERROR Failed to start jail 'dropbear' action 'firewallcmd-ipset': local variable 'popen' referenced before assignment
2019-04-22 10:50:47,519 fail2ban.action [18618]: ERROR printf %b "Subject: [Fail2Ban] dropbear: started on `uname -n`

Viewing 8 replies - 1 through 8 (of 8 total)

Replies

- April 22, 2019 at 5:07 pm
- Quote
Jose Miguel Rivera
Keymaster

Up
0
Down

Did you configure the ban time to -1?

0
- April 22, 2019 at 5:22 pm
- Quote
TheG-Man
Participant

Up
0
Down

No, ban time is set to 2592000 seconds, which is about 30 days.

0
- April 22, 2019 at 5:27 pm
- Quote
Jose Miguel Rivera
Keymaster
Up
0
Down

Try to set the ban time to 24 hours (86400)

Some questions:

What are your system specifications?

Where is installed?

0
- April 22, 2019 at 5:34 pm
- Quote
TheG-Man
Participant

Up
0
Down

With ban time 86400 it starts fine.

Virtualization XEN

CPU Model Intel(R) Xeon(R) CPU E5620 @ 2.40GHz

CPU Cores 1

RAM 2 GB / 2040 MB

There are only two devices on it and it is pretty much unused.

0
- April 22, 2019 at 5:51 pm
- Quote
Jose Miguel Rivera
Keymaster

Up
0
Down

Looks like a memory issue. Do you know how many IP addresses are banned?

0
- April 22, 2019 at 6:01 pm
- Quote
TheG-Man
Participant

Up
0
Down

There were at some point. Over the weekend someone tried really hard. I got an email for something like 4000 attempts. Right now its 6.

With fail2ban running, GUI shows high resource usage, especially CPU (100%). Running htop it doesn’t look that bad. Any reason why such discrepancy?

0
- April 22, 2019 at 6:17 pm
- Quote
TheG-Man
Participant

Up
0
Down

Running following commands fixed the issue.

systemctl stop fail2ban
truncate -s 0 /var/log/fail2ban.log
rm /var/lib/fail2ban/fail2ban.sqlite3
systemctl stop fail2ban

0
- April 22, 2019 at 10:14 pm
- Quote
Jose Miguel Rivera
Keymaster

Up
0
Down

We are working to improve the fail2ban & firewall-d behavior and performance

0