Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IP tables errors in fail2ban 0.9.1 #838

Closed
rumpelsepp opened this issue Oct 29, 2014 · 6 comments
Closed

IP tables errors in fail2ban 0.9.1 #838

rumpelsepp opened this issue Oct 29, 2014 · 6 comments

Comments

@rumpelsepp
Copy link

Hi,
since the last update to 0.9.1 I have strange errors in my log file:

2014-10-29 02:35:27,609 fail2ban.filter         [15207]: INFO    [recidive] Found XXX.XXX.XXX.XXX
2014-10-29 02:35:28,105 fail2ban.actions        [15207]: ERROR   Failed to execute ban jail 'sshd' action 'iptables-multiport' info 'CallingMap({'time': 1414546527.081917, 'failures': 5, 'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7fb2ef41e0d0>, 'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7fb2ef41e158>, 'matches': '2014-10-29T02:35:17.217466 archvm sshd[2196]: Failed password for root from XXX.XXX.XXX.XXX port 4114 ssh2\n2014-10-29T02:35:20.552969 archvm sshd[2196]: Failed password for root from XXX.XXX.XXX.XXX port 4114 ssh2\n2014-10-29T02:35:22.477850 archvm sshd[2196]: Failed password for root from XXX.XXX.XXX.XXX port 4114 ssh2\n2014-10-29T02:35:24.671406 archvm sshd[2196]: Failed password for root from XXX.XXX.XXX.XXX port 4114 ssh2\n2014-10-29T02:35:26.949930 archvm sshd[2196]: Failed password for root from XXX.XXX.XXX.XXX port 4114 ssh2', 'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7fb2083c5840>, 'ip': 'XXX.XXX.XXX.XXX', 'ipfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7fb2083c5620>})': 'NoneType' object has no attribute 'getAttempt'

2014-10-29 02:45:27,824 fail2ban.actions        [15207]: NOTICE  [sshd] Unban XXX.XXX.XXX.XXX
2014-10-29 02:45:28,056 fail2ban.action         [15207]: ERROR   iptables -D f2b-sshd -s XXX.XXX.XXX.XXX -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2014-10-29 02:45:28,056 fail2ban.action         [15207]: ERROR   iptables -D f2b-sshd -s XXX.XXX.XXX.XXX -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
2014-10-29 02:45:28,056 fail2ban.action         [15207]: ERROR   iptables -D f2b-sshd -s XXX.XXX.XXX.XXX -j REJECT --reject-with icmp-port-unreachable -- returned 1
2014-10-29 02:45:28,056 fail2ban.actions        [15207]: ERROR   Failed to execute unban jail 'sshd' action 'iptables-multiport' info '{'time': 1414546527.081917, 'failures': 5, 'ip': 'XXX.XXX.XXX.XXX', 'matches': '2014-10-29T02:35:17.217466 archvm sshd[2196]: Failed password for root from XXX.XXX.XXX.XXX port 4114 ssh22014-10-29T02:35:20.552969 archvm sshd[2196]: Failed password for root from XXX.XXX.XXX.XXX port 4114 ssh22014-10-29T02:35:22.477850 archvm sshd[2196]: Failed password for root from XXX.XXX.XXX.XXX port 4114 ssh22014-10-29T02:35:24.671406 archvm sshd[2196]: Failed password for root from XXX.XXX.XXX.XXX port 4114 ssh22014-10-29T02:35:26.949930 archvm sshd[2196]: Failed password for root from XXX.XXX.XXX.XXX port 4114 ssh2'}': Error unbanning XXX.XXX.XXX.XXX

But these actions do not always fail:

2014-10-29 07:41:20,338 fail2ban.actions        [15207]: NOTICE  [sshd] Ban XXX.XXX.XXX
2014-10-29 07:41:20,345 fail2ban.filter         [15207]: INFO    [recidive] Found XXX.XXX.XXX
2014-10-29 07:41:22,678 fail2ban.filter         [15207]: INFO    [sshd] Found XXX.XXX.XXX
2014-10-29 07:51:20,498 fail2ban.actions        [15207]: NOTICE  [sshd] Unban XXX.XXX.XXX

I don't know whats going on here. The No chain/target/match by that name. error does not make sence as this chain does exist and it even bans attackers...
@sebres
Copy link
Contributor

sebres commented Oct 29, 2014

I had this once also, and have already fixed it in my major branch sebres:ban-time-incr (#716).
I thought it was just my mistake - but seems to be a master bug...
Will make a fix now (cherry pick from my branch).

@sebres sebres mentioned this issue Oct 29, 2014
Merged
@sebres
Copy link
Contributor

sebres commented Oct 29, 2014

@rumpelsepp i have made a pull request #839, that should resolve your issue.

@rumpelsepp
Copy link
Author

I have applied it and it seems to work! thank you very much!

@sebres
Copy link
Contributor

sebres commented Oct 29, 2014

@rumpelsepp, you're welcome.
A short clue by the way: please edit your comment above and remove there your jail config - has nothing to do with subject and possible attackers should not necessarily know your config (proverb botnets) 😄

@rumpelsepp
Copy link
Author

@sebres Everything I had posted should be the default config. I had cleaned up my customizations before so I think it does not matter at all. I just posted it to make sure I had applied the "refactoring things" from 0.9.1 correctly.

@sebres
Copy link
Contributor

sebres commented Oct 29, 2014

@rumpelsepp no problem, that's all very well

@yarikoptic yarikoptic mentioned this issue Feb 14, 2015
Closed
@sebres sebres mentioned this issue Feb 24, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rumpelsepp @sebres