PDA

View Full Version : understanding fail2bans logfile

Tenaka
31st January 2007, 15:37
hello,

today I found some errors in my fail2ban log file which I do not understand. I am at a loss. any clues whats going on with these errors?


2007-01-31 13:54:55,496 INFO: PROFTPD: 89.122.162.115 has 3 login failure(s). Banned.
2007-01-31 13:54:55,520 WARNING: PROFTPD: Ban (900 s) 89.122.162.115
2007-01-31 13:56:09,507 ERROR: 'iptables -L INPUT | grep -q fail2ban-PROFTPD' returned 256
2007-01-31 13:56:09,508 ERROR: Execution of command 'iptables -L INPUT | grep -q fail2ban-PROFTPD' failed
2007-01-31 13:56:09,508 WARNING: #2 reinitialization of firewalls
2007-01-31 13:56:09,509 WARNING: Restoring firewall rules...
2007-01-31 13:56:09,509 WARNING: PROFTPD: Unban 89.122.162.115
2007-01-31 13:56:09,512 ERROR: 'iptables -D fail2ban-PROFTPD -s '89.122.162.115' -j DROP' returned 256
2007-01-31 13:56:09,517 ERROR: 'iptables -D INPUT -p tcp --dport ftp -j fail2ban-PROFTPD
iptables -F fail2ban-PROFTPD
iptables -X fail2ban-PROFTPD' returned 256
2007-01-31 13:56:09,522 ERROR: 'iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH' returned 256
2007-01-31 13:56:09,526 ERROR: 'iptables -D INPUT -p tcp --dport smtp -j fail2ban-SASL
iptables -F fail2ban-SASL
iptables -X fail2ban-SASL' returned 256
2007-01-31 13:56:09,545 WARNING: PROFTPD: ReBan 89.122.162.115
2007-01-31 13:56:09,549 INFO: PROFTPD: 89.122.162.115 has 3 login failure(s). Banned.
2007-01-31 13:56:12,172 ERROR: PROFTPD: 89.122.162.115 already in ban list
2007-01-31 14:09:56,089 WARNING: PROFTPD: Unban 89.122.162.115
falko
1st February 2007, 19:20
What happens if you run the commands manually on the shell that reported errors?
Tenaka
1st February 2007, 21:04
I tried just copying those cmd line:

h898552:/var/www/web5/web/wp-content/mu-plugins# iptables -L INPUT | grep -q fail2ban-PROFTPD


h898552:/var/www/web5/web/wp-content/mu-plugins# iptables -L INPUT | grep -q fail2ban-PROFTPD


h898552:/var/www/web5/web/wp-content/mu-plugins# iptables -D fail2ban-PROFTPD -s '89.122.162.115' -j DROP
iptables: Bad rule (does a matching rule exist in that chain?)
h898552:/var/www/web5/web/wp-content/mu-plugins# iptables -D INPUT -p tcp --dport ftp -j fail2ban-PROFTPD
iptables v1.2.11: Couldn't load target `fail2ban-PROFTPD':/lib/iptables/libipt_fail2ban-PROFTPD.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
h898552:/var/www/web5/web/wp-content/mu-plugins# iptables -D INPUT -p tcp --dport ftp -j fail2ban-PROFTPD iptables -F fail2ban-PROFTPD
Bad argument `iptables'
Try `iptables -h' or 'iptables --help' for more information.
h898552:/var/www/web5/web/wp-content/mu-plugins# iptables -D INPUT -p tcp --dport ftp -j fail2ban-PROFTPD iptables -F fail2ban-PROFTPD iptables -X fail2ban-PROFTPD
Bad argument `iptables'
Try `iptables -h' or 'iptables --help' for more information.
h898552:/var/www/web5/web/wp-content/mu-plugins# iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables v1.2.11: Couldn't load target `fail2ban-SSH':/lib/iptables/libipt_fail2ban-SSH.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
h898552:/var/www/web5/web/wp-content/mu-plugins# iptables -D INPUT -p tcp --dport smtp -j fail2ban-SASL
iptables v1.2.11: Couldn't load target `fail2ban-SASL':/lib/iptables/libipt_fail2ban-SASL.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
h898552:/var/www/web5/web/wp-content/mu-plugins#



the first 2 commands did not return anything, so I hit ctrl+c and continued with the other commands.... all gave errors, I might have miscopied some commands, but not all...

basically it says unknown logtarget