HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Fail2ban only ban on first time. (http://www.howtoforge.com/forums/showthread.php?t=40554)

ivomendonca 30th October 2009 19:21

Fail2ban only ban on first time.
 
This is a problem with fail2ban only, not ispconfig.
Only works on the first time, the i have to restart service to work again.

I got 3 debian lenny servers with same problem.
Does anywone have the same issue? or a fail2ban working in a debian lenny 5.0.3 ?

Thanks.

2009-10-29 03:56:53,956 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2009-10-29 03:56:53,958 fail2ban.jail : INFO Creating new jail 'ssh'
2009-10-29 03:56:53,958 fail2ban.jail : INFO Jail 'ssh' uses poller
2009-10-29 03:56:53,982 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2009-10-29 03:56:53,983 fail2ban.filter : INFO Set maxRetry = 6
2009-10-29 03:56:53,984 fail2ban.filter : INFO Set findtime = 600
2009-10-29 03:56:53,985 fail2ban.actions: INFO Set banTime = 600
2009-10-29 03:56:54,205 fail2ban.jail : INFO Jail 'ssh' started
2009-10-29 07:44:04,652 fail2ban.actions: WARNING [ssh] Ban 173.45.123.27
2009-10-29 07:44:04,666 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-ssh returned 100
2009-10-29 07:44:04,667 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment
2009-10-29 07:54:05,645 fail2ban.actions: WARNING [ssh] Unban 173.45.123.27
2009-10-29 09:03:14,023 fail2ban.actions: WARNING [ssh] Ban 61.129.60.23
2009-10-29 09:13:14,849 fail2ban.actions: WARNING [ssh] Unban 61.129.60.23
2009-10-29 10:47:01,239 fail2ban.actions: WARNING [ssh] Ban 91.4.205.5
2009-10-29 10:57:01,947 fail2ban.actions: WARNING [ssh] Unban 91.4.205.5
2009-10-29 12:14:49,035 fail2ban.actions: WARNING [ssh] Ban 173.45.123.27
2009-10-29 12:24:49,748 fail2ban.actions: WARNING [ssh] Unban 173.45.123.27
2009-10-29 15:03:45,196 fail2ban.actions: WARNING [ssh] Ban 173.45.123.27
2009-10-29 15:13:45,677 fail2ban.actions: WARNING [ssh] Unban 173.45.123.27
2009-10-30 05:36:18,582 fail2ban.actions: WARNING [ssh] Ban 211.154.163.68
2009-10-30 05:46:19,403 fail2ban.actions: WARNING [ssh] Unban 211.154.163.68
2009-10-30 05:46:19,418 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-ssh returned 100
2009-10-30 05:46:19,419 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment
2009-10-30 05:46:19,485 fail2ban.actions.action: ERROR iptables -D fail2ban-ssh -s 211.154.163.68 -j DROP returned 100

till 30th October 2009 19:48

Try to reconfigure fail2ban to use the root command instead of iptables:

http://www.faqforge.com/linux/contro...k-connections/


All times are GMT +2. The time now is 02:44.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.