Fail2Ban produziert Fehler

ThomasHH · Post by **ThomasHH** » Mon 6. Apr 2020, 17:13

Moin, Moin,

Ich habe eben mal KeyHelp ausprobieren wollen. Ich habe ein Ubuntu 18.04 Grundsystem installiert und habe das Script durchlaufen lassen. Nun wollte ich als erstes Fail2Ban einrichten und erhalte ohne jede Modifikation schon folgende Fehler:

Code: Select all

iptables -w -A f2b-sshd -j RETURN
iptables -w -I fail2ban -p tcp -m multiport --dports ssh -j f2b-sshd
2020-04-06 17:02:49,707 fail2ban.utils          [507]: ERROR   7f1277f16710 -- stderr: 'iptables: Chain already exists.'
2020-04-06 17:02:49,707 fail2ban.utils          [507]: ERROR   7f1277f16710 -- stderr: 'iptables: No chain/target/match by that name.'
2020-04-06 17:02:49,707 fail2ban.utils          [507]: ERROR   7f1277f16710 -- returned 1
2020-04-06 17:02:49,707 fail2ban.actions        [507]: ERROR   Failed to execute ban jail 'sshd' action 'iptables-multiport' info 'ActionInfo({'ip': '181.169.111.158', 'family': 'inet4', 'ip-rev': '158.111.169.181.', 'ip-host': '158-111-169-181.fibertel.com.ar', 'fid': '181.169.111.158', 'failures': 5, 'time': 1586185369.0, 'matches': 'Apr  6 16:52:59 elbe sshd[979]: Failed password for root from 181.169.111.158 port 59694 ssh2\nApr  6 16:57:51 elbe sshd[7444]: Failed password for root from 181.169.111.158 port 57101 ssh2', 'restored': 0, 'F-*': {'matches': ['Apr  6 16:52:59 elbe sshd[979]: Failed password for root from 181.169.111.158 port 59694 ssh2', 'Apr  6 16:57:51 elbe sshd[7444]: Failed password for root from 181.169.111.158 port 57101 ssh2'], 'failures': 5, 'mlfid': ' elbe sshd[979]: ', 'user': '', 'ip4': '181.169.111.158'}, 'ipmatches': 'Apr  6 16:52:59 elbe sshd[979]: Failed password for root from 181.169.111.158 port 59694 ssh2\nApr  6 16:57:51 elbe sshd[7444]: Failed password for root from 181.169.111.158 port 57101 ssh2', 'ipjailmatches': 'Apr  6 16:52:59 elbe sshd[979]: Failed password for root from 181.169.111.158 port 59694 ssh2\nApr  6 16:57:51 elbe sshd[7444]: Failed password for root from 181.169.111.158 port 57101 ssh2', 'ipfailures': 5, 'ipjailfailures': 5})': Error starting action Jail('sshd')/iptables-multiport
2020-04-06 17:02:49,710 fail2ban.actions        [507]: NOTICE  [sshd] Ban 123.30.236.149
2020-04-06 17:02:49,721 fail2ban.utils          [507]: Level 39 7f1277f16710 -- exec: iptables -w -N f2b-sshd
iptables -w -A f2b-sshd -j RETURN
iptables -w -I fail2ban -p tcp -m multiport --dports ssh -j f2b-sshd
2020-04-06 17:02:49,721 fail2ban.utils          [507]: ERROR   7f1277f16710 -- stderr: 'iptables: Chain already exists.'
2020-04-06 17:02:49,721 fail2ban.utils          [507]: ERROR   7f1277f16710 -- stderr: 'iptables: No chain/target/match by that name.'
2020-04-06 17:02:49,721 fail2ban.utils          [507]: ERROR   7f1277f16710 -- returned 1
2020-04-06 17:02:49,722 fail2ban.actions        [507]: ERROR   Failed to execute ban jail 'sshd' action 'iptables-multiport' info 'ActionInfo({'ip': '123.30.236.149', 'family': 'inet4', 'ip-rev': '149.236.30.123.', 'ip-host': 'static.vnpt.vn', 'fid': '123.30.236.149', 'failures': 5, 'time': 1586185369.0, 'matches': 'Apr  6 16:53:02 elbe sshd[981]: Failed password for root from 123.30.236.149 port 50378 ssh2\nApr  6 16:57:57 elbe sshd[7448]: Failed password for root from 123.30.236.149 port 58704 ssh2', 'restored': 0, 'F-*': {'matches': ['Apr  6 16:53:02 elbe sshd[981]: Failed password for root from 123.30.236.149 port 50378 ssh2', 'Apr  6 16:57:57 elbe sshd[7448]: Failed password for root from 123.30.236.149 port 58704 ssh2'], 'failures': 5, 'mlfid': ' elbe sshd[981]: ', 'user': '', 'ip4': '123.30.236.149'}, 'ipmatches': 'Apr  6 16:53:02 elbe sshd[981]: Failed password for root from 123.30.236.149 port 50378 ssh2\nApr  6 16:57:57 elbe sshd[7448]: Failed password for root from 123.30.236.149 port 58704 ssh2', 'ipjailmatches': 'Apr  6 16:53:02 elbe sshd[981]: Failed password for root from 123.30.236.149 port 50378 ssh2\nApr  6 16:57:57 elbe sshd[7448]: Failed password for root from 123.30.236.149 port 58704 ssh2', 'ipfailures': 5, 'ipjailfailures': 5})': Error starting action Jail('sshd')/iptables-multiport
2020-04-06 17:02:51,288 fail2ban.filter         [507]: INFO    [sshd] Found 181.169.111.158 - 2020-04-06 17:02:51
2020-04-06 17:02:51,446 fail2ban.filter         [507]: INFO    [sshd] Found 123.30.236.149 - 2020-04-06 17:02:51
2020-04-06 17:02:56,456 fail2ban.filter         [507]: INFO    [sshd] Found 114.67.87.218 - 2020-04-06 17:02:56
2020-04-06 17:02:58,061 fail2ban.filter         [507]: INFO    [sshd] Found 114.67.87.218 - 2020-04-06 17:02:57
2020-04-06 17:03:20,766 fail2ban.filter         [507]: INFO    [sshd] Found 152.136.104.78 - 2020-04-06 17:03:20
2020-04-06 17:03:22,370 fail2ban.filter         [507]: INFO    [sshd] Found 152.136.104.78 - 2020-04-06 17:03:22
2020-04-06 17:03:22,972 fail2ban.actions        [507]: WARNING [sshd] 152.136.104.78 already banned
2020-04-06 17:03:45,957 fail2ban.filter         [507]: INFO    [sshd] Found 35.220.210.160 - 2020-04-06 17:03:45
2020-04-06 17:03:47,740 fail2ban.filter         [507]: INFO    [sshd] Found 35.220.210.160 - 2020-04-06 17:03:47
2020-04-06 17:03:47,807 fail2ban.actions        [507]: WARNING [sshd] 35.220.210.160 already banned

Kann mir jemand sagen was ich anstellen muss, damit Fail2Ban sauber läuft? Danke und Gruß aus Hamburg

Peter_Hase · Post by **Peter_Hase** » Mon 6. Apr 2020, 19:10

Fail2Ban wird von KeyHelp bereits eingerichtet, so wie auch Firewall(IPtables).

Ist das System ein Minimal Image gewesen? Das ist nämlich Vorausetzung

ThomasHH · Post by **ThomasHH** » Mon 6. Apr 2020, 20:33

Peter_Hase wrote: ↑Mon 6. Apr 2020, 19:10 Ist das System ein Minimal Image gewesen? Das ist nämlich Vorausetzung

Ja, war es. Ich habe es aber hin bekommen, indem ich dieser Anleitung gefolgt bin: viewtopic.php?f=16&t=8449

Fail2Ban produziert Fehler [GELÖST]

Fail2Ban produziert Fehler

Re: Fail2Ban produziert Fehler

Re: Fail2Ban produziert Fehler [GELÖST]