Warum startet fail2ban 0.8 auf Debain 7 Wheezy x64 nicht richtig?

tag-icon tag-icon fail2ban debian-wheezy
Warum startet fail2ban 0.8 auf Debain 7 Wheezy x64 nicht richtig?

Warum startet fail2ban 0.8 auf Debain 7 Wheezy x64 nicht richtig?

Hallo,

Ich versuche, fail2ban so zu konfigurieren, dass es mit APF funktioniert. Aber zuerst wäre es toll, wenn fail2ban gestartet werden könnte.

root@akdom:/var/log# /etc/init.d/fail2ban start
[ **ok** ] Starting authentication failure monitor: fail2ban.
root@akdom:/var/log# /etc/init.d/fail2ban status
[**FAIL**] Status of authentication failure monitor:[....] fail2ban is not running ... **failed**!
root@akdom:/var/log#

/etc/fail2ban/jail.local (Gleicher Inhalt in jail.conf)

[DEFAULT]

ignoreip = 127.0.0.1/8
bantime  = 600
maxretry = 3

findtime = 600

backend = auto


#
# ACTIONS
#
banaction = apf

mta = sendmail
protocol = tcp
chain = INPUT

action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(cha$

action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(c$
              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", cha$

action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%($
               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, $

action = %(action_)s

#JAIL
[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 6

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]

logpath = /var/log/auth.log

maxretry = 5

fail2ban.conf

socket = /var/run/fail2ban/fail2ban.sock (This file doesn'T exist, prehaps because fail2ban is not lauched properly)

Für mich ist es wichtig, es schnell einzurichten, da China die IP meines Servers mag (laut auth.log) :)

Beim Suchen auf DuckDuckGo habe ich einige Informationen zur Fehlerbehebung gefunden: Ich habe versucht, es zu entfernen und erneut zu installieren. fail2ban-regex funktioniert perfekt und hat in den letzten 2 Tagen mehr als 10.000 Ergebnisse zurückgegeben. Der auth.log-Pfad ist gültig.

Jetzt überlege ich, die Vorabversion 0.9 zu installieren, um zu sehen, ob sie funktioniert.

Irgendeine Idee, wie es funktioniert?

Danke

BEARBEITEN Mit set -x in /etc/init.d/fail2ban

Befehl: /etc/init.d/fail2ban start

/var/log/fail2ban.log immer noch leer.

root@akdom:/etc/fail2ban# /etc/init.d/fail2ban start
+ DESC=authentication failure monitor
+ NAME=fail2ban
+ DAEMON=/usr/bin/fail2ban-client
+ SCRIPTNAME=/etc/init.d/fail2ban
+ grep+ sed -h ^[^#]*socket *= /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local -e s/.*socket *= *//g
 -e s/ *$//g
+ tail -n 1
+ SOCKFILE=/var/run/fail2ban/fail2ban.sock
+ [ -z /var/run/fail2ban/fail2ban.sock ]
+ [ -x /usr/bin/fail2ban-client ]
+ FAIL2BAN_USER=root
+ [ -r /etc/default/fail2ban ]
+ . /etc/default/fail2ban
+ FAIL2BAN_OPTS=
+ DAEMON_ARGS=
+ [ -f /etc/default/rcS ]
+ . /etc/default/rcS
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ command=start
+ [  != no ]
+ log_daemon_msg Starting authentication failure monitor fail2ban
+ [ -z Starting authentication failure monitor ]
+ log_daemon_msg_pre Starting authentication failure monitor fail2ban
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z ]
+ FANCYTTY=1
+ true
+ /bin/echo -n [....]
[....] + [ -z fail2ban ]
+ /bin/echo -n Starting authentication failure monitor: fail2ban
Starting authentication failure monitor: fail2ban+ log_daemon_msg_post Starting authentication failure monitor fail2ban
+ :
+ do_start start
+ do_status
+ /usr/bin/fail2ban-client ping
+ return 255
+ [ -e /var/run/fail2ban/fail2ban.sock ]
+ [ -d /var/run/fail2ban ]
+ [ root != root ]
+ start-stop-daemon --start --quiet --chuid root --exec /usr/bin/fail2ban-client -- start
+ return 2
+ [  != no ]
+ log_end_msg_wrapper 0 2
+ [ 0 -lt 2 ]
+ value=0
+ log_end_msg 0
+ [ -z 0 ]
+ local retval
+ retval=0
+ log_end_msg_pre 0
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 2
+ GREEN=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ /usr/bin/tput civis
+ /usr/bin/tput sc
+ /usr/bin/tput hpa 0
+ [ 0 -eq 0 ]
+ /bin/echo -ne [ ok
[ ok + /usr/bin/tput rc
+ /usr/bin/tput cnorm
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ [ 0 -eq 0 ]
+ echo .
.
+ log_end_msg_post 0
+ :
+ return 0
+ :
root@akdom:/etc/fail2ban#

BEARBEITEN

iptables-Regeln

root@akdom:~# iptables -L -n --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
root@akdom:~#

/etc/init.d/fail2ban Neustart

root@akdom:~# /etc/init.d/fail2ban restart
+ DESC=authentication failure monitor
+ NAME=fail2ban
+ DAEMON=/usr/bin/fail2ban-client
+ SCRIPTNAME=/etc/init.d/fail2ban
+ tail -n 1
+ sed -e s/.*socket *= *//g -e s/ *$//g
+ grep -h ^[^#]*socket *= /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
+ SOCKFILE=/var/run/fail2ban/fail2ban.sock
+ [ -z /var/run/fail2ban/fail2ban.sock ]
+ [ -x /usr/bin/fail2ban-client ]
+ FAIL2BAN_USER=root
+ [ -r /etc/default/fail2ban ]
+ . /etc/default/fail2ban
+ FAIL2BAN_OPTS=
+ DAEMON_ARGS=
+ [ -f /etc/default/rcS ]
+ . /etc/default/rcS
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ command=restart
+ log_daemon_msg Restarting authentication failure monitor fail2ban
+ [ -z Restarting authentication failure monitor ]
+ log_daemon_msg_pre Restarting authentication failure monitor fail2ban
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z ]
+ FANCYTTY=1
+ true
+ /bin/echo -n [....]
[....] + [ -z fail2ban ]
+ /bin/echo -n Restarting authentication failure monitor: fail2ban
Restarting authentication failure monitor: fail2ban+ log_daemon_msg_post Restarting authentication failure monitor fail2ban
+ :
+ do_stop
+ /usr/bin/fail2ban-client status
+ return 1
+ do_start
+ do_status
+ /usr/bin/fail2ban-client ping
+ return 255
+ [ -e /var/run/fail2ban/fail2ban.sock ]
+ [ -d /var/run/fail2ban ]
+ [ root != root ]
+ start-stop-daemon --start --quiet --chuid root --exec /usr/bin/fail2ban-client -- start
+ return 2
+ log_end_msg_wrapper 2 1
+ [ 2 -lt 1 ]
+ value=1
+ log_end_msg 1
+ [ -z 1 ]
+ local retval
+ retval=1
+ log_end_msg_pre 1
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 2
+ GREEN=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ /usr/bin/tput civis
+ /usr/bin/tput sc
+ /usr/bin/tput hpa 0
+ [ 1 -eq 0 ]
+ [ 1 -eq 255 ]
+ /bin/echo -ne [FAIL
[FAIL+ /usr/bin/tput rc
+ /usr/bin/tput cnorm
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ [ 1 -eq 0 ]
+ [ 1 -eq 255 ]
+ /bin/echo -e  failed!
 failed!
+ log_end_msg_post 1
+ :
+ return 1
  • :

Antwort1

Hatte das gleiche Problem. In der neuen Version von fail2ban gibt es einige veraltete Konfigurationsparameter.

Die folgenden Schritte haben das Problem behoben. Zuerst deinstallieren und alle Konfigurationsdateien löschen:

apt-get remove fail2ban --purge

Führen Sie anschließend eine Neuinstallation durch:

apt-get install fail2ban

Nach diesen Schritten hat Ihre Konfiguration die Standardeinstellungen und sollte entsprechend Ihren Anforderungen bearbeitet werden.

Antwort2

Versuchen Sie, den folgenden Befehl auszuführen:

start-stop-daemon --start --quiet --chuid fail2ban --exec /usr/bin/fail2ban-client -- start

Entfernen Sie "--chuid fail2ban", wenn Sie fail2ban als Root ausführen (Standard). Dies sollte Ihnen die Fehler in Ihrer Konfiguration anzeigen, die den Serverstart verhindern.

verwandte Informationen