.png)
He estado usando fail2ban durante meses sin ningún problema, pero después de una actualización de CentOS dejó de funcionar. Parece que no crea las entradas de iptables. Ya intenté reiniciar fail2ban, reiniciar el VPS y todo lo básico. Los errores relevantes son:
En /var/log/fail2ban.log:
2020-01-12 12:15:52,994 fail2ban.actions [496]: NOTICE [postfix-reject-dynamo] Restore Ban 12.160.87.219
2020-01-12 12:15:54,684 fail2ban.utils [496]: #39-Lev. 7f4db54f9c90 -- exec: firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: 'filter'"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory"
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: 'Error occurred at line: 2'
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- returned 13
2020-01-12 12:15:54,686 fail2ban.actions [496]: ERROR Failed to execute ban jail 'postfix-reject-dynamo' action 'firewallcmd-allports' info 'ActionInfo({'ip': '12.160.87.219', 'fid': <function <lambda> at 0x7f4db41bf578>, 'family': 'inet4', 'raw-ticket': <function <lambda> at 0x7f4db41bfa28>})': Error starting action Jail('postfix-reject-dynamo')/firewallcmd-allports
En /var/log/firewalld:
2020-01-12 12:15:53 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed
2020-01-12 12:15:53 ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed
2020-01-12 12:15:54 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory
iptables -Lproducción:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Contenido de /etc/systemd/system/multi-user.target.wants/fail2ban.service:
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service
PartOf=iptables.service firewalld.service
[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255
[Install]
WantedBy=multi-user.target
Aquí está el completo /var/log/fail2ban.loghasta que ocurre el error:
2020-01-12 12:15:51,018 fail2ban.server [496]: INFO Starting Fail2ban v0.10.4
2020-01-12 12:15:51,037 fail2ban.database [496]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2020-01-12 12:15:51,183 fail2ban.jail [496]: INFO Creating new jail 'sshd'
2020-01-12 12:15:51,834 fail2ban.jail [496]: INFO Jail 'sshd' uses systemd {}
2020-01-12 12:15:51,836 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,837 fail2ban.filter [496]: INFO maxLines: 1
2020-01-12 12:15:51,878 fail2ban.filtersystemd [496]: INFO [sshd] Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2020-01-12 12:15:51,879 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,879 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,880 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,880 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,882 fail2ban.jail [496]: INFO Creating new jail 'webmin-auth'
2020-01-12 12:15:51,882 fail2ban.jail [496]: INFO Jail 'webmin-auth' uses systemd {}
2020-01-12 12:15:51,883 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,889 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,889 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,889 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,890 fail2ban.actions [496]: INFO banTime: 600
2020-01-12 12:15:51,891 fail2ban.jail [496]: INFO Creating new jail 'proftpd'
2020-01-12 12:15:51,891 fail2ban.jail [496]: INFO Jail 'proftpd' uses systemd {}
2020-01-12 12:15:51,893 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,898 fail2ban.filtersystemd [496]: INFO [proftpd] Added journal match for: '_SYSTEMD_UNIT=proftpd.service'
2020-01-12 12:15:51,899 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,899 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,899 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,900 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,901 fail2ban.jail [496]: INFO Creating new jail 'postfix'
2020-01-12 12:15:51,901 fail2ban.jail [496]: INFO Jail 'postfix' uses systemd {}
2020-01-12 12:15:51,902 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,913 fail2ban.filtersystemd [496]: INFO [postfix] Added journal match for: '_SYSTEMD_UNIT=postfix.service'
2020-01-12 12:15:51,914 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,914 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,914 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,915 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,916 fail2ban.jail [496]: INFO Creating new jail 'dovecot'
2020-01-12 12:15:51,916 fail2ban.jail [496]: INFO Jail 'dovecot' uses systemd {}
2020-01-12 12:15:51,917 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,926 fail2ban.filtersystemd [496]: INFO [dovecot] Added journal match for: '_SYSTEMD_UNIT=dovecot.service'
2020-01-12 12:15:51,926 fail2ban.datedetector [496]: INFO date pattern `''`: `{^LN-BEG}TAI64N`
2020-01-12 12:15:51,927 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,927 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,928 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,928 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,929 fail2ban.jail [496]: INFO Creating new jail 'postfix-reject-dynamo'
2020-01-12 12:15:52,032 fail2ban.jail [496]: INFO Jail 'postfix-reject-dynamo' uses poller {}
2020-01-12 12:15:52,033 fail2ban.jail [496]: INFO Initiated 'polling' backend
2020-01-12 12:15:52,118 fail2ban.filter [496]: INFO Added logfile: '/var/log/maillog' (pos = 17320260, hash = 48479d10b4c7d022471955ff13511a8c)
2020-01-12 12:15:52,119 fail2ban.filter [496]: INFO maxRetry: 3
2020-01-12 12:15:52,119 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:52,120 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:52,120 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:52,222 fail2ban.jail [496]: INFO Jail 'sshd' started
2020-01-12 12:15:52,260 fail2ban.filtersystemd [496]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2020-01-12 12:15:52,269 fail2ban.jail [496]: INFO Jail 'webmin-auth' started
2020-01-12 12:15:52,401 fail2ban.jail [496]: INFO Jail 'proftpd' started
2020-01-12 12:15:52,659 fail2ban.jail [496]: INFO Jail 'postfix' started
2020-01-12 12:15:52,787 fail2ban.jail [496]: INFO Jail 'dovecot' started
2020-01-12 12:15:52,800 fail2ban.jail [496]: INFO Jail 'postfix-reject-dynamo' started
2020-01-12 12:15:52,994 fail2ban.actions [496]: NOTICE [postfix-reject-dynamo] Restore Ban 12.160.87.219
2020-01-12 12:15:54,684 fail2ban.utils [496]: #39-Lev. 7f4db54f9c90 -- exec: firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: 'filter'"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory"
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: 'Error occurred at line: 2'
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- returned 13
2020-01-12 12:15:54,686 fail2ban.actions [496]: ERROR Failed to execute ban jail 'postfix-reject-dynamo' action 'firewallcmd-allports' info 'ActionInfo({'ip': '12.160.87.219', 'fid': <function <lambda> at 0x7f4db41bf578>, 'family': 'inet4', 'raw-ticket': <function <lambda> at 0x7f4db41bfa28>})': Error starting action Jail('postfix-reject-dynamo')/firewallcmd-allports
CentOS Linux versión 7.7.1908 (Núcleo)
No tengo ni idea de lo que está pasando aquí..
Aprecio tu ayuda.
Respuesta1
error fail2ban con firewalld...
Bueno, esto no es un error fail2ban.
Básicamente, fail2ban intenta ejecutar los siguientes comandos (puedes intentarlo tú mismo en Shell como root):
firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
Por alguna razón firewall-cmdo más bien iptables-restore, que parece ser utilizada internamente por firewall-cmd, falla con:
Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory
Normalmente, este mensaje no tiene sentido porque firewall-cmdse está creando esta cadena y este error parece que crearía una cadena de orientación de reglas f2b-postfix-reject-dynamoque todavía no existe por algún motivo. Debe verificar si existen algunas reglas persistentes dirigidas a esta cadena (inexistente) y repararla (o eliminarla).
Por ejemplo, verás el mismo error si intentas ejecutar esto sin el primer comando:
# ## iptables -w -N f2b-test-chain; # this creates a chain
# iptables -w -I INPUT 1 -j f2b-test-chain; # insert rule to INPUT chain targeting f2b-test-chain
...
iptables v1.6.0: Couldn't load target `f2b-test-chain':No such file or directory
lo cual es un error bastante claro (se comenta el primer comando que crea una cadena).
Por lo tanto, algunos cortafuegos de flujo interno que intentan restaurar el uso iptables-restoreparecen ser incorrectos (contiene referencias no válidas).
Por cierto, ¿por qué no usas directamente iptables en lugar de firewalld?