.png)
나는 몇 달 동안 아무런 문제 없이 Fail2ban을 사용해 왔지만 CentOS 업그레이드 후에는 작동이 멈췄습니다. iptables 항목을 생성하지 않는 것 같습니다. 나는 이미 Fail2ban 재시작, VPS 재시작 및 모든 기본 작업을 시도했습니다. 관련 오류는 다음과 같습니다.
안에 /var/log/fail2ban.log:
2020-01-12 12:15:52,994 fail2ban.actions [496]: NOTICE [postfix-reject-dynamo] Restore Ban 12.160.87.219
2020-01-12 12:15:54,684 fail2ban.utils [496]: #39-Lev. 7f4db54f9c90 -- exec: firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: 'filter'"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory"
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: 'Error occurred at line: 2'
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- returned 13
2020-01-12 12:15:54,686 fail2ban.actions [496]: ERROR Failed to execute ban jail 'postfix-reject-dynamo' action 'firewallcmd-allports' info 'ActionInfo({'ip': '12.160.87.219', 'fid': <function <lambda> at 0x7f4db41bf578>, 'family': 'inet4', 'raw-ticket': <function <lambda> at 0x7f4db41bfa28>})': Error starting action Jail('postfix-reject-dynamo')/firewallcmd-allports
안에 /var/log/firewalld:
2020-01-12 12:15:53 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed
2020-01-12 12:15:53 ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed
2020-01-12 12:15:54 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory
iptables -L산출:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
내용 /etc/systemd/system/multi-user.target.wants/fail2ban.service:
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service
PartOf=iptables.service firewalld.service
[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255
[Install]
WantedBy=multi-user.target
/var/log/fail2ban.log오류가 발생할 때까지의 전체 내용은 다음과 같습니다 .
2020-01-12 12:15:51,018 fail2ban.server [496]: INFO Starting Fail2ban v0.10.4
2020-01-12 12:15:51,037 fail2ban.database [496]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2020-01-12 12:15:51,183 fail2ban.jail [496]: INFO Creating new jail 'sshd'
2020-01-12 12:15:51,834 fail2ban.jail [496]: INFO Jail 'sshd' uses systemd {}
2020-01-12 12:15:51,836 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,837 fail2ban.filter [496]: INFO maxLines: 1
2020-01-12 12:15:51,878 fail2ban.filtersystemd [496]: INFO [sshd] Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2020-01-12 12:15:51,879 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,879 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,880 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,880 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,882 fail2ban.jail [496]: INFO Creating new jail 'webmin-auth'
2020-01-12 12:15:51,882 fail2ban.jail [496]: INFO Jail 'webmin-auth' uses systemd {}
2020-01-12 12:15:51,883 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,889 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,889 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,889 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,890 fail2ban.actions [496]: INFO banTime: 600
2020-01-12 12:15:51,891 fail2ban.jail [496]: INFO Creating new jail 'proftpd'
2020-01-12 12:15:51,891 fail2ban.jail [496]: INFO Jail 'proftpd' uses systemd {}
2020-01-12 12:15:51,893 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,898 fail2ban.filtersystemd [496]: INFO [proftpd] Added journal match for: '_SYSTEMD_UNIT=proftpd.service'
2020-01-12 12:15:51,899 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,899 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,899 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,900 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,901 fail2ban.jail [496]: INFO Creating new jail 'postfix'
2020-01-12 12:15:51,901 fail2ban.jail [496]: INFO Jail 'postfix' uses systemd {}
2020-01-12 12:15:51,902 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,913 fail2ban.filtersystemd [496]: INFO [postfix] Added journal match for: '_SYSTEMD_UNIT=postfix.service'
2020-01-12 12:15:51,914 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,914 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,914 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,915 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,916 fail2ban.jail [496]: INFO Creating new jail 'dovecot'
2020-01-12 12:15:51,916 fail2ban.jail [496]: INFO Jail 'dovecot' uses systemd {}
2020-01-12 12:15:51,917 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,926 fail2ban.filtersystemd [496]: INFO [dovecot] Added journal match for: '_SYSTEMD_UNIT=dovecot.service'
2020-01-12 12:15:51,926 fail2ban.datedetector [496]: INFO date pattern `''`: `{^LN-BEG}TAI64N`
2020-01-12 12:15:51,927 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,927 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,928 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,928 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,929 fail2ban.jail [496]: INFO Creating new jail 'postfix-reject-dynamo'
2020-01-12 12:15:52,032 fail2ban.jail [496]: INFO Jail 'postfix-reject-dynamo' uses poller {}
2020-01-12 12:15:52,033 fail2ban.jail [496]: INFO Initiated 'polling' backend
2020-01-12 12:15:52,118 fail2ban.filter [496]: INFO Added logfile: '/var/log/maillog' (pos = 17320260, hash = 48479d10b4c7d022471955ff13511a8c)
2020-01-12 12:15:52,119 fail2ban.filter [496]: INFO maxRetry: 3
2020-01-12 12:15:52,119 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:52,120 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:52,120 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:52,222 fail2ban.jail [496]: INFO Jail 'sshd' started
2020-01-12 12:15:52,260 fail2ban.filtersystemd [496]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2020-01-12 12:15:52,269 fail2ban.jail [496]: INFO Jail 'webmin-auth' started
2020-01-12 12:15:52,401 fail2ban.jail [496]: INFO Jail 'proftpd' started
2020-01-12 12:15:52,659 fail2ban.jail [496]: INFO Jail 'postfix' started
2020-01-12 12:15:52,787 fail2ban.jail [496]: INFO Jail 'dovecot' started
2020-01-12 12:15:52,800 fail2ban.jail [496]: INFO Jail 'postfix-reject-dynamo' started
2020-01-12 12:15:52,994 fail2ban.actions [496]: NOTICE [postfix-reject-dynamo] Restore Ban 12.160.87.219
2020-01-12 12:15:54,684 fail2ban.utils [496]: #39-Lev. 7f4db54f9c90 -- exec: firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: 'filter'"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory"
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: 'Error occurred at line: 2'
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- returned 13
2020-01-12 12:15:54,686 fail2ban.actions [496]: ERROR Failed to execute ban jail 'postfix-reject-dynamo' action 'firewallcmd-allports' info 'ActionInfo({'ip': '12.160.87.219', 'fid': <function <lambda> at 0x7f4db41bf578>, 'family': 'inet4', 'raw-ticket': <function <lambda> at 0x7f4db41bfa28>})': Error starting action Jail('postfix-reject-dynamo')/firewallcmd-allports
CentOS Linux 릴리스 7.7.1908(코어)
여기서 무슨 일이 일어나고 있는지 전혀 모르겠습니다..
당신의 도움에 감사드립니다.
답변1
Firewalld에 오류가 발생했습니다.
글쎄, 이것은 Fail2ban 오류가 아닙니다.
기본적으로 fall2ban은 다음 명령을 실행하려고 시도합니다(쉘에서 루트로 직접 시도해 볼 수 있음).
firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
어떤 이유로든 firewall-cmd방화벽 iptables-restore-cmd에서 내부적으로 사용되는 것으로 보이며 다음과 같이 실패합니다.
Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory
일반적으로 이 메시지는 이 체인을 생성하기 때문에 의미가 없으며 이 오류는 어떤 이유로 아직 존재하지 않는 firewall-cmd일부 규칙 대상 체인을 생성하는 것처럼 보입니다 . f2b-postfix-reject-dynamo이 (존재하지 않는) 체인을 대상으로 하는 일부 지속적인 규칙이 있는지 확인하고 이를 복구(또는 제거)해야 합니다.
예를 들어 첫 번째 명령 없이 이를 실행하려고 하면 동일한 오류가 표시됩니다.
# ## iptables -w -N f2b-test-chain; # this creates a chain
# iptables -w -I INPUT 1 -j f2b-test-chain; # insert rule to INPUT chain targeting f2b-test-chain
...
iptables v1.6.0: Couldn't load target `f2b-test-chain':No such file or directory
이는 오류임이 분명합니다(체인을 생성하는 첫 번째 명령이 주석 처리되어 있습니다).
따라서 복원을 시도하는 일부 내부 스트림 방화벽이 iptables-restore잘못된 것 같습니다(잘못된 참조가 포함되어 있음).
그런데 왜 방화벽 대신 iptable을 직접 사용하지 않습니까?