Por que o fail2ban 0.8 não é iniciado corretamente no Debain 7 Wheezy x64?
Oi,
Estou tentando configurar o fail2ban para trabalhar com o APF. Mas primeiro, seria ótimo se o fail2ban pudesse começar.
root@akdom:/var/log# /etc/init.d/fail2ban start
[ **ok** ] Starting authentication failure monitor: fail2ban.
root@akdom:/var/log# /etc/init.d/fail2ban status
[**FAIL**] Status of authentication failure monitor:[....] fail2ban is not running ... **failed**!
root@akdom:/var/log#
/etc/fail2ban/jail.local (mesmo conteúdo no jail.conf)
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 600
maxretry = 3
findtime = 600
backend = auto
#
# ACTIONS
#
banaction = apf
mta = sendmail
protocol = tcp
chain = INPUT
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(cha$
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(c$
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", cha$
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%($
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, $
action = %(action_)s
#JAIL
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/auth.log
maxretry = 5
fail2ban.conf
socket = /var/run/fail2ban/fail2ban.sock (This file doesn'T exist, prehaps because fail2ban is not lauched properly)
É importante para mim configurá-lo rapidamente porque a China gosta do IP do meu servidor (de acordo com o auth.log):)
Olhando no DuckDuckGo, encontrei algumas informações sobre solução de problemas: Eu tentei remover e instalá-lo novamente. O fail2ban-regex funciona perfeitamente e retorna mais de 10000 resultados nos últimos 2 dias. O caminho auth.log é válido.
Agora, estou pensando em instalar a versão de pré-lançamento 0.9 para ver se está funcionando.
Alguma ideia para fazer isso funcionar?
Obrigado
EDITAR Com set -x em /etc/init.d/fail2ban
Comando: /etc/init.d/fail2ban start
/var/log/fail2ban.log ainda vazio.
root@akdom:/etc/fail2ban# /etc/init.d/fail2ban start
+ DESC=authentication failure monitor
+ NAME=fail2ban
+ DAEMON=/usr/bin/fail2ban-client
+ SCRIPTNAME=/etc/init.d/fail2ban
+ grep+ sed -h ^[^#]*socket *= /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local -e s/.*socket *= *//g
-e s/ *$//g
+ tail -n 1
+ SOCKFILE=/var/run/fail2ban/fail2ban.sock
+ [ -z /var/run/fail2ban/fail2ban.sock ]
+ [ -x /usr/bin/fail2ban-client ]
+ FAIL2BAN_USER=root
+ [ -r /etc/default/fail2ban ]
+ . /etc/default/fail2ban
+ FAIL2BAN_OPTS=
+ DAEMON_ARGS=
+ [ -f /etc/default/rcS ]
+ . /etc/default/rcS
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ command=start
+ [ != no ]
+ log_daemon_msg Starting authentication failure monitor fail2ban
+ [ -z Starting authentication failure monitor ]
+ log_daemon_msg_pre Starting authentication failure monitor fail2ban
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z ]
+ FANCYTTY=1
+ true
+ /bin/echo -n [....]
[....] + [ -z fail2ban ]
+ /bin/echo -n Starting authentication failure monitor: fail2ban
Starting authentication failure monitor: fail2ban+ log_daemon_msg_post Starting authentication failure monitor fail2ban
+ :
+ do_start start
+ do_status
+ /usr/bin/fail2ban-client ping
+ return 255
+ [ -e /var/run/fail2ban/fail2ban.sock ]
+ [ -d /var/run/fail2ban ]
+ [ root != root ]
+ start-stop-daemon --start --quiet --chuid root --exec /usr/bin/fail2ban-client -- start
+ return 2
+ [ != no ]
+ log_end_msg_wrapper 0 2
+ [ 0 -lt 2 ]
+ value=0
+ log_end_msg 0
+ [ -z 0 ]
+ local retval
+ retval=0
+ log_end_msg_pre 0
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 2
+ GREEN=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ /usr/bin/tput civis
+ /usr/bin/tput sc
+ /usr/bin/tput hpa 0
+ [ 0 -eq 0 ]
+ /bin/echo -ne [ ok
[ ok + /usr/bin/tput rc
+ /usr/bin/tput cnorm
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ [ 0 -eq 0 ]
+ echo .
.
+ log_end_msg_post 0
+ :
+ return 0
+ :
root@akdom:/etc/fail2ban#
EDITAR
Regras do iptables
root@akdom:~# iptables -L -n --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
root@akdom:~#
/etc/init.d/fail2ban restart
root@akdom:~# /etc/init.d/fail2ban restart
+ DESC=authentication failure monitor
+ NAME=fail2ban
+ DAEMON=/usr/bin/fail2ban-client
+ SCRIPTNAME=/etc/init.d/fail2ban
+ tail -n 1
+ sed -e s/.*socket *= *//g -e s/ *$//g
+ grep -h ^[^#]*socket *= /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
+ SOCKFILE=/var/run/fail2ban/fail2ban.sock
+ [ -z /var/run/fail2ban/fail2ban.sock ]
+ [ -x /usr/bin/fail2ban-client ]
+ FAIL2BAN_USER=root
+ [ -r /etc/default/fail2ban ]
+ . /etc/default/fail2ban
+ FAIL2BAN_OPTS=
+ DAEMON_ARGS=
+ [ -f /etc/default/rcS ]
+ . /etc/default/rcS
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ command=restart
+ log_daemon_msg Restarting authentication failure monitor fail2ban
+ [ -z Restarting authentication failure monitor ]
+ log_daemon_msg_pre Restarting authentication failure monitor fail2ban
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z ]
+ FANCYTTY=1
+ true
+ /bin/echo -n [....]
[....] + [ -z fail2ban ]
+ /bin/echo -n Restarting authentication failure monitor: fail2ban
Restarting authentication failure monitor: fail2ban+ log_daemon_msg_post Restarting authentication failure monitor fail2ban
+ :
+ do_stop
+ /usr/bin/fail2ban-client status
+ return 1
+ do_start
+ do_status
+ /usr/bin/fail2ban-client ping
+ return 255
+ [ -e /var/run/fail2ban/fail2ban.sock ]
+ [ -d /var/run/fail2ban ]
+ [ root != root ]
+ start-stop-daemon --start --quiet --chuid root --exec /usr/bin/fail2ban-client -- start
+ return 2
+ log_end_msg_wrapper 2 1
+ [ 2 -lt 1 ]
+ value=1
+ log_end_msg 1
+ [ -z 1 ]
+ local retval
+ retval=1
+ log_end_msg_pre 1
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 2
+ GREEN=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ /usr/bin/tput civis
+ /usr/bin/tput sc
+ /usr/bin/tput hpa 0
+ [ 1 -eq 0 ]
+ [ 1 -eq 255 ]
+ /bin/echo -ne [FAIL
[FAIL+ /usr/bin/tput rc
+ /usr/bin/tput cnorm
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ [ 1 -eq 0 ]
+ [ 1 -eq 255 ]
+ /bin/echo -e failed!
failed!
+ log_end_msg_post 1
+ :
+ return 1
Tive o mesmo problema. Há alguns parâmetros de configuração obsoletos na nova versão do fail2ban.
Seguir os passos corrigidos. Primeiro desinstale com a exclusão de todos os arquivos de configuração:
apt-get remove fail2ban --purge
Depois disso, reinstale:
apt-get install fail2ban
Após esses passos, sua configuração está nas configurações padrão e deve ser editada de acordo com suas necessidades.
Tente executar o seguinte comando:
start-stop-daemon --start --quiet --chuid fail2ban --exec /usr/bin/fail2ban-client -- start
Remova "--chuid fail2ban" se você executar o fail2ban como root - o padrão. Isso deve mostrar os erros na sua configuração que estão impedindo o servidor de iniciar.
Tags fail2ban debian-wheezy