А fail2ban вообще работает??!
А fail2ban вообще работает??!
Последняя веста на 9 дебиане. Настроены несколько своих правил в fail2ban (создавал в /etc/fail2ban/filter.d), прописал в fail2ban уже через панель, а не в конфигах.
В логах fail2ban видно исполнение правила и потом множественные записи already banned. В iptables видно правило соответствующей секции, в случае исполнения события IP становится REJECT, но по факту этот адрес по-прежнему имеет доступ.
Если же забанить IP напрямую руками в настройках фаервола в панели - он банится. Причем срабатывает правило, только если указать порт. Без порта тоже не работает блокировка - тоже непонятно.
Что я делаю не так? Почему iptables не срабатывает по команде файл2бана?
В логах fail2ban видно исполнение правила и потом множественные записи already banned. В iptables видно правило соответствующей секции, в случае исполнения события IP становится REJECT, но по факту этот адрес по-прежнему имеет доступ.
Если же забанить IP напрямую руками в настройках фаервола в панели - он банится. Причем срабатывает правило, только если указать порт. Без порта тоже не работает блокировка - тоже непонятно.
Что я делаю не так? Почему iptables не срабатывает по команде файл2бана?
Re: А fail2ban вообще работает??!
Плюс логе вот такое:
SpoilerShow
2018-09-27 18:05:33,152 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule1[ \t]' -- stdout: b''
2018-09-27 18:05:33,153 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule1[ \t]' -- stderr: b''
2018-09-27 18:05:33,153 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule1[ \t]' -- returned 1
2018-09-27 18:05:33,153 fail2ban.CommandAction [22024]: ERROR Invariant check failed. Trying to restore a sane environment
2018-09-27 18:05:34,119 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule1 -s 188.230.238.79 -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2018-09-27 18:05:34,120 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule1 -s 188.230.238.79 -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
2018-09-27 18:05:34,120 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule1 -s 188.230.238.79 -j REJECT --reject-with icmp-port-unreachable -- returned 1
2018-09-27 18:05:34,120 fail2ban.actions [22024]: ERROR Failed to execute unban jail 'rule1' action 'iptables-multiport' info '{'matches': '188.230.238.79 - - [27/Sep/2018:10:27:23 +0300] "GET /rule1/index.php?route=common/login HTTP/1.0" 403 1689 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2900.63 Safari/537.36"', 'failures': 1, 'ip': '188.230.238.79', 'time': 1538059831.0357623}': Error unbanning 188.230.238.79
2018-09-27 18:05:34,251 fail2ban.jail [22024]: INFO Jail 'rule1' stopped
2018-09-27 18:05:35,185 fail2ban.jail [22024]: INFO Jail 'cgibin-auth' stopped
2018-09-27 18:05:36,573 fail2ban.jail [22024]: INFO Jail 'ssh-iptables' stopped
2018-09-27 18:05:36,939 fail2ban.actions [22024]: NOTICE [rule2] Unban 104.131.27.166
2018-09-27 18:05:37,053 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule2[ \t]' -- stdout: b''
2018-09-27 18:05:37,054 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule2[ \t]' -- stderr: b''
2018-09-27 18:05:37,054 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule2[ \t]' -- returned 1
2018-09-27 18:05:37,054 fail2ban.CommandAction [22024]: ERROR Invariant check failed. Trying to restore a sane environment
2018-09-27 18:05:37,720 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 104.131.27.166 -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2018-09-27 18:05:37,720 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 104.131.27.166 -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
2018-09-27 18:05:37,721 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 104.131.27.166 -j REJECT --reject-with icmp-port-unreachable -- returned 1
2018-09-27 18:05:37,721 fail2ban.actions [22024]: ERROR Failed to execute unban jail 'rule2' action 'iptables-multiport' info '{'matches': '104.131.27.166 - - [27/Sep/2018:03:54:56 +0300] "GET /path/scripts/setup.php HTTP/1.0" 404 40116 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"', 'failures': 1, 'ip': '104.131.27.166', 'time': 1538059829.0856495}': Error unbanning 104.131.27.166
2018-09-27 18:05:37,721 fail2ban.actions [22024]: NOTICE [rule2] Unban 107.170.20.63
2018-09-27 18:05:38,099 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 107.170.20.63 -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2018-09-27 18:05:38,099 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 107.170.20.63 -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
2018-09-27 18:05:38,100 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 107.170.20.63 -j REJECT --reject-with icmp-port-unreachable -- returned 1
2018-09-27 18:05:38,100 fail2ban.actions [22024]: ERROR Failed to execute unban jail 'rule2' action 'iptables-multiport' info '{'matches': '107.170.20.63 - - [27/Sep/2018:07:30:03 +0300] "GET /path/scripts/setup.php HTTP/1.0" 404 40116 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"', 'failures': 1, 'ip': '107.170.20.63', 'time': 1538059829.3500142}': Error unbanning 107.170.20.63
2018-09-27 18:05:38,100 fail2ban.actions [22024]: NOTICE [rule2] Unban 113.201.62.253
2018-09-27 18:05:38,378 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 113.201.62.253 -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2018-09-27 18:05:38,378 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 113.201.62.253 -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
2018-09-27 18:05:38,378 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 113.201.62.253 -j REJECT --reject-with icmp-port-unreachable -- returned 1
2018-09-27 18:05:38,378 fail2ban.actions [22024]: ERROR Failed to execute unban jail 'rule2' action 'iptables-multiport' info '{'matches': '113.201.62.253 - - [26/Sep/2018:22:28:06 +0300] "GET /path/scripts/setup.php HTTP/1.0" 404 40116 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"', 'failures': 1, 'ip': '113.201.62.253', 'time': 1538059829.7506356}': Error unbanning 113.201.62.253
2018-09-27 18:05:38,379 fail2ban.actions [22024]: NOTICE [rule2] Unban 182.18.144.44
2018-09-27 18:05:38,678 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 182.18.144.44 -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2018-09-27 18:05:38,679 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 182.18.144.44 -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
2018-09-27 18:05:33,153 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule1[ \t]' -- stderr: b''
2018-09-27 18:05:33,153 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule1[ \t]' -- returned 1
2018-09-27 18:05:33,153 fail2ban.CommandAction [22024]: ERROR Invariant check failed. Trying to restore a sane environment
2018-09-27 18:05:34,119 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule1 -s 188.230.238.79 -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2018-09-27 18:05:34,120 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule1 -s 188.230.238.79 -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
2018-09-27 18:05:34,120 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule1 -s 188.230.238.79 -j REJECT --reject-with icmp-port-unreachable -- returned 1
2018-09-27 18:05:34,120 fail2ban.actions [22024]: ERROR Failed to execute unban jail 'rule1' action 'iptables-multiport' info '{'matches': '188.230.238.79 - - [27/Sep/2018:10:27:23 +0300] "GET /rule1/index.php?route=common/login HTTP/1.0" 403 1689 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2900.63 Safari/537.36"', 'failures': 1, 'ip': '188.230.238.79', 'time': 1538059831.0357623}': Error unbanning 188.230.238.79
2018-09-27 18:05:34,251 fail2ban.jail [22024]: INFO Jail 'rule1' stopped
2018-09-27 18:05:35,185 fail2ban.jail [22024]: INFO Jail 'cgibin-auth' stopped
2018-09-27 18:05:36,573 fail2ban.jail [22024]: INFO Jail 'ssh-iptables' stopped
2018-09-27 18:05:36,939 fail2ban.actions [22024]: NOTICE [rule2] Unban 104.131.27.166
2018-09-27 18:05:37,053 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule2[ \t]' -- stdout: b''
2018-09-27 18:05:37,054 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule2[ \t]' -- stderr: b''
2018-09-27 18:05:37,054 fail2ban.action [22024]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-rule2[ \t]' -- returned 1
2018-09-27 18:05:37,054 fail2ban.CommandAction [22024]: ERROR Invariant check failed. Trying to restore a sane environment
2018-09-27 18:05:37,720 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 104.131.27.166 -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2018-09-27 18:05:37,720 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 104.131.27.166 -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
2018-09-27 18:05:37,721 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 104.131.27.166 -j REJECT --reject-with icmp-port-unreachable -- returned 1
2018-09-27 18:05:37,721 fail2ban.actions [22024]: ERROR Failed to execute unban jail 'rule2' action 'iptables-multiport' info '{'matches': '104.131.27.166 - - [27/Sep/2018:03:54:56 +0300] "GET /path/scripts/setup.php HTTP/1.0" 404 40116 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"', 'failures': 1, 'ip': '104.131.27.166', 'time': 1538059829.0856495}': Error unbanning 104.131.27.166
2018-09-27 18:05:37,721 fail2ban.actions [22024]: NOTICE [rule2] Unban 107.170.20.63
2018-09-27 18:05:38,099 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 107.170.20.63 -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2018-09-27 18:05:38,099 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 107.170.20.63 -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
2018-09-27 18:05:38,100 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 107.170.20.63 -j REJECT --reject-with icmp-port-unreachable -- returned 1
2018-09-27 18:05:38,100 fail2ban.actions [22024]: ERROR Failed to execute unban jail 'rule2' action 'iptables-multiport' info '{'matches': '107.170.20.63 - - [27/Sep/2018:07:30:03 +0300] "GET /path/scripts/setup.php HTTP/1.0" 404 40116 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"', 'failures': 1, 'ip': '107.170.20.63', 'time': 1538059829.3500142}': Error unbanning 107.170.20.63
2018-09-27 18:05:38,100 fail2ban.actions [22024]: NOTICE [rule2] Unban 113.201.62.253
2018-09-27 18:05:38,378 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 113.201.62.253 -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2018-09-27 18:05:38,378 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 113.201.62.253 -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
2018-09-27 18:05:38,378 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 113.201.62.253 -j REJECT --reject-with icmp-port-unreachable -- returned 1
2018-09-27 18:05:38,378 fail2ban.actions [22024]: ERROR Failed to execute unban jail 'rule2' action 'iptables-multiport' info '{'matches': '113.201.62.253 - - [26/Sep/2018:22:28:06 +0300] "GET /path/scripts/setup.php HTTP/1.0" 404 40116 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"', 'failures': 1, 'ip': '113.201.62.253', 'time': 1538059829.7506356}': Error unbanning 113.201.62.253
2018-09-27 18:05:38,379 fail2ban.actions [22024]: NOTICE [rule2] Unban 182.18.144.44
2018-09-27 18:05:38,678 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 182.18.144.44 -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2018-09-27 18:05:38,679 fail2ban.action [22024]: ERROR iptables -w -D f2b-rule2 -s 182.18.144.44 -j REJECT --reject-with icmp-port-unreachable -- stderr: b'iptables: No chain/target/match by that name.\n'
Re: А fail2ban вообще работает??!
Добавил в /usr/local/vesta/data/firewall/chains.conf вот такое:
CHAIN='WEB' PORT='80,443' PROTOCOL='TCP'
и вроде завелось-забанилось.
Верно поступил?
PS. По поводу "Trying to restore a sane environment" в логе файл2бана нашел такое решение: https://blog.laimbock.com/2013/01/11/fa ... nt-page-1/
CHAIN='WEB' PORT='80,443' PROTOCOL='TCP'
и вроде завелось-забанилось.
Верно поступил?
PS. По поводу "Trying to restore a sane environment" в логе файл2бана нашел такое решение: https://blog.laimbock.com/2013/01/11/fa ... nt-page-1/