Centos 7 + Fail2ban problem

[Rodrigo]

Hello guys,

The fail2ban doesn't work with centos 7 ?

[root@webserver03 fail2ban]# tailf /var/log/vsftpd.log
Fri Nov 13 16:57:08 2015 [pid 32431] [webmaster] FAIL LOGIN: Client "74.63.245.249"
Fri Nov 13 16:57:09 2015 [pid 32434] CONNECT: Client "74.63.245.249"
Fri Nov 13 16:57:11 2015 [pid 32433] [webmaster] FAIL LOGIN: Client "74.63.245.249"
Fri Nov 13 16:57:13 2015 [pid 32436] CONNECT: Client "74.63.245.249"
Fri Nov 13 16:57:15 2015 [pid 32435] [webmaster] FAIL LOGIN: Client "74.63.245.249"
Fri Nov 13 16:57:16 2015 [pid 32439] CONNECT: Client "74.63.245.249"
Fri Nov 13 16:57:18 2015 [pid 32438] [webmaster] FAIL LOGIN: Client "74.63.245.249"
Fri Nov 13 16:57:20 2015 [pid 32442] CONNECT: Client "74.63.245.249"
Fri Nov 13 16:57:21 2015 [pid 32441] [webmaster] FAIL LOGIN: Client "74.63.245.249"
Fri Nov 13 16:57:23 2015 [pid 32445] CONNECT: Client "74.63.245.249"
Fri Nov 13 16:57:25 2015 [pid 32444] [webmaster] FAIL LOGIN: Client "74.63.245.249"
Fri Nov 13 16:57:27 2015 [pid 32448] CONNECT: Client "74.63.245.249"
Fri Nov 13 16:57:29 2015 [pid 32447] [webmaster] FAIL LOGIN: Client "74.63.245.249"
Fri Nov 13 16:57:30 2015 [pid 32450] CONNECT: Client "74.63.245.249"
Fri Nov 13 16:57:32 2015 [pid 32449] [webmaster] FAIL LOGIN: Client "74.63.245.249"
Fri Nov 13 16:57:34 2015 [pid 32453] CONNECT: Client "74.63.245.249"
^C
[root@webserver03 fail2ban]# systemctl status iptables
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
Active: active (exited) since Thu 2015-11-12 20:52:29 UTC; 20h ago
Main PID: 6376 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service

[root@webserver03 fail2ban]# systemctl status fail2ban
fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled)
Active: active (running) since Wed 2015-11-11 20:43:54 UTC; 1 day 20h ago
Docs: man:fail2ban(1)
Main PID: 1144 (fail2ban-server)
CGroup: /system.slice/fail2ban.service
└─1144 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b

[root@webserver03 fail2ban]# iptables -nL
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- 172.16.112.214 0.0.0.0/0 multiport dports 6050:6051
ACCEPT udp -- 172.16.112.213 0.0.0.0/0 multiport dports 6050:6051
ACCEPT tcp -- 172.16.112.213 0.0.0.0/0 multiport dports 6050:6051
ACCEPT tcp -- 172.16.112.214 0.0.0.0/0 multiport dports 6050:6051
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 21,12000:12100
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,2525
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 110,995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 143,993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 3306,5432
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 172.16.112.15 0.0.0.0/0
ACCEPT all -- 127.0.0.1 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:25
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:110
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:123
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:5432
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8080
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8433
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8083
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:12000:12100
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain vesta (0 references)
target prot opt source destination
[root@webserver03 fail2ban]#


[root@webserver03 fail2ban]# cat /var/log/fail2ban.log
2015-11-11 19:37:15,272 fail2ban.server [13047]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.3
2015-11-11 19:37:15,274 fail2ban.database [13047]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2015-11-11 19:37:15,988 fail2ban.database [13047]: WARNING New database created. Version '2'
2015-11-11 19:41:57,051 fail2ban.server [13047]: INFO Stopping all jails
2015-11-11 19:41:57,054 fail2ban.server [13047]: INFO Exiting Fail2ban
2015-11-11 19:42:32,795 fail2ban.server [1379]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.3
2015-11-11 19:42:32,830 fail2ban.database [1379]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2015-11-11 19:47:38,964 fail2ban.server [1379]: INFO Stopping all jails
2015-11-11 19:47:38,966 fail2ban.server [1379]: INFO Exiting Fail2ban
2015-11-11 19:52:45,943 fail2ban.server [3534]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.3
2015-11-11 19:52:45,944 fail2ban.database [3534]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2015-11-11 20:41:43,069 fail2ban.server [3534]: INFO Stopping all jails
2015-11-11 20:41:43,073 fail2ban.server [3534]: INFO Exiting Fail2ban
2015-11-11 20:42:04,898 fail2ban.server [1137]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.3
2015-11-11 20:42:04,905 fail2ban.database [1137]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2015-11-11 20:43:36,341 fail2ban.server [1137]: INFO Stopping all jails
2015-11-11 20:43:36,344 fail2ban.server [1137]: INFO Exiting Fail2ban
2015-11-11 20:43:54,579 fail2ban.server [1144]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.3
2015-11-11 20:43:54,596 fail2ban.database [1144]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2015-11-13 00:18:11,169 fail2ban.transmitter [1144]: WARNING Command ['status', 'sshd'] has failed. Received UnknownJailException('sshd',)
[root@webserver03 fail2ban]#

[Rodrigo]

Any Ideas ?

[imperio]

Hi,
Please add this bug in our bug tracker. We will check it
https://bugs.vestacp.com/

[Rodrigo]

Thank you Imperio. I added the bug !

[skurudo]

Thank you Imperio. I added the bug !

Rodrigo, can you give a link?

[Rodrigo]

Sure !
https://bugs.vestacp.com/responses/cent ... oesnt-work

[imperio]

This problem already confirmed

[taliptako]

I'm using Centos 7 with Vestacp not fail2ban not working and someone trying to attack my server.When i logged ssh 863 bad login attemp befor me.
What i can do to fix ? They can login to ssh without this protection.I need fastly help.

Thank you..

[lordcris]

On Centos 7 I had to install the package fail2ban-systemd
then I followed these steps:
https://vestacp.com/docs/#how-to-instal ... hel-centos

and everything worked fine after that.

[taliptako]

On Centos 7 I had to install the package fail2ban-systemd
then I followed these steps:
https://vestacp.com/docs/#how-to-instal ... hel-centos

and everything worked fine after that.

I do that things.How can i test now ?
And my memory usage shows false information.