Ubuntu :: Fail2ban Bug - Jails Can't Start In IPTables
May 10, 2010
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a wholeload of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a whole load of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
I have been trying for days now to get this to work. didn't want to bother people with my questions, i have installed Fail2Ban 0.8.4 on CentOS 5.4.
I get the email notifications from Fail2Ban stating that it just blocked another IP, however, when i look at the iptables through webmin, nothing is actually in there, also the log/secure file dose not show that the ip has been blocked.
Even when I try to log-in with the wrong password, after a few tries i get the email telling me that my ip is blocked, however, I can still SSH using my 'blocked' IP.
I am trying to make start an iptables.cf script on my server.
I have copied it into /etc/init.d/ And try to make it load with /etc/init.d/iptables.cf start Then "not permission" (I was the root then). So, sudo /etc/init.d/iptables.cf start Then, "command not found".
I'm a linux noob, only know about enough to be dangerous...I am trying to get my Fedora Core firewall to work - I actually didn't know it wasn't until I started poking around in the GUI (I use both CLI and GUI) - so I used the CLI to try and start it and got the following:
[root@linuxbox ~]# service iptables start Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ]
I installed fail2ban from the Ubuntu Software Center (Ubuntu 10.10) and everything seemed to go fine. But when I try to access the client I get this output:
Code: wolfgang@Culture:/var/log$ fail2ban-client status ERROR Unable to contact server. Is it running?
I have CentOS 5.2 just installed and massively updated with yum -update command. Than I tried to configure firewall. After changes via system_config_securitylevel_tui (open ssh, http, ftp, and 3306:TCP ports) iptables service can't start with message
> /sbin/service iptables start Flushing firewall rules: [OK] Setting chains to policy ACCEPT: mangle filter nat [OK] Unloading iptables modules: [OK] Applying iptables firewall rules: iptables-restore v1.3.5: Couldn't load match `TCP':/lib64/iptables/libipt_TCP.so: cannot open shared object file: No such file or directory Error occurred at line: 18 Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FAILED]
I erased the iptables service and installed it again with yum. How can I make this service work?
I'm trying to implement this method to block php injection attack using fail2ban: here it is, however I'm not sure it applies to Ubuntu. You see, there's this filter that must be added to the fail2ban jail file:
HTML Code: [php-url-fopen] enabled = true port = http,https filter = php-url-fopen
I'm trying to use a technique suggested by a fella at this website....
[URL]
He suggests adding an echo line to the actionban line in order to create or add to a file that will contain a list of all the IP's that fail2ban has banned.....but it doesn't seem to generate any output. .....here is the command.....
i have fail2ban on server but everytime fail2ban conducts a log rotation it unbans all the banned IP's. I have ip's to be banned for a week whenever a log rotation happens or i restart fail2ban i dont want all the ip's released! I was thinking there was a script or patch that would fix this but i have come up short.
I've had fail2ban setup for awhile for my SSH server, and that works beautifully (I had someone I knew attempt to access it and get banned) however I then tried to set it up to ban people scanning my webserver for lots of other pages which dont exist (and have never been linked to) such as phpMyAdmin.
In my jail.conf I have:
Code:
However Looking at this I realise I need to edit the filter.d/apache-error.conf
I'm not sure exactly how to setup the regex to ban the correct hosts
I am having issues getting yum to work with the repos for fail2ban and denyhosts. I followed the centos link on installing/cfg repos. However every time i run yum install fail2ban or denyhosts it does not find the software. I read in several google searches that I should be able to install it using yum. Is that info wrong? These are the link I was s reading too from centos. [URL]. I know I can download the rpm or a tar file but I would like to keep it in sync with yum if possible. May be I have the wrong repo? CentOSPlus is enabled also.
i am currently trying to install vsFTP onto my new linux server and btw i just started using linux today this is my first time using linux so i got the ftp installed good it got downloaded and everything then i went to open a port for my server for vsFTP i used this comand to open it "-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT" then i closed it by pressing ESC then :wq! and it brought me back to my comand line again so now when i try to start the ip table thing with the comand "service iptables start" then when i execute that comand putty respondes with this "Applying iptables firewall rules: iptables-restore: line 1 failed [FAILED]"
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash # Script to check important ports on remote webserver # Copyright (c) 2009 blogama.org # This script is licensed under GNU GPL version 2.0 or above
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh ' not found.4.4: host/network `127.0.0.1 Try `iptables -h' or 'iptables --help' for more information. ' not found.4.4: host/network `192.168.1.8
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
I've tried iptables save, iptables-save and iptables save active.
"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.
Im trying to run synergy on startup. This works fine on the client, but it wont start automatically on the server. I put this line in an entry in startup applications:
I did a clean install of Ubuntu 11.04 64bit and the start up time is abnormally slow. If I start up the computer and don't press anything, the start up time is 30 minutes but it usually doesn't start up at all. It just boots into a purple screen, no splash, then it sits there and the computer doesn't have any loading lights flashing.
I had a similar problem with 10.10, but I assumed it would go away when I did a clean install of 11.04.
I can't get a read out of what's going wrong because when I press Esc it doesn't display anything, though weirdly it can sometimes get the start up process moving. I have also found that pressing enter really fast can sometimes help and something that seems completely oxymoronic, if I press the power button while it's starting up that can make it work, but nothing works every time.
I have a mysql database and i use it with apache for my webpages. And I guess it dosen't start when the computer starts so I have to manually start it with "sudo /etc/init.d/mysql start" This returns fail so i went to '/var/run/mysqld/' and the folder was empty. I don't know if this is the problem or not. How can I fix this?