LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (http://www.linuxquestions.org/questions/debian-26/)
-   -   Fail2ban fresh install doesn't work (http://www.linuxquestions.org/questions/debian-26/fail2ban-fresh-install-doesnt-work-918162/)

Bono 12-11-2011 08:42 AM

Fail2ban fresh install doesn't work
 
Hello, I installed on debian fresh version of fail2ban and it seems it doesn't work.

Debian 6.0
fail2ban version: 0.8.4-3

When I try to start fail2ban I get this error msg:

Code:

2011-12-11 14:33:40,692 fail2ban.server : INFO  Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2011-12-11 14:33:40,693 fail2ban.jail  : INFO  Creating new jail 'ssh'
2011-12-11 14:33:40,694 fail2ban.jail  : INFO  Jail 'ssh' uses poller
2011-12-11 14:33:40,712 fail2ban.filter : INFO  Added logfile = /var/log/auth.log
2011-12-11 14:33:40,713 fail2ban.filter : INFO  Set maxRetry = 6
2011-12-11 14:33:40,715 fail2ban.filter : INFO  Set findtime = 600
2011-12-11 14:33:40,716 fail2ban.actions: INFO  Set banTime = 600
2011-12-11 14:33:40,783 fail2ban.jail  : INFO  Jail 'ssh' started
2011-12-11 14:33:40,817 fail2ban.actions.action: ERROR  iptables -N fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 100

So if fail2ban managed to catch bad IP it cannot pass it to IPTABLES.

I have tried this solutions:
http://oschgan.com/drupal/index.php?q=node/52
If I add this line fail2ban doesn't want to start.
http://www.fail2ban.org/wiki/index.p...Misc_Questions
It says add this to your startup script: PATH=$PATH:/sbin

And in startup script I already have path sbin
PATH=/usr/sbin:/usr/bin:/sbin:/bin

repo 12-11-2011 08:46 AM

Where is iptables located?
Is it in your PATH?
Code:

whereis iptables

Kind regards

Bono 12-11-2011 08:48 AM

whereis iptables
iptables: /sbin/iptables /usr/share/iptables /usr/share/man/man8/iptables.8.gz

iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-ssh
-A fail2ban-ssh -j RETURN

repo 12-11-2011 09:05 AM

Are you starting fail2ban as root?

Kind regards

Bono 12-11-2011 09:06 AM

Quote:

Originally Posted by repo (Post 4547137)
Are you starting fail2ban as root?

Kind regards

root 22272 0.0 0.5 25128 4612 ? Sl 15:04 0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock


I found solution, last answer in this url:
http://unix.stackexchange.com/questi...moved-ssh-port

I didn't move sshd from default port but that fixed my error.


All times are GMT -5. The time now is 04:21 PM.