LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   fail2ban error messages at startup (http://www.linuxquestions.org/questions/linux-software-2/fail2ban-error-messages-at-startup-625695/)

pwc101 03-04-2008 03:31 PM

fail2ban error messages at startup
 
I've set up fail2ban on my machine, and tested it by ssh-ing in to work and then back at home with an incorrect password, and iptables gets updated as expected.

The only thing that's bothering me is when I start fail2ban, I get the following errors:
Quote:

WARNING Wrong value for 'bantime' in 'named-refused-tcp'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'ssh-iptables'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'ssh-ipfw'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'named-refused-udp'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'ssh-tcpwrapper'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'apache-tcpwrapper'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'apache-shorewall'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'proftpd-iptables'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'sasl-iptables'. Using default one: '600'
Since it's working, I'm not too worried, but I'd like to be able to get rid of these messages. I've had a look in the /etc/fail2ban/jail.conf, and I have only the ssh-iptables enabled (since that's the only service I have running), so I don't know where all these error messages are coming from.

Any thoughts would be welcome.

Poetics 03-05-2008 11:53 AM

Do you have the 'bantime' variable set? It sounds silly but on the default configuration I don't believe it's implemented. I only have one instance of the variable (in [DEFAULT]), though I'm using it for mail, Apache, et cetera.

pwc101 03-06-2008 04:28 AM

Here is the relevant section from my /etc/fail2ban/jail.conf file:
Code:

# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 611 $
#

# The DEFAULT allows a global definition of the options. They can be override
# in each jail afterwards.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1 192.168.1.1 192.168.1.254

# "bantime" is the number of seconds that a host is banned.
bantime = 43200 # set to negative number for permanent ban

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin:  requires Gamin (a file alteration monitor) to be installed. If Gamin
#          is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto:    will choose Gamin if available and polling otherwise.
backend = auto

# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.

[ssh-iptables]

enabled  = true
filter  = sshd
action  = iptables[name=SSH, port=ssh, protocol=tcp]
          sendmail-whois[name=SSH, dest=root@localhost, sender=fail2ban@mail.com
]
logpath  = /var/log/messages
maxretry = 3

I increased the bantime to 12 hours, but I don't think that's the problem.

I've tried commenting out all the other filters in jail.conf, but that just results in an error message for just the sshd filter:
Code:

WARNING Wrong value for 'bantime' in 'ssh-iptables'. Using default one: '600'
I tried creating a jail.local with a changed value of bantime, but it didn't make any difference.

As a temporary fix, I've added this to my startup scripts:
Code:

# load fail2ban
echo -n "Starting fail2ban... "
/usr/bin/fail2ban-client start
/usr/bin/fail2ban-client set ssh-iptables bantime 43200
echo "Done."

It manually changes the bantime to 12 hours. It's a bit of a fudge, but it seems to work. I'm still a little puzzled as to why it seems to be ignoring the .conf files...

Calimo 07-05-2010 07:00 AM

I know I'm late, but I went through the same issue just today.

It looks like you are not allowed to put comments after the value. Thus,
Code:

bantime = 43200 # set to negative number for permanent ban
should be modified as
Code:

bantime = 43200
# set to negative number for permanent ban

At least that worked for me. Hope it can be useful to others!


All times are GMT -5. The time now is 01:48 PM.