LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-04-2008, 03:31 PM   #1
pwc101
Senior Member
 
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847

Rep: Reputation: 128Reputation: 128
fail2ban error messages at startup


I've set up fail2ban on my machine, and tested it by ssh-ing in to work and then back at home with an incorrect password, and iptables gets updated as expected.

The only thing that's bothering me is when I start fail2ban, I get the following errors:
Quote:
WARNING Wrong value for 'bantime' in 'named-refused-tcp'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'ssh-iptables'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'ssh-ipfw'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'named-refused-udp'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'ssh-tcpwrapper'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'apache-tcpwrapper'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'apache-shorewall'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'proftpd-iptables'. Using default one: '600'
WARNING Wrong value for 'bantime' in 'sasl-iptables'. Using default one: '600'
Since it's working, I'm not too worried, but I'd like to be able to get rid of these messages. I've had a look in the /etc/fail2ban/jail.conf, and I have only the ssh-iptables enabled (since that's the only service I have running), so I don't know where all these error messages are coming from.

Any thoughts would be welcome.
 
Old 03-05-2008, 11:53 AM   #2
Poetics
Senior Member
 
Registered: Jun 2003
Location: California
Distribution: Slackware
Posts: 1,181

Rep: Reputation: 49
Do you have the 'bantime' variable set? It sounds silly but on the default configuration I don't believe it's implemented. I only have one instance of the variable (in [DEFAULT]), though I'm using it for mail, Apache, et cetera.
 
Old 03-06-2008, 04:28 AM   #3
pwc101
Senior Member
 
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847

Original Poster
Rep: Reputation: 128Reputation: 128
Here is the relevant section from my /etc/fail2ban/jail.conf file:
Code:
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 611 $
#

# The DEFAULT allows a global definition of the options. They can be override
# in each jail afterwards.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1 192.168.1.1 192.168.1.254

# "bantime" is the number of seconds that a host is banned.
bantime = 43200 # set to negative number for permanent ban

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
#          is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto:    will choose Gamin if available and polling otherwise.
backend = auto

# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root@localhost, sender=fail2ban@mail.com
]
logpath  = /var/log/messages
maxretry = 3
I increased the bantime to 12 hours, but I don't think that's the problem.

I've tried commenting out all the other filters in jail.conf, but that just results in an error message for just the sshd filter:
Code:
WARNING Wrong value for 'bantime' in 'ssh-iptables'. Using default one: '600'
I tried creating a jail.local with a changed value of bantime, but it didn't make any difference.

As a temporary fix, I've added this to my startup scripts:
Code:
# load fail2ban
echo -n "Starting fail2ban... "
/usr/bin/fail2ban-client start
/usr/bin/fail2ban-client set ssh-iptables bantime 43200
echo "Done."
It manually changes the bantime to 12 hours. It's a bit of a fudge, but it seems to work. I'm still a little puzzled as to why it seems to be ignoring the .conf files...
 
Old 07-05-2010, 07:00 AM   #4
Calimo
LQ Newbie
 
Registered: Jul 2010
Posts: 1

Rep: Reputation: 0
I know I'm late, but I went through the same issue just today.

It looks like you are not allowed to put comments after the value. Thus,
Code:
bantime = 43200 # set to negative number for permanent ban
should be modified as
Code:
bantime = 43200
# set to negative number for permanent ban
At least that worked for me. Hope it can be useful to others!
 
  


Reply

Tags
security, server


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban sshd startup notification pobbz Linux - Software 0 11-22-2007 03:36 AM
vncserver startup error messages in log keimdf Linux - Software 7 08-22-2007 08:56 PM
ERROR MESSAGES by startup from DEBIAN SARGE cccc Debian 5 06-29-2005 05:24 AM
Tocat 5 startup.sh crashes console, no error messages BeerMonster Linux - Software 1 08-07-2004 02:48 PM
Error Messages at startup of KDE Kevin1290X KTPX Linux - Software 0 07-05-2004 02:52 PM


All times are GMT -5. The time now is 12:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration