0

Here is my jail.local rule for ssh:

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
logpath  = /var/log/messages
maxretry = 5

Here is what my log is producing with BAN

2015-04-23 07:07:49,823 fail2ban.actions[27564]: WARNING [ssh-tcpwrapper] Ban xx.xx.xxx.xxx
2015-04-23 07:07:50,721 fail2ban.actions[27564]: WARNING [ssh-iptables] Ban xx.xx.xxx.xxx
2015-04-23 07:07:50,729 fail2ban.actions.action[27564]: ERROR   iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]' returned 100
2015-04-23 07:07:50,730 fail2ban.actions.action[27564]: ERROR   Invariant check failed. Trying to restore a sane environment
2015-04-23 07:07:50,738 fail2ban.actions.action[27564]: ERROR   iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100

now i'm also getting this as well with UNBAN:

2015-04-23 16:18:48,828 fail2ban.actions[27564]: WARNING [ssh-tcpwrapper] Unban xx.xx.xxx.xxx
2015-04-23 16:18:48,835 fail2ban.actions.action[27564]: ERROR   echo "/^sshd: xx.xx.xxx.xxx$/
d
w
q" | ed /etc/hosts.deny returned 7f00
2015-04-23 16:18:48,836 fail2ban.actions.action[27564]: INFO    HINT on 7f00: "Command not found".  Make sure that all commands in 'echo "/^sshd: xx.xx.xxx.xxx$/\nd\nw\nq" | ed /etc/hosts.deny' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals.
2015-04-23 16:19:04,847 fail2ban.actions[27564]: WARNING [ssh-iptables] Unban xx.xx.xxx.xxx
2015-04-23 16:19:04,855 fail2ban.actions.action[27564]: ERROR   iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]' returned 100
2015-04-23 16:19:04,855 fail2ban.actions.action[27564]: ERROR   Invariant check failed. Trying to restore a sane environment
2015-04-23 16:19:04,863 fail2ban.actions.action[27564]: ERROR   iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100

This is occurring on OpenSuse 13.2 with a relatively untouched fail2ban installation. I'm more of a Centos guy and I'm used to things like this just working out of the box for me. Don't really know where to go with these errors, spent a few hours googling and looking through stack but nothing really solid was available for a solution except for "remove and re-install".

My best guess is that it's an environment issue, and that the fail2ban service is unable to issue the command and/or somehow the command is malformed, but I don't know exactly where to go to fix that.

tremor
  • 143
  • 1
  • 10
  • Have you already tried the check in the HINT line? – dawud Jul 06 '15 at 15:41
  • the only commands in the HINT line appear to be "echo & ed" which both are /usr/bin/, doing "grep -a PATH= /proc/`pidof -x fail2ban-server`/environ" returns "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binLANG=POSIXFAIL2BAN_OPTIONS=", so unless I'm missing something, that should be correct. i haven't tried starting fail2ban in a separate terminal yet, i'll try that after lunch. – tremor Jul 06 '15 at 16:10
  • Could you please post the full contents of `jail.conf`, eventually `jail.local` and the used files in `filter.d`. – sebix Jul 07 '15 at 19:59
  • did you solve this issue? – BvuRVKyUVlViVIc7 Sep 05 '16 at 10:05
  • No, in fact I forgot all about this, checked the logs and i'm still getting it. – tremor Sep 07 '16 at 02:36

0 Answers0