Re: [Fail2ban-users] Error of "Failed to execute ban jail"

Yusui Tomikawa Sun, 26 Nov 2017 08:30:06 -0800

Hello,

> Post your jail config section for [recidive] and your 'iptables-allports'
action.


[recidive] section are as follows and I could not find configuration for
'iptables-allports'... Where is it?

[recidive]

logpath  = /var/log/fail2ban.log
banaction = iptables-allports
bantime  = 1209600  ; 2 weeks
findtime = 604800  ; 1 week
maxretry = 3


# Generic filter for PAM. Has to be used with action which bans all
# ports such as iptables-allports, shorewall

> Is XX.XX.XX.XX in
> 2017-11-16 07:59:07,449 fail2ban.actions        [641]: NOTICE  [recidive]
Ban XX.XX.XX.XX
> an obfuscated public IP address?

Yes. XX.XX.XX.XX is a public IP address which should be blocked.

> Why are your log file entries out of order?

Fail2ban.log seems to be in order like this but log entries are not in
order with unknown reason...

2017-11-14 20:18:36,788 fail2ban.filter         [641]: INFO    [sshd] Found
XX.XX.XX.XX
2017-11-14 20:18:36,797 fail2ban.filter         [641]: INFO    [sshd] Found
XX.XX.XX.XX
2017-11-14 20:18:36,809 fail2ban.filter         [641]: INFO
[pam-generic] Found XX.XX.XX.XX
2017-11-14 20:18:38,902 fail2ban.filter         [641]: INFO    [sshd] Found
XX.XX.XX.XX
2017-11-14 20:18:40,981 fail2ban.filter         [641]: INFO    [sshd] Found
XX.XX.XX.XX
2017-11-14 20:18:42,979 fail2ban.filter         [641]: INFO    [sshd] Found
XX.XX.XX.XX
2017-11-14 20:18:43,887 fail2ban.actions        [641]: NOTICE  [sshd] Ban
XX.XX.XX.XX
2017-11-14 20:18:43,889 fail2ban.filter         [641]: INFO    [recidive]
Found XX.XX.XX.XX
2017-11-14 20:18:44,111 fail2ban.actions        [641]: ERROR   Failed to
execute ban jail 'sshd' action 'iptables-multiport' info
'CallingMap({'time': 1510690723.8871074, 'matches': 'Nov 14 20:18:36 okapi
sshd[27019]: Invalid user belltcg from XX.XX.XX.XX\nNov 14 20:18:36 okapi
sshd[27019]: pam_unix(sshd:auth): authentication failure; logname= uid=0
euid=0 tty=ssh ruser= rhost=XX.XX.XX.XX\nNov 14 20:18:38 okapi sshd[27019]:
Failed password for invalid user belltcg from XX.XX.XX.XX port 47689
ssh2\nNov 14 20:18:40 okapi sshd[27019]: Failed password for invalid user
belltcg from XX.XX.XX.XX port 47689 ssh2\nNov 14 20:18:42 okapi
sshd[27019]: Failed password for invalid user belltcg from 104.236.129.6
port 47689 ssh2', 'ipfailures': <function
Actions.__checkBan.<locals>.<lambda> at 0x7fa01e843840>, 'ipjailfailures':
<function Actions.__checkBan.<locals>.<lambda> at 0x7fa01e843f28>,
'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at
0x7fa01e843b70>, 'failures': 5, 'ipjailmatches': <function
Actions.__checkBan.<locals>.<lambda> at 0x7fa01e8436a8>, 'ip':
'XX.XX.XX.XX'})': Error stopping action
2017-11-15 20:18:43,929 fail2ban.actions        [641]: NOTICE  [sshd] Unban
XX.XX.XX.XX
2017-11-15 20:18:44,156 fail2ban.actions        [641]: ERROR   Failed to
execute unban jail 'sshd' action 'iptables-multiport' info '{'time':
1510690723.8871074, 'failures': 5, 'matches': 'Nov 14 20:18:36 okapi
sshd[27019]: Invalid user belltcg from XX.XX.XX.XXNov 14 20:18:36 okapi
sshd[27019]: pam_unix(sshd:auth): authentication failure; logname= uid=0
euid=0 tty=ssh ruser= rhost=XX.XX.XX.XXNov 14 20:18:38 okapi sshd[27019]:
Failed password for invalid user belltcg from XX.XX.XX.XX port 47689
ssh2Nov 14 20:18:40 okapi sshd[27019]: Failed password for invalid user
belltcg from XX.XX.XX.XX port 47689 ssh2Nov 14 20:18:42 okapi sshd[27019]:
Failed password for invalid user belltcg from XX.XX.XX.XX port 47689 ssh2',
'ip': 'XX.XX.XX.XX'}': Error stopping action
2017-11-16 07:59:01,109 fail2ban.filter         [641]: INFO    [sshd] Found
XX.XX.XX.XX
2017-11-16 07:59:01,114 fail2ban.filter         [641]: INFO    [sshd] Found
XX.XX.XX.XX
2017-11-16 07:59:01,115 fail2ban.filter         [641]: INFO
[pam-generic] Found XX.XX.XX.XX
2017-11-16 07:59:03,066 fail2ban.filter         [641]: INFO    [sshd] Found
XX.XX.XX.XX
2017-11-16 07:59:05,012 fail2ban.filter         [641]: INFO    [sshd] Found
XX.XX.XX.XX
2017-11-16 07:59:06,918 fail2ban.filter         [641]: INFO    [sshd] Found
XX.XX.XX.XX
2017-11-16 07:59:06,944 fail2ban.actions        [641]: NOTICE  [sshd] Ban
XX.XX.XX.XX
2017-11-16 07:59:06,949 fail2ban.filter         [641]: INFO    [recidive]
Found XX.XX.XX.XX
2017-11-16 07:59:07,165 fail2ban.actions        [641]: ERROR   Failed to
execute ban jail 'sshd' action 'iptables-multiport' info
'CallingMap({'time': 1510819146.9440994, 'matches': 'Nov 16 07:59:01 okapi
sshd[3714]: Invalid user admin from XX.XX.XX.XX\nNov 16 07:59:01 okapi
sshd[3714]: pam_unix(sshd:auth): authentication failure; logname= uid=0
euid=0 tty=ssh ruser= rhost=XX.XX.XX.XX\nNov 16 07:59:03 okapi sshd[3714]:
Failed password for invalid user admin from XX.XX.XX.XX port 43794
ssh2\nNov 16 07:59:05 okapi sshd[3714]: Failed password for invalid user
admin from XX.XX.XX.XX port 43794 ssh2\nNov 16 07:59:06 okapi sshd[3714]:
Failed password for invalid user admin from XX.XX.XX.XX port 43794 ssh2',
'ipfailures': <function Actions.__checkBan.<locals>.<lambda> at
0x7fa01c6b79d8>, 'ipjailfailures': <function
Actions.__checkBan.<locals>.<lambda> at 0x7fa01c6b7488>, 'ipmatches':
<function Actions.__checkBan.<locals>.<lambda> at 0x7fa01c6b76a8>,
'failures': 5, 'ipjailmatches': <function
Actions.__checkBan.<locals>.<lambda> at 0x7fa01c6b7950>, 'ip':
'XX.XX.XX.XX'})': Error stopping action
2017-11-16 07:59:07,449 fail2ban.actions        [641]: NOTICE  [recidive]
Ban XX.XX.XX.XX
2017-11-16 07:59:07,671 fail2ban.actions        [641]: ERROR   Failed to
execute ban jail 'recidive' action 'iptables-allports' info
'CallingMap({'time': 1510819147.4490871, 'matches': '2017-11-12
03:23:00,898 fail2ban.actions        [641]: NOTICE  [sshd] Ban
XX.XX.XX.XX\n2017-11-14 20:18:43,887 fail2ban.actions        [641]: NOTICE
[sshd] Ban XX.XX.XX.XX\n2017-11-16 07:59:06,944 fail2ban.actions
[641]: NOTICE  [sshd] Ban XX.XX.XX.XX', 'ipfailures': <function
Actions.__checkBan.<locals>.<lambda> at 0x7fa01c6b7488>, 'ipjailfailures':
<function Actions.__checkBan.<locals>.<lambda> at 0x7fa01c6b79d8>,
'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at
0x7fa01c6b7950>, 'failures': 3, 'ipjailmatches': <function
Actions.__checkBan.<locals>.<lambda> at 0x7fa01c6b76a8>, 'ip':
'XX.XX.XX.XX'})': Error stopping action
2017-11-17 07:59:07,179 fail2ban.actions        [641]: NOTICE  [sshd] Unban
XX.XX.XX.XX
2017-11-17 07:59:07,406 fail2ban.actions        [641]: ERROR   Failed to
execute unban jail 'sshd' action 'iptables-multiport' info '{'time':
1510819146.9440994, 'failures': 5, 'matches': 'Nov 16 07:59:01 okapi
sshd[3714]: Invalid user admin from XX.XX.XX.XXNov 16 07:59:01 okapi
sshd[3714]: pam_unix(sshd:auth): authentication failure; logname= uid=0
euid=0 tty=ssh ruser= rhost=XX.XX.XX.XXNov 16 07:59:03 okapi sshd[3714]:
Failed password for invalid user admin from XX.XX.XX.XX port 43794 ssh2Nov
16 07:59:05 okapi sshd[3714]: Failed password for invalid user admin from
XX.XX.XX.XX port 43794 ssh2Nov 16 07:59:06 okapi sshd[3714]: Failed
password for invalid user admin from XX.XX.XX.XX port 43794 ssh2', 'ip':
'XX.XX.XX.XX'}': Error stopping action

2017-11-27 0:37 GMT+09:00 Bill Shirley <[email protected]>:

> Post your jail config section for [recidive] and your 'iptables-allports'
> action.
>
> Is XX.XX.XX.XX in
> 2017-11-16 07:59:07,449 fail2ban.actions        [641]: NOTICE  [recidive]
> Ban XX.XX.XX.XX
> an obfuscated public IP address?
>
> Why are your log file entries out of order?
>
> Bill
>
>
> On 11/26/2017 8:54 AM, Smart Goldman wrote:
>
> Hello.
>
> I often got fail2ban's error mails like this:
>
> 2017-11-16 07:59:07,449 fail2ban.actions        [641]: NOTICE  [recidive]
> Ban XX.XX.XX.XX
> 2017-11-16 07:59:07,671 fail2ban.actions        [641]: ERROR   Failed to
> execute ban jail 'recidive' action 'iptables-allports' info
> 'CallingMap({'time': 1510819147.4490871, 'matches': '2017-11-12
> 03:23:00,898 fail2ban.actions        [641]: NOTICE  [sshd] Ban XX.XX.XX.XX
> 2017-11-14 20:18:43,887 fail2ban.actions        [641]: NOTICE  [sshd] Ban
> XX.XX.XX.XX
> 2017-11-16 07:59:06,944 fail2ban.actions        [641]: NOTICE  [sshd] Ban
> XX.XX.XX.XX', 'ipfailures': <function Actions.__checkBan.<locals>.<lambda>
> at 0x7fa01c6b7488>, 'ipjailfailures': <function
> Actions.__checkBan.<locals>.<lambda> at 0x7fa01c6b79d8>, 'ipmatches':
> <function Actions.__checkBan.<locals>.<lambda> at 0x7fa01c6b7950>,
> 'failures': 3, 'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda>
> at 0x7fa01c6b76a8>, 'ip': 'XX.XX.XX.XX'})': Error stopping action
>
> It means failure of IP ban?
> How can I fix this error?
>
> OS: Ubuntu 16.04 LTS
>
> Thank you.
>
> Yusui
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> Fail2ban-users mailing 
> [email protected]https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Re: [Fail2ban-users] Error of "Failed to execute ban jail"

Reply via email to