fail2ban sudden has stop

3 posts / 0 new
Last post
#1 Sat, 09/22/2018 - 10:19
Jimmy.tam

fail2ban sudden has stop

These days, the fail2ban sudden stop. I don't know why but feel annoying. I stopped it until I can find the solution. Before that I have no such problem. OS: Centos 7 Fail2ban 0.9.7

Does anyone has the idea to solve it?

2018-09-15 01:59:15,790 fail2ban.server [1570]: INFO Stopping all jails

2018-09-15 01:59:16,404 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default

iptables -w -F f2b-default

iptables -w -X f2b-default -- stdout: ''

2018-09-15 01:59:16,405 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stderr: 'iptables: Too many links.\n'

2018-09-15 01:59:16,405 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- returned 1

2018-09-15 01:59:16,405 fail2ban.actions [1570]: ERROR Failed to stop jail 'php-url-fopen' action 'iptables-allports': Error stopping action

2018-09-15 01:59:16,745 fail2ban.jail [1570]: INFO Jail 'php-url-fopen' stopped

2018-09-15 01:59:17,169 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stdout: '' 2018-09-15 01:59:17,170 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stderr: 'iptables: Too many links.\n' 2018-09-15 01:59:17,170 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- returned 1 2018-09-15 01:59:17,170 fail2ban.actions [1570]: ERROR Failed to stop jail 'sshd' action 'iptables-allports': Error stopping action 2018-09-15 01:59:17,343 fail2ban.jail [1570]: INFO Jail 'sshd' stopped 2018-09-15 01:59:17,539 fail2ban.actions [1570]: NOTICE [postfix-sasl] Unban 5.101.40.7 2018-09-15 01:59:19,566 fail2ban.jail [1570]: INFO Jail 'postfix-sasl' stopped 2018-09-15 01:59:20,225 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stdout: '' 2018-09-15 01:59:20,225 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stderr: 'iptables: Too many links.\n' 2018-09-15 01:59:20,226 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- returned 1 2018-09-15 01:59:20,226 fail2ban.actions [1570]: ERROR Failed to stop jail 'proftpd' action 'iptables-allports': Error stopping action 2018-09-15 01:59:20,374 fail2ban.jail [1570]: INFO Jail 'proftpd' stopped 2018-09-15 01:59:20,542 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stdout: '' 2018-09-15 01:59:20,543 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stderr: 'iptables: Too many links.\n' 2018-09-15 01:59:20,544 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- returned 1 2018-09-15 01:59:20,544 fail2ban.actions [1570]: ERROR Failed to stop jail 'pass2allow-ftp' action 'iptables-allports': Error stopping action 2018-09-15 01:59:21,133 fail2ban.jail [1570]: INFO Jail 'pass2allow-ftp' stopped 2018-09-15 01:59:22,668 fail2ban.jail [1570]: INFO Jail 'ssh-ddos' stopped 2018-09-15 01:59:22,999 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stdout: '' 2018-09-15 01:59:22,999 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stderr: 'iptables: Too many links.\n' 2018-09-15 01:59:23,000 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- returned 1 2018-09-15 01:59:23,000 fail2ban.actions [1570]: ERROR Failed to stop jail 'postfix' action 'iptables-allports': Error stopping action 2018-09-15 01:59:23,144 fail2ban.jail [1570]: INFO Jail 'postfix' stopped 2018-09-15 01:59:23,764 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stdout: '' 2018-09-15 01:59:23,765 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stderr: 'iptables: Too many links.\n' 2018-09-15 01:59:23,765 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- returned 1 2018-09-15 01:59:23,766 fail2ban.actions [1570]: ERROR Failed to stop jail 'mysqld-auth' action 'iptables-allports': Error stopping action 2018-09-15 01:59:23,807 fail2ban.jail [1570]: INFO Jail 'mysqld-auth' stopped 2018-09-15 01:59:24,215 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stdout: '' 2018-09-15 01:59:24,216 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stderr: 'iptables: Too many links.\n' 2018-09-15 01:59:24,217 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- returned 1 2018-09-15 01:59:24,217 fail2ban.actions [1570]: ERROR Failed to stop jail 'webmin-auth' action 'iptables-allports': Error stopping action 2018-09-15 01:59:24,218 fail2ban.jail [1570]: INFO Jail 'webmin-auth' stopped 2018-09-15 01:59:25,192 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stdout: '' 2018-09-15 01:59:25,193 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stderr: 'iptables: Too many links.\n' 2018-09-15 01:59:25,194 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- returned 1 2018-09-15 01:59:25,194 fail2ban.actions [1570]: ERROR Failed to stop jail 'dovecot' action 'iptables-allports': Error stopping action 2018-09-15 01:59:25,195 fail2ban.jail [1570]: INFO Jail 'dovecot' stopped 2018-09-15 01:59:25,505 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stdout: '' 2018-09-15 01:59:25,506 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stderr: 'iptables: Too many links.\n' 2018-09-15 01:59:25,506 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- returned 1 2018-09-15 01:59:25,507 fail2ban.actions [1570]: ERROR Failed to stop jail 'postfix-rbl' action 'iptables-allports': Error stopping action 2018-09-15 01:59:26,146 fail2ban.jail [1570]: INFO Jail 'postfix-rbl' stopped 2018-09-15 01:59:26,653 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stdout: '' 2018-09-15 01:59:26,654 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- stderr: 'iptables: Too many links.\n' 2018-09-15 01:59:26,655 fail2ban.action [1570]: ERROR iptables -w -D INPUT -p tcp -j f2b-default iptables -w -F f2b-default iptables -w -X f2b-default -- returned 1 2018-09-15 01:59:26,655 fail2ban.actions [1570]: ERROR Failed to stop jail 'sshd-ddos' action 'iptables-allports': Error stopping action 2018-09-15 01:59:27,145 fail2ban.jail [1570]: INFO Jail 'sshd-ddos' stopped 2018-09-15 01:59:28,245 fail2ban.jail [1570]: INFO Jail 'apache-auth' stopped 2018-09-15 01:59:28,394 fail2ban.server [1570]: INFO Stopping all jails 2018-09-15 01:59:28,394 fail2ban.server [1570]: INFO Exiting Fail2ban 2018-09-15 02:08:57,887 fail2ban.server [2473]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.7 2018-09-15 02:08:57,990 fail2ban.database [2473]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2018-09-15 02:08:57,994 fail2ban.jail [2473]: INFO Creating new jail 'sshd' 2018-09-15 02:08:58,160 fail2ban.jail [2473]: INFO Jail 'sshd' uses systemd {} 2018-09-15 02:08:58,185 fail2ban.jail [2473]: INFO Initiated 'systemd' backend 2018-09-15 02:08:58,187 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,188 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,188 fail2ban.actions [2473]: INFO Set banTime = 600 2018-09-15 02:08:58,189 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,190 fail2ban.filter [2473]: INFO Set maxlines = 10 2018-09-15 02:08:58,346 fail2ban.filtersystemd [2473]: INFO Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd' 2018-09-15 02:08:58,367 fail2ban.jail [2473]: INFO Creating new jail 'sshd-ddos' 2018-09-15 02:08:58,367 fail2ban.jail [2473]: INFO Jail 'sshd-ddos' uses systemd {} 2018-09-15 02:08:58,369 fail2ban.jail [2473]: INFO Initiated 'systemd' backend 2018-09-15 02:08:58,370 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,371 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,371 fail2ban.actions [2473]: INFO Set banTime = 600 2018-09-15 02:08:58,372 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,372 fail2ban.filter [2473]: INFO Set maxlines = 10 2018-09-15 02:08:58,405 fail2ban.filtersystemd [2473]: INFO Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd' 2018-09-15 02:08:58,421 fail2ban.jail [2473]: INFO Creating new jail 'apache-auth' 2018-09-15 02:08:58,441 fail2ban.jail [2473]: INFO Jail 'apache-auth' uses poller {} 2018-09-15 02:08:58,443 fail2ban.jail [2473]: INFO Initiated 'polling' backend 2018-09-15 02:08:58,456 fail2ban.filter [2473]: INFO Added logfile = /var/log/httpd/error_log 2018-09-15 02:08:58,457 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,458 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,459 fail2ban.actions [2473]: INFO Set banTime = 600 2018-09-15 02:08:58,460 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,522 fail2ban.jail [2473]: INFO Creating new jail 'php-url-fopen' 2018-09-15 02:08:58,524 fail2ban.jail [2473]: INFO Jail 'php-url-fopen' uses poller {} 2018-09-15 02:08:58,525 fail2ban.jail [2473]: INFO Initiated 'polling' backend 2018-09-15 02:08:58,536 fail2ban.filter [2473]: INFO Added logfile = /var/log/httpd/access_log 2018-09-15 02:08:58,537 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,538 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,539 fail2ban.actions [2473]: INFO Set banTime = 600 2018-09-15 02:08:58,540 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,555 fail2ban.jail [2473]: INFO Creating new jail 'webmin-auth' 2018-09-15 02:08:58,555 fail2ban.jail [2473]: INFO Jail 'webmin-auth' uses systemd {} 2018-09-15 02:08:58,557 fail2ban.jail [2473]: INFO Initiated 'systemd' backend 2018-09-15 02:08:58,558 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,559 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,560 fail2ban.actions [2473]: INFO Set banTime = 600 2018-09-15 02:08:58,560 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,580 fail2ban.jail [2473]: INFO Creating new jail 'proftpd' 2018-09-15 02:08:58,580 fail2ban.jail [2473]: INFO Jail 'proftpd' uses systemd {} 2018-09-15 02:08:58,582 fail2ban.jail [2473]: INFO Initiated 'systemd' backend 2018-09-15 02:08:58,583 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,584 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,584 fail2ban.actions [2473]: INFO Set banTime = 600 2018-09-15 02:08:58,585 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,618 fail2ban.jail [2473]: INFO Creating new jail 'postfix' 2018-09-15 02:08:58,618 fail2ban.jail [2473]: INFO Jail 'postfix' uses systemd {} 2018-09-15 02:08:58,620 fail2ban.jail [2473]: INFO Initiated 'systemd' backend 2018-09-15 02:08:58,621 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,622 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,623 fail2ban.actions [2473]: INFO Set banTime = 1800 2018-09-15 02:08:58,625 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,668 fail2ban.filtersystemd [2473]: INFO Added journal match for: '_SYSTEMD_UNIT=postfix.service' 2018-09-15 02:08:58,682 fail2ban.jail [2473]: INFO Creating new jail 'postfix-rbl' 2018-09-15 02:08:58,682 fail2ban.jail [2473]: INFO Jail 'postfix-rbl' uses systemd {} 2018-09-15 02:08:58,684 fail2ban.jail [2473]: INFO Initiated 'systemd' backend 2018-09-15 02:08:58,685 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,686 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,686 fail2ban.actions [2473]: INFO Set banTime = 1800 2018-09-15 02:08:58,688 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,705 fail2ban.jail [2473]: INFO Creating new jail 'dovecot' 2018-09-15 02:08:58,705 fail2ban.jail [2473]: INFO Jail 'dovecot' uses systemd {} 2018-09-15 02:08:58,707 fail2ban.jail [2473]: INFO Initiated 'systemd' backend 2018-09-15 02:08:58,708 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,709 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,710 fail2ban.actions [2473]: INFO Set banTime = 600 2018-09-15 02:08:58,712 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,749 fail2ban.filtersystemd [2473]: INFO Added journal match for: '_SYSTEMD_UNIT=dovecot.service' 2018-09-15 02:08:58,762 fail2ban.jail [2473]: INFO Creating new jail 'postfix-sasl' 2018-09-15 02:08:58,762 fail2ban.jail [2473]: INFO Jail 'postfix-sasl' uses systemd {} 2018-09-15 02:08:58,786 fail2ban.jail [2473]: INFO Initiated 'systemd' backend 2018-09-15 02:08:58,788 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,788 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,789 fail2ban.actions [2473]: INFO Set banTime = 1800 2018-09-15 02:08:58,791 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,801 fail2ban.filtersystemd [2473]: INFO Added journal match for: '_SYSTEMD_UNIT=postfix.service' 2018-09-15 02:08:58,817 fail2ban.jail [2473]: INFO Creating new jail 'mysqld-auth' 2018-09-15 02:08:58,818 fail2ban.jail [2473]: INFO Jail 'mysqld-auth' uses poller {} 2018-09-15 02:08:58,819 fail2ban.jail [2473]: INFO Initiated 'polling' backend 2018-09-15 02:08:58,851 fail2ban.filter [2473]: INFO Added logfile = /var/log/mariadb/mariadb.log 2018-09-15 02:08:58,852 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,853 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,854 fail2ban.actions [2473]: INFO Set banTime = 600 2018-09-15 02:08:58,854 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,872 fail2ban.jail [2473]: INFO Creating new jail 'pass2allow-ftp' 2018-09-15 02:08:58,873 fail2ban.jail [2473]: INFO Jail 'pass2allow-ftp' uses poller {} 2018-09-15 02:08:58,875 fail2ban.jail [2473]: INFO Initiated 'polling' backend 2018-09-15 02:08:58,876 fail2ban.filter [2473]: INFO Added logfile = /var/log/httpd/access_log 2018-09-15 02:08:58,877 fail2ban.filter [2473]: INFO Set maxRetry = 1 2018-09-15 02:08:58,878 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,878 fail2ban.actions [2473]: INFO Set banTime = 3600 2018-09-15 02:08:58,879 fail2ban.filter [2473]: INFO Set findtime = 1 2018-09-15 02:08:58,895 fail2ban.jail [2473]: INFO Creating new jail 'ssh-ddos' 2018-09-15 02:08:58,896 fail2ban.jail [2473]: INFO Jail 'ssh-ddos' uses poller {} 2018-09-15 02:08:58,898 fail2ban.jail [2473]: INFO Initiated 'polling' backend 2018-09-15 02:08:58,899 fail2ban.filter [2473]: INFO Set maxRetry = 5 2018-09-15 02:08:58,900 fail2ban.filter [2473]: INFO Set jail log file encoding to UTF-8 2018-09-15 02:08:58,901 fail2ban.filter [2473]: INFO Set findtime = 600 2018-09-15 02:08:58,901 fail2ban.actions [2473]: INFO Set banTime = 600 2018-09-15 02:08:58,901 fail2ban.filter [2473]: INFO Set maxlines = 10 2018-09-15 02:08:58,928 fail2ban.server [2473]: INFO Jail ssh-ddos is not a JournalFilter instance 2018-09-15 02:08:58,958 fail2ban.jail [2473]: INFO Jail 'sshd' started 2018-09-15 02:08:58,963 fail2ban.jail [2473]: INFO Jail 'sshd-ddos' started 2018-09-15 02:08:58,966 fail2ban.jail [2473]: INFO Jail 'apache-auth' started 2018-09-15 02:08:58,979 fail2ban.jail [2473]: INFO Jail 'php-url-fopen' started 2018-09-15 02:08:58,980 fail2ban.filtersystemd [2473]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons. 2018-09-15 02:08:58,983 fail2ban.jail [2473]: INFO Jail 'webmin-auth' started 2018-09-15 02:08:58,986 fail2ban.filtersystemd [2473]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons. 2018-09-15 02:08:58,991 fail2ban.jail [2473]: INFO Jail 'proftpd' started 2018-09-15 02:08:58,997 fail2ban.jail [2473]: INFO Jail 'postfix' started 2018-09-15 02:08:59,012 fail2ban.filtersystemd [2473]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons. 2018-09-15 02:08:59,019 fail2ban.jail [2473]: INFO Jail 'postfix-rbl' started 2018-09-15 02:08:59,072 fail2ban.jail [2473]: INFO Jail 'dovecot' started 2018-09-15 02:08:59,163 fail2ban.jail [2473]: INFO Jail 'postfix-sasl' started 2018-09-15 02:08:59,203 fail2ban.jail [2473]: INFO Jail 'mysqld-auth' started 2018-09-15 02:08:59,251 fail2ban.jail [2473]: INFO Jail 'pass2allow-ftp' started 2018-09-15 02:08:59,316 fail2ban.jail [2473]: INFO Jail 'ssh-ddos' started

Sun, 09/23/2018 - 09:19
Jimmy.tam

I add the fail2ban with a name on each entry. Hope it can solve the problem.

Tue, 09/25/2018 - 07:48
Jimmy.tam

The solving method, disable all jails. and stop the fail2ban. Then enable as little of jail as possible. Such as postfix, dovecot, postfix-sasl and proftp only. It can be solved now.

Topic locked