ошибка fail2ban с firewalld (f2b- : нет такого файла или каталога)

Question

ошибка fail2ban с firewalld (f2b- : нет такого файла или каталога)

Я месяцами без проблем использую fail2ban, но после обновления CentOS он перестал работать. Кажется, он не создает записи iptables. Я уже пробовал перезапустить fail2ban, перезапустить VPS и все основные вещи. Соответствующие ошибки:

В /var/log/fail2ban.log :

2020-01-12 12:15:52,994 fail2ban.actions        [496]: NOTICE  [postfix-reject-dynamo] Restore Ban 12.160.87.219
2020-01-12 12:15:54,684 fail2ban.utils          [496]: #39-Lev. 7f4db54f9c90 -- exec: firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: 'filter'"
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed"
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory"
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: 'Error occurred at line: 2'
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- returned 13
2020-01-12 12:15:54,686 fail2ban.actions        [496]: ERROR   Failed to execute ban jail 'postfix-reject-dynamo' action 'firewallcmd-allports' info 'ActionInfo({'ip': '12.160.87.219', 'fid': <function <lambda> at 0x7f4db41bf578>, 'family': 'inet4', 'raw-ticket': <function <lambda> at 0x7f4db41bfa28>})': Error starting action Jail('postfix-reject-dynamo')/firewallcmd-allports

В / var / log / firewalld :

2020-01-12 12:15:53 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed

2020-01-12 12:15:53 ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed

2020-01-12 12:15:54 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory

iptables -L вывод:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Содержание /etc/systemd/system/multi-user.target.wants/fail2ban.service :

[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service
PartOf=iptables.service firewalld.service

[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255

[Install]
WantedBy=multi-user.target

Вот полный /var/log/fail2ban.log , пока не появится ошибка:

2020-01-12 12:15:51,018 fail2ban.server         [496]: INFO    Starting Fail2ban v0.10.4
2020-01-12 12:15:51,037 fail2ban.database       [496]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2020-01-12 12:15:51,183 fail2ban.jail           [496]: INFO    Creating new jail 'sshd'
2020-01-12 12:15:51,834 fail2ban.jail           [496]: INFO    Jail 'sshd' uses systemd {}
2020-01-12 12:15:51,836 fail2ban.jail           [496]: INFO    Initiated 'systemd' backend
2020-01-12 12:15:51,837 fail2ban.filter         [496]: INFO      maxLines: 1
2020-01-12 12:15:51,878 fail2ban.filtersystemd  [496]: INFO    [sshd] Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2020-01-12 12:15:51,879 fail2ban.filter         [496]: INFO      maxRetry: 5
2020-01-12 12:15:51,879 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,880 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:51,880 fail2ban.actions        [496]: INFO      banTime: 3600
2020-01-12 12:15:51,882 fail2ban.jail           [496]: INFO    Creating new jail 'webmin-auth'
2020-01-12 12:15:51,882 fail2ban.jail           [496]: INFO    Jail 'webmin-auth' uses systemd {}
2020-01-12 12:15:51,883 fail2ban.jail           [496]: INFO    Initiated 'systemd' backend
2020-01-12 12:15:51,889 fail2ban.filter         [496]: INFO      maxRetry: 5
2020-01-12 12:15:51,889 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,889 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:51,890 fail2ban.actions        [496]: INFO      banTime: 600
2020-01-12 12:15:51,891 fail2ban.jail           [496]: INFO    Creating new jail 'proftpd'
2020-01-12 12:15:51,891 fail2ban.jail           [496]: INFO    Jail 'proftpd' uses systemd {}
2020-01-12 12:15:51,893 fail2ban.jail           [496]: INFO    Initiated 'systemd' backend
2020-01-12 12:15:51,898 fail2ban.filtersystemd  [496]: INFO    [proftpd] Added journal match for: '_SYSTEMD_UNIT=proftpd.service'
2020-01-12 12:15:51,899 fail2ban.filter         [496]: INFO      maxRetry: 5
2020-01-12 12:15:51,899 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,899 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:51,900 fail2ban.actions        [496]: INFO      banTime: 3600
2020-01-12 12:15:51,901 fail2ban.jail           [496]: INFO    Creating new jail 'postfix'
2020-01-12 12:15:51,901 fail2ban.jail           [496]: INFO    Jail 'postfix' uses systemd {}
2020-01-12 12:15:51,902 fail2ban.jail           [496]: INFO    Initiated 'systemd' backend
2020-01-12 12:15:51,913 fail2ban.filtersystemd  [496]: INFO    [postfix] Added journal match for: '_SYSTEMD_UNIT=postfix.service'
2020-01-12 12:15:51,914 fail2ban.filter         [496]: INFO      maxRetry: 5
2020-01-12 12:15:51,914 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,914 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:51,915 fail2ban.actions        [496]: INFO      banTime: 3600
2020-01-12 12:15:51,916 fail2ban.jail           [496]: INFO    Creating new jail 'dovecot'
2020-01-12 12:15:51,916 fail2ban.jail           [496]: INFO    Jail 'dovecot' uses systemd {}
2020-01-12 12:15:51,917 fail2ban.jail           [496]: INFO    Initiated 'systemd' backend
2020-01-12 12:15:51,926 fail2ban.filtersystemd  [496]: INFO    [dovecot] Added journal match for: '_SYSTEMD_UNIT=dovecot.service'
2020-01-12 12:15:51,926 fail2ban.datedetector   [496]: INFO      date pattern `''`: `{^LN-BEG}TAI64N`
2020-01-12 12:15:51,927 fail2ban.filter         [496]: INFO      maxRetry: 5
2020-01-12 12:15:51,927 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,928 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:51,928 fail2ban.actions        [496]: INFO      banTime: 3600
2020-01-12 12:15:51,929 fail2ban.jail           [496]: INFO    Creating new jail 'postfix-reject-dynamo'
2020-01-12 12:15:52,032 fail2ban.jail           [496]: INFO    Jail 'postfix-reject-dynamo' uses poller {}
2020-01-12 12:15:52,033 fail2ban.jail           [496]: INFO    Initiated 'polling' backend
2020-01-12 12:15:52,118 fail2ban.filter         [496]: INFO    Added logfile: '/var/log/maillog' (pos = 17320260, hash = 48479d10b4c7d022471955ff13511a8c)
2020-01-12 12:15:52,119 fail2ban.filter         [496]: INFO      maxRetry: 3
2020-01-12 12:15:52,119 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:52,120 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:52,120 fail2ban.actions        [496]: INFO      banTime: 3600
2020-01-12 12:15:52,222 fail2ban.jail           [496]: INFO    Jail 'sshd' started
2020-01-12 12:15:52,260 fail2ban.filtersystemd  [496]: NOTICE  Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2020-01-12 12:15:52,269 fail2ban.jail           [496]: INFO    Jail 'webmin-auth' started
2020-01-12 12:15:52,401 fail2ban.jail           [496]: INFO    Jail 'proftpd' started
2020-01-12 12:15:52,659 fail2ban.jail           [496]: INFO    Jail 'postfix' started
2020-01-12 12:15:52,787 fail2ban.jail           [496]: INFO    Jail 'dovecot' started
2020-01-12 12:15:52,800 fail2ban.jail           [496]: INFO    Jail 'postfix-reject-dynamo' started
2020-01-12 12:15:52,994 fail2ban.actions        [496]: NOTICE  [postfix-reject-dynamo] Restore Ban 12.160.87.219
2020-01-12 12:15:54,684 fail2ban.utils          [496]: #39-Lev. 7f4db54f9c90 -- exec: firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: 'filter'"
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed"
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory"
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: 'Error occurred at line: 2'
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- returned 13
2020-01-12 12:15:54,686 fail2ban.actions        [496]: ERROR   Failed to execute ban jail 'postfix-reject-dynamo' action 'firewallcmd-allports' info 'ActionInfo({'ip': '12.160.87.219', 'fid': <function <lambda> at 0x7f4db41bf578>, 'family': 'inet4', 'raw-ticket': <function <lambda> at 0x7f4db41bfa28>})': Error starting action Jail('postfix-reject-dynamo')/firewallcmd-allports

CentOS Linux release 7.7.1908 (Core)

Я понятия не имею, что здесь происходит ..

Благодарю за вашу помощь.

0

iptables centos7 fail2ban firewalld

задан Daniel Grosso 12 January 2020 в 17:53

Ссылка

1 ответ

ошибка fail2ban с firewalld (f2b- : нет такого файла или каталога)

Теги

Похожие вопросы