Fail2ban ipset create fail2ban-sshd hash: ip timeout -lHow to Unban an IP properly with Fail2BanFail2ban on Ubuntu 11.10 does not ban custom filter/jailcustom filter for Fail2BanSharing of fail2ban banned IPsFail2Ban - Iptables - Set does not existFail2ban doesn't startfail2ban doesn't add IPs to ipset (firewalld)fail2ban create jail failedStrange behavior with fail2ban when permanently banning IPsFirewalld rich rule doesn't immediately block IP address
What is Theresa May waiting for?
How to know if a folder is a symbolic link?
Why did David Cameron offer a referendum on the European Union?
Where's this lookout in Nova Scotia?
Are these reasonable traits for someone with autism?
Python program to find the most frequent letter in a text
What is a Centaur Thief's climbing speed?
What are these arcade games in Ghostbusters 1984?
Pirate democracy at its finest
Website returning plaintext password
Is it possible to play as a necromancer skeleton?
What is the object moving across the ceiling in this stock footage?
What to do when you've set the wrong ISO for your film?
My employer faked my resume to acquire projects
Why aren't space telescopes put in GEO?
Would Jetfuel for a modern jet like an F-16 or a F-35 be producable in the WW2 era?
Have 1.5% of all nuclear reactors ever built melted down?
Alignment: "Breaking out" of environment (enumerate / minipage)
Is it rude to call a professor by their last name with no prefix in a non-academic setting?
I know that there is a preselected candidate for a position to be filled at my department. What should I do?
My players want to grind XP but we're using milestone advancement
Does Nitrogen inside commercial airliner wheels prevent blowouts on touchdown?
Plot twist where the antagonist wins
How to Pin Point Large File eating space in Fedora 18
Fail2ban ipset create fail2ban-sshd hash: ip timeout -l
How to Unban an IP properly with Fail2BanFail2ban on Ubuntu 11.10 does not ban custom filter/jailcustom filter for Fail2BanSharing of fail2ban banned IPsFail2Ban - Iptables - Set does not existFail2ban doesn't startfail2ban doesn't add IPs to ipset (firewalld)fail2ban create jail failedStrange behavior with fail2ban when permanently banning IPsFirewalld rich rule doesn't immediately block IP address
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I have over 2.5 million ssh attempts and fail2ban and only a few thousand ip's blocked. The find time was set to 600, max retries 4, and bantime -1. The server is physically present. I changed the jail.local and tried restarting systemctl restart fail2ban and it starts with a whole bunch of errors. I reverted jail.local back how it was and tried again and still get the same errors. I deleted some of the secure logs and tried again and it seemed to start but when I reviewed the status the errors were still there and almost nothing is being blocked.
I get the error Fail2ban ipset create fail2ban-sshd hash: ip timeout -l followed by a whole bunch of subsequent failures that I think are precipitated by the first.
I tried stopping, uninstalling and reinstalling fail2ban and still have the same initial error followed by a whole bunch of errors.
My questions are:
1. Why/how does ipset create fail2ban-sshd hash timeout?
2. How can I properly reinstall fail2ban so that maybe it might block something?
3. If there's no working answer on the first two, can't the ip blocking rules be programmed outside of fail2ban?
fail2ban.log:
2019-05-12 21:08:35,823 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2019-05-12 21:08:35,823 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stderr: "ipset v6.29: Syntax error: '-1' is out of range 0-4294967nx1b[91mError: COMMAND_FAILEDx1b[00mn"
2019-05-12 21:08:35,824 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- returned 13
2019-05-12 21:08:35,824 fail2ban.actions [1730]: ERROR Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action
2019-05-12 21:08:35,825 fail2ban.actions [1730]: NOTICE [sshd] Ban 218.92.0.147
2019-05-12 21:08:46,771 fail2ban.transmitter [1730]: WARNING Command ['start', 'sshd'] has failed. Received OperationalError('database is locked',)
2019-05-12 21:08:51,787 fail2ban [1730]: CRITICAL Unhandled exception in Fail2Ban:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/fail2ban/server/jailthread.py", line 66, in run_with_except_hook
run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py", line 290, in run
self.jail.putFailTicket(ticket)
File "/usr/lib/python2.7/site-packages/fail2ban/server/jail.py", line 195, in putFailTicket
self.database.addBan(self, ticket)
File "/usr/lib/python2.7/site-packages/fail2ban/server/database.py", line 96, in wrapper
return f(self, self._db.cursor(), *args, **kwargs)
OperationalError: database is locked
2019-05-12 21:08:56,800 fail2ban.actions [1730]: ERROR Failed to get all bans merged, jail 'sshd': database is locked
2019-05-12 21:09:01,812 fail2ban.actions [1730]: ERROR Failed to get jail bans merged, jail 'sshd': database is locked
2019-05-12 21:09:01,941 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- stdout: ''
2019-05-12 21:09:01,941 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- stderr: 'ipset v6.29: The set with the given name does not existn'
2019-05-12 21:09:01,942 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- returned 1
systemctl status fail2ban
fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-05-12 21:08:46 EDT; 38min ago
Docs: man:fail2ban(1)
Process: 1462 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=255)
Process: 1726 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=0/SUCCESS)
Main PID: 1730 (fail2ban-server)
CGroup: /system.slice/fail2ban.service
├─1599 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
└─1730 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
May 12 21:08:24 myHost systemd[1]: Starting Fail2Ban Service...
May 12 21:08:24 myHost fail2ban-client[1726]: 2019-05-12 21:08:24,579 fail2ban.server [1728]: INFO Starting Fail2ban v0.9.7
May 12 21:08:24 myHost fail2ban-client[1726]: 2019-05-12 21:08:24,580 fail2ban.server [1728]: INFO Starting in daemon mode
May 12 21:08:29 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:34 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:46 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:46 myHost systemd[1]: Started Fail2Ban Service.
[root@myHost /]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 7
| |- Total failed: 46
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 218.92.0.147
fail2ban
asked May 13 at 1:58
Aunt JemimaAunt Jemima
74110
add a comment |
I have over 2.5 million ssh attempts and fail2ban and only a few thousand ip's blocked. The find time was set to 600, max retries 4, and bantime -1. The server is physically present. I changed the jail.local and tried restarting systemctl restart fail2ban and it starts with a whole bunch of errors. I reverted jail.local back how it was and tried again and still get the same errors. I deleted some of the secure logs and tried again and it seemed to start but when I reviewed the status the errors were still there and almost nothing is being blocked.
I get the error Fail2ban ipset create fail2ban-sshd hash: ip timeout -l followed by a whole bunch of subsequent failures that I think are precipitated by the first.
I tried stopping, uninstalling and reinstalling fail2ban and still have the same initial error followed by a whole bunch of errors.
My questions are:
1. Why/how does ipset create fail2ban-sshd hash timeout?
2. How can I properly reinstall fail2ban so that maybe it might block something?
3. If there's no working answer on the first two, can't the ip blocking rules be programmed outside of fail2ban?
fail2ban.log:
2019-05-12 21:08:35,823 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2019-05-12 21:08:35,823 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stderr: "ipset v6.29: Syntax error: '-1' is out of range 0-4294967nx1b[91mError: COMMAND_FAILEDx1b[00mn"
2019-05-12 21:08:35,824 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- returned 13
2019-05-12 21:08:35,824 fail2ban.actions [1730]: ERROR Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action
2019-05-12 21:08:35,825 fail2ban.actions [1730]: NOTICE [sshd] Ban 218.92.0.147
2019-05-12 21:08:46,771 fail2ban.transmitter [1730]: WARNING Command ['start', 'sshd'] has failed. Received OperationalError('database is locked',)
2019-05-12 21:08:51,787 fail2ban [1730]: CRITICAL Unhandled exception in Fail2Ban:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/fail2ban/server/jailthread.py", line 66, in run_with_except_hook
run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py", line 290, in run
self.jail.putFailTicket(ticket)
File "/usr/lib/python2.7/site-packages/fail2ban/server/jail.py", line 195, in putFailTicket
self.database.addBan(self, ticket)
File "/usr/lib/python2.7/site-packages/fail2ban/server/database.py", line 96, in wrapper
return f(self, self._db.cursor(), *args, **kwargs)
OperationalError: database is locked
2019-05-12 21:08:56,800 fail2ban.actions [1730]: ERROR Failed to get all bans merged, jail 'sshd': database is locked
2019-05-12 21:09:01,812 fail2ban.actions [1730]: ERROR Failed to get jail bans merged, jail 'sshd': database is locked
2019-05-12 21:09:01,941 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- stdout: ''
2019-05-12 21:09:01,941 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- stderr: 'ipset v6.29: The set with the given name does not existn'
2019-05-12 21:09:01,942 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- returned 1
systemctl status fail2ban
fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-05-12 21:08:46 EDT; 38min ago
Docs: man:fail2ban(1)
Process: 1462 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=255)
Process: 1726 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=0/SUCCESS)
Main PID: 1730 (fail2ban-server)
CGroup: /system.slice/fail2ban.service
├─1599 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
└─1730 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
May 12 21:08:24 myHost systemd[1]: Starting Fail2Ban Service...
May 12 21:08:24 myHost fail2ban-client[1726]: 2019-05-12 21:08:24,579 fail2ban.server [1728]: INFO Starting Fail2ban v0.9.7
May 12 21:08:24 myHost fail2ban-client[1726]: 2019-05-12 21:08:24,580 fail2ban.server [1728]: INFO Starting in daemon mode
May 12 21:08:29 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:34 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:46 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:46 myHost systemd[1]: Started Fail2Ban Service.
[root@myHost /]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 7
| |- Total failed: 46
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 218.92.0.147
fail2ban
asked May 13 at 1:58
Aunt JemimaAunt Jemima
74110
add a comment |
I have over 2.5 million ssh attempts and fail2ban and only a few thousand ip's blocked. The find time was set to 600, max retries 4, and bantime -1. The server is physically present. I changed the jail.local and tried restarting systemctl restart fail2ban and it starts with a whole bunch of errors. I reverted jail.local back how it was and tried again and still get the same errors. I deleted some of the secure logs and tried again and it seemed to start but when I reviewed the status the errors were still there and almost nothing is being blocked.
I get the error Fail2ban ipset create fail2ban-sshd hash: ip timeout -l followed by a whole bunch of subsequent failures that I think are precipitated by the first.
I tried stopping, uninstalling and reinstalling fail2ban and still have the same initial error followed by a whole bunch of errors.
My questions are:
1. Why/how does ipset create fail2ban-sshd hash timeout?
2. How can I properly reinstall fail2ban so that maybe it might block something?
3. If there's no working answer on the first two, can't the ip blocking rules be programmed outside of fail2ban?
fail2ban.log:
2019-05-12 21:08:35,823 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2019-05-12 21:08:35,823 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stderr: "ipset v6.29: Syntax error: '-1' is out of range 0-4294967nx1b[91mError: COMMAND_FAILEDx1b[00mn"
2019-05-12 21:08:35,824 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- returned 13
2019-05-12 21:08:35,824 fail2ban.actions [1730]: ERROR Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action
2019-05-12 21:08:35,825 fail2ban.actions [1730]: NOTICE [sshd] Ban 218.92.0.147
2019-05-12 21:08:46,771 fail2ban.transmitter [1730]: WARNING Command ['start', 'sshd'] has failed. Received OperationalError('database is locked',)
2019-05-12 21:08:51,787 fail2ban [1730]: CRITICAL Unhandled exception in Fail2Ban:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/fail2ban/server/jailthread.py", line 66, in run_with_except_hook
run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py", line 290, in run
self.jail.putFailTicket(ticket)
File "/usr/lib/python2.7/site-packages/fail2ban/server/jail.py", line 195, in putFailTicket
self.database.addBan(self, ticket)
File "/usr/lib/python2.7/site-packages/fail2ban/server/database.py", line 96, in wrapper
return f(self, self._db.cursor(), *args, **kwargs)
OperationalError: database is locked
2019-05-12 21:08:56,800 fail2ban.actions [1730]: ERROR Failed to get all bans merged, jail 'sshd': database is locked
2019-05-12 21:09:01,812 fail2ban.actions [1730]: ERROR Failed to get jail bans merged, jail 'sshd': database is locked
2019-05-12 21:09:01,941 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- stdout: ''
2019-05-12 21:09:01,941 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- stderr: 'ipset v6.29: The set with the given name does not existn'
2019-05-12 21:09:01,942 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- returned 1
systemctl status fail2ban
fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-05-12 21:08:46 EDT; 38min ago
Docs: man:fail2ban(1)
Process: 1462 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=255)
Process: 1726 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=0/SUCCESS)
Main PID: 1730 (fail2ban-server)
CGroup: /system.slice/fail2ban.service
├─1599 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
└─1730 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
May 12 21:08:24 myHost systemd[1]: Starting Fail2Ban Service...
May 12 21:08:24 myHost fail2ban-client[1726]: 2019-05-12 21:08:24,579 fail2ban.server [1728]: INFO Starting Fail2ban v0.9.7
May 12 21:08:24 myHost fail2ban-client[1726]: 2019-05-12 21:08:24,580 fail2ban.server [1728]: INFO Starting in daemon mode
May 12 21:08:29 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:34 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:46 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:46 myHost systemd[1]: Started Fail2Ban Service.
[root@myHost /]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 7
| |- Total failed: 46
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 218.92.0.147
fail2ban
asked May 13 at 1:58
Aunt JemimaAunt Jemima
74110
I have over 2.5 million ssh attempts and fail2ban and only a few thousand ip's blocked. The find time was set to 600, max retries 4, and bantime -1. The server is physically present. I changed the jail.local and tried restarting systemctl restart fail2ban and it starts with a whole bunch of errors. I reverted jail.local back how it was and tried again and still get the same errors. I deleted some of the secure logs and tried again and it seemed to start but when I reviewed the status the errors were still there and almost nothing is being blocked.
I get the error Fail2ban ipset create fail2ban-sshd hash: ip timeout -l followed by a whole bunch of subsequent failures that I think are precipitated by the first.
I tried stopping, uninstalling and reinstalling fail2ban and still have the same initial error followed by a whole bunch of errors.
My questions are:
1. Why/how does ipset create fail2ban-sshd hash timeout?
2. How can I properly reinstall fail2ban so that maybe it might block something?
3. If there's no working answer on the first two, can't the ip blocking rules be programmed outside of fail2ban?
fail2ban.log:
2019-05-12 21:08:35,823 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2019-05-12 21:08:35,823 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stderr: "ipset v6.29: Syntax error: '-1' is out of range 0-4294967nx1b[91mError: COMMAND_FAILEDx1b[00mn"
2019-05-12 21:08:35,824 fail2ban.action [1730]: ERROR ipset create fail2ban-sshd hash:ip timeout -1
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- returned 13
2019-05-12 21:08:35,824 fail2ban.actions [1730]: ERROR Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action
2019-05-12 21:08:35,825 fail2ban.actions [1730]: NOTICE [sshd] Ban 218.92.0.147
2019-05-12 21:08:46,771 fail2ban.transmitter [1730]: WARNING Command ['start', 'sshd'] has failed. Received OperationalError('database is locked',)
2019-05-12 21:08:51,787 fail2ban [1730]: CRITICAL Unhandled exception in Fail2Ban:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/fail2ban/server/jailthread.py", line 66, in run_with_except_hook
run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py", line 290, in run
self.jail.putFailTicket(ticket)
File "/usr/lib/python2.7/site-packages/fail2ban/server/jail.py", line 195, in putFailTicket
self.database.addBan(self, ticket)
File "/usr/lib/python2.7/site-packages/fail2ban/server/database.py", line 96, in wrapper
return f(self, self._db.cursor(), *args, **kwargs)
OperationalError: database is locked
2019-05-12 21:08:56,800 fail2ban.actions [1730]: ERROR Failed to get all bans merged, jail 'sshd': database is locked
2019-05-12 21:09:01,812 fail2ban.actions [1730]: ERROR Failed to get jail bans merged, jail 'sshd': database is locked
2019-05-12 21:09:01,941 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- stdout: ''
2019-05-12 21:09:01,941 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- stderr: 'ipset v6.29: The set with the given name does not existn'
2019-05-12 21:09:01,942 fail2ban.action [1730]: ERROR ipset add fail2ban-sshd 218.92.0.147 timeout -1 -exist -- returned 1
systemctl status fail2ban
fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-05-12 21:08:46 EDT; 38min ago
Docs: man:fail2ban(1)
Process: 1462 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=255)
Process: 1726 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=0/SUCCESS)
Main PID: 1730 (fail2ban-server)
CGroup: /system.slice/fail2ban.service
├─1599 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
└─1730 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
May 12 21:08:24 myHost systemd[1]: Starting Fail2Ban Service...
May 12 21:08:24 myHost fail2ban-client[1726]: 2019-05-12 21:08:24,579 fail2ban.server [1728]: INFO Starting Fail2ban v0.9.7
May 12 21:08:24 myHost fail2ban-client[1726]: 2019-05-12 21:08:24,580 fail2ban.server [1728]: INFO Starting in daemon mode
May 12 21:08:29 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:34 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:46 myHost fail2ban-client[1726]: ERROR NOK: ('database is locked',)
May 12 21:08:46 myHost systemd[1]: Started Fail2Ban Service.
[root@myHost /]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 7
| |- Total failed: 46
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 218.92.0.147
fail2ban
fail2ban
asked May 13 at 1:58
Aunt JemimaAunt Jemima
74110
asked May 13 at 1:58
Aunt JemimaAunt Jemima
74110
asked May 13 at 1:58
Aunt JemimaAunt Jemima
74110
asked May 13 at 1:58
Aunt JemimaAunt Jemima
74110
asked May 13 at 1:58
Aunt JemimaAunt Jemima
74110
74110
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
After reviewing the logs over and over I decided to pay attention to the following line:
ERROR Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action
This got me to check the firewalld log which showed
NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', 'ssh', '-m', 'set', '--match-set', 'fail2ban-sshd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT'
for each time I tried starting and restarting fail2ban. I searched that error and found https://www.centos.org/forums/viewtopic.php?t=60586 which suggested changing adding
banaction = iptables-allports
to the jails.local file under the sshd section.
I restarted fail2ban and the ip's started getting blocked in a way that was more consistent with my expectations.
answered May 13 at 15:03
Aunt JemimaAunt Jemima
74110
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966954%2ffail2ban-ipset-create-fail2ban-sshd-hash-ip-timeout-l%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
After reviewing the logs over and over I decided to pay attention to the following line:
ERROR Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action
This got me to check the firewalld log which showed
NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', 'ssh', '-m', 'set', '--match-set', 'fail2ban-sshd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT'
for each time I tried starting and restarting fail2ban. I searched that error and found https://www.centos.org/forums/viewtopic.php?t=60586 which suggested changing adding
banaction = iptables-allports
to the jails.local file under the sshd section.
I restarted fail2ban and the ip's started getting blocked in a way that was more consistent with my expectations.
answered May 13 at 15:03
Aunt JemimaAunt Jemima
74110
add a comment |
After reviewing the logs over and over I decided to pay attention to the following line:
ERROR Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action
This got me to check the firewalld log which showed
NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', 'ssh', '-m', 'set', '--match-set', 'fail2ban-sshd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT'
for each time I tried starting and restarting fail2ban. I searched that error and found https://www.centos.org/forums/viewtopic.php?t=60586 which suggested changing adding
banaction = iptables-allports
to the jails.local file under the sshd section.
I restarted fail2ban and the ip's started getting blocked in a way that was more consistent with my expectations.
answered May 13 at 15:03
Aunt JemimaAunt Jemima
74110
add a comment |
After reviewing the logs over and over I decided to pay attention to the following line:
ERROR Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action
This got me to check the firewalld log which showed
NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', 'ssh', '-m', 'set', '--match-set', 'fail2ban-sshd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT'
for each time I tried starting and restarting fail2ban. I searched that error and found https://www.centos.org/forums/viewtopic.php?t=60586 which suggested changing adding
banaction = iptables-allports
to the jails.local file under the sshd section.
I restarted fail2ban and the ip's started getting blocked in a way that was more consistent with my expectations.
answered May 13 at 15:03
Aunt JemimaAunt Jemima
74110
After reviewing the logs over and over I decided to pay attention to the following line:
ERROR Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action
This got me to check the firewalld log which showed
NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', 'ssh', '-m', 'set', '--match-set', 'fail2ban-sshd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT'
for each time I tried starting and restarting fail2ban. I searched that error and found https://www.centos.org/forums/viewtopic.php?t=60586 which suggested changing adding
banaction = iptables-allports
to the jails.local file under the sshd section.
I restarted fail2ban and the ip's started getting blocked in a way that was more consistent with my expectations.
answered May 13 at 15:03
Aunt JemimaAunt Jemima
74110
answered May 13 at 15:03
Aunt JemimaAunt Jemima
74110
answered May 13 at 15:03
Aunt JemimaAunt Jemima
74110
answered May 13 at 15:03
Aunt JemimaAunt Jemima
74110
74110
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966954%2ffail2ban-ipset-create-fail2ban-sshd-hash-ip-timeout-l%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
