Error i Fail2Ban.
Hej,
Det är som så att jag får errors i Fail2Ban.log filen men Fail2Ban startar utan problem m.m.
From: Fail2Ban <root@localhost>
To: root@localhost\n
Hi,\n
The jail nginx-noscript has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f root@localhost root@localhost -- stdout: b''
2017-07-01 20:36:07,960 fail2ban.action [10989]: ERROR printf %b "Subject: [Fail2Ban] nginx-noscript: started on `uname -n`
Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
Denna är pga fail2ban inte kan skicka något e-post antar jag då jag inte har någon e-post server installerad.
Men jag har även denna:
From: Fail2Ban <root@localhost>
To: root@localhost\n
Hi,\n
The jail sshd-ddos has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f root@localhost root@localhost -- returned 127
2017-07-01 20:36:07,606 fail2ban.action [10989]: INFO HINT on 127: "Command not found". Make sure that all commands in 'printf %b "Subject: [Fail2Ban] sshd-ddos: started on `uname -n`\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban <root@localhost>\nTo: root@localhost\\n\nHi,\\n\nThe jail sshd-ddos has been started successfully.\\n\nRegards,\\\n\nFail2Ban" | /usr/sbin/sendmail -f root@localhost root@localhost' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terterminals.
2017-07-01 20:36:07,606 fail2ban.actions [10989]: ERROR Failed to start jail 'sshd-ddos' action 'sendmail-whois-lines': Error starting action
2017-07-01 20:36:07,727 fail2ban.action [10989]: ERROR printf %b "Subject: [Fail2Ban] nginx-http-auth: started on `uname -n`
Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
Denna är lite förvirrande då den säger att den klarat av att startat sshd-ddos högst upp, sen står det "ERROR Failed to start jail 'sshd-ddos' action 'sendmail-whois-lines': Error starting action"
Är detta också pga. att jag inte har någon e-post server?
Edit:
Hittade denna med för nginx-noproxy och några andra jails med.
From: Fail2Ban <root@localhost>
To: root@localhost\n
Hi,\n
The jail nginx-noproxy has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f root@localhost root@localhost -- returned 127
2017-07-01 20:36:07,387 fail2ban.action [10989]: INFO HINT on 127: "Command not found". Make sure that all commands in 'printf %b "Subject: [Fail2Ban] nginx-noproxy: started on$
2017-07-01 20:36:07,387 fail2ban.actions [10989]: ERROR Failed to start jail 'nginx-noproxy' action 'sendmail-whois-lines': Error starting action
Men här så har just nginx-noproxy bannat ett ip:
From: Fail2Ban <root@localhost>
To: root@localhost\n
Hi,\n
The IP 51.15.xx.xx has just been banned by Fail2Ban after
4 attempts against nginx-noscript.\n\n
Here is more information about 51.15.xx.xx :\n
`/usr/bin/whois 51.15.xx.xx || echo missing whois program`\n\n
Lines containing IP:51.15.xx.xx in /var/log/nginx/*access.log\n
`grep -E -m 1000 '(^|[^0-9])51.15.xx.xx([^0-9]|$)' /var/log/nginx/*access.log`\n\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f root@localhost root@localhost -- stderr: b'/bin/sh: 13: /usr/sbin/sendmail: not found\nconnect: Network is unreachable\n'
2017-07-01 20:36:18,684 fail2ban.action [10989]: ERROR printf %b "Subject: [Fail2Ban] nginx-noscript: banned 51.15.xx.xx from `uname -n`
Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
Jag får inga som helst felkoder när jag startar om fail2ban heller:
xxx:~$ sudo service fail2ban restart
xxx:~$ sudo fail2ban-client status
Status
|- Number of jail: 9
`- Jail list: nginx-badbots, nginx-botsearch, nginx-http-auth, nginx-nohome, nginx-noproxy, nginx-noscript, seafile, sshd, sshd-ddos
xxx:~$
Supermicro X9SRI-F | Xeon E5-2690 v2 | 128GB 1600MHz RDIMM | Dell Perc H200 (9211-8i IT) | Windows Server 2016 DataCenter med Hyper-V
