[CentOS] What is broken with fail2ban

Sun Aug 21 10:22:02 UTC 2016
Günther J. Niederwimmer <gjn at gjn.priv.at>

Hello,

Am Samstag, 20. August 2016, 16:05:48 schrieb Alexander Dalloz:
> Am 20.08.2016 um 14:46 schrieb Günther J. Niederwimmer:
> > Hello List,
> > 
> > with CentOS 7.2 it is not longer possible to run fail2ban on a Server ?
> > 
> > I install a new CentOS 7.2 and the EPEL directory
> > yum install fail2ban
> 
> No such issue on a clean test install.
> 
> [root at centos7 fail2ban]# rpm -qa fail2ban\*
> fail2ban-sendmail-0.9.3-1.el7.noarch
> fail2ban-firewalld-0.9.3-1.el7.noarch
> fail2ban-0.9.3-1.el7.noarch
> fail2ban-server-0.9.3-1.el7.noarch
> 
> Make sure you have fail2ban-firewalld installed as this provides the
> configuration to use firewallcmd-ipset as default banaction.
> 
> Plenty of reasons for the "ERROR: NOT_ENABLED" logging, see man 5
> firewalld.dbus.
??
this are the logs from fail2ban I mean we have a broken ipset and or iptables?
I have extra install a "old" CentOS 7 and Test before update, this is working 
I found the blocked IP's in iptables -L -n ???

Now with 7.2 I have only Errors ??

2016-08-21 11:09:33,565 fail2ban.actions        [2066]: ERROR   Failed to 
execute ban jail 'sshd' action 'firewallcmd-ipset' info 
'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8baa0>, 
'matches': '2016-06-18T13:12:13.154635 yyy.xxxxx.com sshd[3705]: Invalid user 
john from 95.211.190.210\n2016-06-18T13:12:13.590404 yyy.xxxxx.com sshd[3707]: 
Invalid user nagios from 95.211.190.210', 'ip': '95.211.190.210', 'ipmatches': 
<function <lambda> at 0x7f19e1d8ba28>, 'ipfailures': <function <lambda> at 
0x7f19e1d8b9b0>, 'time': 1471770573.462379, 'failures': 2, 'ipjailfailures': 
<function <lambda> at 0x7f19e1d8b938>})': Error banning 95.211.190.210
2016-08-21 11:09:33,565 fail2ban.actions        [2066]: NOTICE  [sshd] Ban 
97.74.232.35
2016-08-21 11:09:33,668 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- stdout: ''
2016-08-21 11:09:33,668 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- stderr: 'ipset v6.19: The 
set with the given name does not exist\n'
2016-08-21 11:09:33,668 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 97.74.232.35 timeout 7776000 -exist -- returned 1
2016-08-21 11:09:33,668 fail2ban.actions        [2066]: ERROR   Failed to 
execute ban jail 'sshd' action 'firewallcmd-ipset' info 
'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8b9b0>, 
'matches': '2016-08-14T16:19:53.289264 yyy.xxxxx.com sshd[24915]: Invalid user 
guest from 97.74.232.35\n2016-08-14T16:19:54.661401 yyy.xxxxx.com sshd[24917]: 
Invalid user pi from 97.74.232.35', 'ip': '97.74.232.35', 'ipmatches': 
<function <lambda> at 0x7f19e1d8b938>, 'ipfailures': <function <lambda> at 
0x7f19e1d8ba28>, 'time': 1471770573.565505, 'failures': 2, 'ipjailfailures': 
<function <lambda> at 0x7f19e1d8baa0>})': Error banning 97.74.232.35
2016-08-21 11:09:33,668 fail2ban.actions        [2066]: NOTICE  [sshd] Ban 
98.142.52.44
2016-08-21 11:09:33,771 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- stdout: ''
2016-08-21 11:09:33,771 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- stderr: 'ipset v6.19: The 
set with the given name does not exist\n'
2016-08-21 11:09:33,771 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.142.52.44 timeout 7776000 -exist -- returned 1
2016-08-21 11:09:33,771 fail2ban.actions        [2066]: ERROR   Failed to 
execute ban jail 'sshd' action 'firewallcmd-ipset' info 
'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8ba28>, 
'matches': '2016-06-08T15:27:16.145465 yyy.xxxxx.com sshd[20294]: Invalid user 
a from 98.142.52.44\n2016-06-08T15:27:19.797928 yyy.xxxxx.com sshd[20297]: 
Invalid user ajay from 98.142.52.44', 'ip': '98.142.52.44', 'ipmatches': 
<function <lambda> at 0x7f19e1d8baa0>, 'ipfailures': <function <lambda> at 
0x7f19e1d8b938>, 'time': 1471770573.668562, 'failures': 2, 'ipjailfailures': 
<function <lambda> at 0x7f19e1d8b9b0>})': Error banning 98.142.52.44
2016-08-21 11:09:33,771 fail2ban.actions        [2066]: NOTICE  [sshd] Ban 
98.254.171.195
2016-08-21 11:09:33,874 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- stdout: ''
2016-08-21 11:09:33,874 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- stderr: 'ipset v6.19: 
The set with the given name does not exist\n'
2016-08-21 11:09:33,874 fail2ban.action         [2066]: ERROR   ipset add 
fail2ban-sshd 98.254.171.195 timeout 7776000 -exist -- returned 1
2016-08-21 11:09:33,874 fail2ban.actions        [2066]: ERROR   Failed to 
execute ban jail 'sshd' action 'firewallcmd-ipset' info 
'CallingMap({'ipjailmatches': <function <lambda> at 0x7f19e1d8b938>, 
'matches': '2016-06-01T03:21:56.504682 yyy.xxxxx.com sshd[8392]: Invalid user 
ubnt from 98.254.171.195\n2016-06-01T03:22:42.468330 yyy.xxxxx.com sshd[8473]: 
Invalid user pi from 98.254.171.195', 'ip': '98.254.171.195', 'ipmatches': 
<function <lambda> at 0x7f19e1d8b9b0>, 'ipfailures': <function <lambda> at 
0x7f19e1d8baa0>, 'time': 1471770573.771765, 'failures': 2, 'ipjailfailures': 
<function <lambda> at 0x7f19e1d8ba28>})': Error banning 98.254.171.195

this is my Jail.local
#
[DEFAULT]
bantime = 2592000
findtime = 3600
ignoreip = 127.0.0.1/8 192.168.55.0/24 192.168.100.0/24
maxretry = 2

#
[sshd-ddos]
enabled = true

[sshd]
enabled = true

[selinux-ssh]
enabled = true

-- 
mit freundlichen Grüßen / best regards,

  Günther J. Niederwimmer