Fail2ban for OMV 4 Arrakis

  • On more thing in the fail2ban log. Seems like fail2ban cannot hook correctly into the iptables:

    Code
    2018-11-30 20:36:17,390 fail2ban.action         [15638]: ERROR   iptables -w -N f2b-ssh
    iptables -w -A f2b-ssh -j RETURN
    iptables -w -I INPUT -p tcp -m multiport --dports ssh -j f2b-ssh -- stdout: b''
    2018-11-30 20:36:17,391 fail2ban.action         [15638]: ERROR   iptables -w -N f2b-ssh
    iptables -w -A f2b-ssh -j RETURN
    iptables -w -I INPUT -p tcp -m multiport --dports ssh -j f2b-ssh -- stderr: b"iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.\niptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.\niptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.\n"
    2018-11-30 20:36:17,392 fail2ban.action         [15638]: ERROR   iptables -w -N f2b-ssh
    iptables -w -A f2b-ssh -j RETURN
    iptables -w -I INPUT -p tcp -m multiport --dports ssh -j f2b-ssh -- returned 3
    2018-11-30 20:36:17,393 fail2ban.actions        [15638]: ERROR   Failed to start jail 'ssh' action 'iptables-multiport': Error starting action
    • Offizieller Beitrag

    On more thing in the fail2ban log. Seems like fail2ban cannot hook correctly into the iptables:

    Someone else will have to tell me how to fix that.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Uh, actually a reboot fixed the problem, now fail2ban is working fine :)
    Summing up:
    Your package works if:

    • file /etc/fail2ban/jail.d/defaults-debian.conf is removed


    • you change the UUID of jail nginx-404 to something else in config.xml (I used 9eb1c202-b6d5-4da8-9c20-ae9790a41d1a)

    Thanks for the plugin, you rock!

    • Offizieller Beitrag

    Both of those are done in the version available at the link now. Just need someone else to test and I will put in the repo.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Hi,


    I just installed the plugin, and I received this message:


    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

    Einmal editiert, zuletzt von tinh_x7 ()

  • Hi,


    I just installed the plugin, and I received this message:


    This error is not fail2ban related. It's a bug in python. Solution is described here:
    https://mytec-home.de/multimed…f-4-arrakis-aktualisieren


    You need to edit /usr/lib/python3.5/weakref.py


    Change line 109 from:
    def remove(wr, selfref=ref(self)):
    to:
    def remove(wr, selfref=ref(self), _atomic_removal=_remove_dead_weakref):


    and line 117 from:
    _remove_dead_weakref(d, wr.key)
    to:
    _atomic_removal(d, wr.key)

    • Offizieller Beitrag

    DON'T MODIFY the Python code yourself. It's only a cosmetic issue. If you don't know what you're doing you will corrupt Python.

  • When I tried to enable Fail2ban, I got an error message:


    Code
    Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; systemctl start 'fail2ban' 2>&1' with exit code '1': Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.

    How do I fix this ?

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • When I tried to enable Fail2ban, I got an error message:


    Code
    Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; systemctl start 'fail2ban' 2>&1' with exit code '1': Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.

    How do I fix this ?

    Did you run the suggested commands to see what might be causing this?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

    • Offizieller Beitrag

    4.0 is in the repo now.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    Removed /etc/fail2ban/jail.d/defaults-debian.conf worked for me.

    The plugin does this now before it even installs files.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    Yesterday I installed it from the plugin, but the config file was there.

    Improved in 4.0.1.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Hi,


    I have noticed two spelling errors in /etc/fail2ban/jail.conf which makes fail2ban revert to default and ignore whatever value the user enters.


    findtime = is spelled 'fintime' and
    bantime = is spelled 'banime'


    I'm using openmediavault-fail2ban 4.0.1 plugin.

    • Offizieller Beitrag

    I have noticed two spelling errors in /etc/fail2ban/jail.conf which makes fail2ban revert to default and ignore whatever value the user enters.

    Fixed in 4.0.2 in repo now.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!