Fail2ban for OMV 4 Arrakis

  • On more thing in the fail2ban log. Seems like fail2ban cannot hook correctly into the iptables:

    Code
    2018-11-30 20:36:17,390 fail2ban.action [15638]: ERROR iptables -w -N f2b-ssh
    iptables -w -A f2b-ssh -j RETURN
    iptables -w -I INPUT -p tcp -m multiport --dports ssh -j f2b-ssh -- stdout: b''
    2018-11-30 20:36:17,391 fail2ban.action [15638]: ERROR iptables -w -N f2b-ssh
    iptables -w -A f2b-ssh -j RETURN
    iptables -w -I INPUT -p tcp -m multiport --dports ssh -j f2b-ssh -- stderr: b"iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.\niptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.\niptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.\n"
    2018-11-30 20:36:17,392 fail2ban.action [15638]: ERROR iptables -w -N f2b-ssh
    iptables -w -A f2b-ssh -j RETURN
    iptables -w -I INPUT -p tcp -m multiport --dports ssh -j f2b-ssh -- returned 3
    2018-11-30 20:36:17,393 fail2ban.actions [15638]: ERROR Failed to start jail 'ssh' action 'iptables-multiport': Error starting action
  • Uh, actually a reboot fixed the problem, now fail2ban is working fine :-)
    Summing up:
    Your package works if:

    • file /etc/fail2ban/jail.d/defaults-debian.conf is removed


    • you change the UUID of jail nginx-404 to something else in config.xml (I used 9eb1c202-b6d5-4da8-9c20-ae9790a41d1a)

    Thanks for the plugin, you rock!

  • Both of those are done in the version available at the link now. Just need someone else to test and I will put in the repo.

    omv 5.5.2 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.3.3
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Hi,


    I just installed the plugin, and I received this message:


  • Hi,


    I just installed the plugin, and I received this message:


    This error is not fail2ban related. It's a bug in python. Solution is described here:
    https://mytec-home.de/multimed…f-4-arrakis-aktualisieren


    You need to edit /usr/lib/python3.5/weakref.py


    Change line 109 from:
    def remove(wr, selfref=ref(self)):
    to:
    def remove(wr, selfref=ref(self), _atomic_removal=_remove_dead_weakref):


    and line 117 from:
    _remove_dead_weakref(d, wr.key)
    to:
    _atomic_removal(d, wr.key)

  • DON'T MODIFY the Python code yourself. It's only a cosmetic issue. If you don't know what you're doing you will corrupt Python.

  • When I tried to enable Fail2ban, I got an error message:


    Code
    Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; systemctl start 'fail2ban' 2>&1' with exit code '1': Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.

    How do I fix this ?

  • When I tried to enable Fail2ban, I got an error message:


    Code
    Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; systemctl start 'fail2ban' 2>&1' with exit code '1': Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.

    How do I fix this ?

    Did you run the suggested commands to see what might be causing this?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

  • I have noticed two spelling errors in /etc/fail2ban/jail.conf which makes fail2ban revert to default and ignore whatever value the user enters.

    Fixed in 4.0.2 in repo now.

    omv 5.5.2 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.3.3
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!