Bienvenido(a) a Alcance Libre 06/09/2025, 18:04

Alcance Libre Foros
 Índice del foro > Todo acerca de Linux > Redes y Servidores New Topic Post Reply
 fail2ban en CentOS 7
Tópico anterior Tópico siguiente
   
al-serv
 19/06/15 04:25 (Leído 2,627 veces)  

Miembro Activo

Estado: desconectado
Forum User

Identificado: 01/03/08
Mensajes: 641
Localización:Cataluña
Hola comppañeros!

hasta hace poco tenia fail2ban funcionando bien en mi maquina de CentOS 7 pero hoy mirando los log's me he dado cuenta de que en el mailog de postfix salia continuamente una ip que intentaba balidad por sasl... mirando el log del fail2ban sale lo siguiente que me da a mi que no hace bien el ban de la ip's;

PHP Formatted Code
2015-06-19 11:18:11,101 fail2ban.server         [622]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1
2015-06-19 11:18:11,103 fail2ban.database       [622]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2015-06-19 11:18:11,106 fail2ban.jail           [622]: INFO    Creating new jail 'postfix'
2015-06-19 11:18:11,107 fail2ban.jail           [622]: INFO    Jail 'postfix' uses poller
2015-06-19 11:18:11,110 fail2ban.filter         [622]: INFO    Set jail log file encoding to UTF-8
2015-06-19 11:18:11,110 fail2ban.jail           [622]: INFO    Initiated 'polling' backend
2015-06-19 11:18:11,115 fail2ban.filter         [622]: INFO    Added logfile = /var/log/maillog
2015-06-19 11:18:11,116 fail2ban.filter         [622]: INFO    Set maxRetry = 3
2015-06-19 11:18:11,118 fail2ban.filter         [622]: INFO    Set jail log file encoding to UTF-8
2015-06-19 11:18:11,118 fail2ban.actions        [622]: INFO    Set banTime = 36000
2015-06-19 11:18:11,120 fail2ban.filter         [622]: INFO    Set findtime = 600
2015-06-19 11:18:11,123 fail2ban.server         [622]: INFO    Jail postfix is not a JournalFilter instance
2015-06-19 11:18:11,129 fail2ban.jail           [622]: INFO    Creating new jail 'postfix-sasl'
2015-06-19 11:18:11,130 fail2ban.jail           [622]: INFO    Jail 'postfix-sasl' uses poller
2015-06-19 11:18:11,133 fail2ban.filter         [622]: INFO    Set jail log file encoding to UTF-8
2015-06-19 11:18:11,133 fail2ban.jail           [622]: INFO    Initiated 'polling' backend
2015-06-19 11:18:11,138 fail2ban.filter         [622]: INFO    Added logfile = /var/log/maillog
2015-06-19 11:18:11,139 fail2ban.filter         [622]: INFO    Set maxRetry = 3
2015-06-19 11:18:11,140 fail2ban.filter         [622]: INFO    Set jail log file encoding to UTF-8
2015-06-19 11:18:11,141 fail2ban.actions        [622]: INFO    Set banTime = 36000
2015-06-19 11:18:11,142 fail2ban.filter         [622]: INFO    Set findtime = 600
2015-06-19 11:18:11,143 fail2ban.server         [622]: INFO    Jail postfix-sasl is not a JournalFilter instance
2015-06-19 11:18:11,152 fail2ban.jail           [622]: INFO    Jail 'postfix' started
2015-06-19 11:18:11,159 fail2ban.jail           [622]: INFO    Jail 'postfix-sasl' started
2015-06-19 11:18:11,456 fail2ban.action         [622]: ERROR   ipset create fail2ban-postfix hash:ip timeout 36000
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports smtp,465,submission -m set --match-set fail2ban-postfix src -j REJECT --reject-with icmp-port-unreachable -- stdout: '\x1b[91mFirewallD is not running\x1b[00m\n'
2015-06-19 11:18:11,456 fail2ban.action         [622]: ERROR   ipset create fail2ban-postfix hash:ip timeout 36000
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports smtp,465,submission -m set --match-set fail2ban-postfix src -j REJECT --reject-with icmp-port-unreachable -- stderr: ''
2015-06-19 11:18:11,457 fail2ban.action         [622]: ERROR   ipset create fail2ban-postfix hash:ip timeout 36000
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports smtp,465,submission -m set --match-set fail2ban-postfix src -j REJECT --reject-with icmp-port-unreachable -- returned 252
2015-06-19 11:18:11,457 fail2ban.actions        [622]: ERROR   Failed to start jail 'postfix' action 'firewallcmd-ipset': Error starting action
2015-06-19 11:18:11,663 fail2ban.action         [622]: ERROR   ipset create fail2ban-postfix-sasl hash:ip timeout 36000
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -m set --match-set fail2ban-postfix-sasl src -j REJECT --reject-with icmp-port-unreachable -- stdout: '\x1b[91mFirewallD is not running\x1b[00m\n'
2015-06-19 11:18:11,665 fail2ban.action         [622]: ERROR   ipset create fail2ban-postfix-sasl hash:ip timeout 36000
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -m set --match-set fail2ban-postfix-sasl src -j REJECT --reject-with icmp-port-unreachable -- stderr: ''
2015-06-19 11:18:11,665 fail2ban.action         [622]: ERROR   ipset create fail2ban-postfix-sasl hash:ip timeout 36000
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -m set --match-set fail2ban-postfix-sasl src -j REJECT --reject-with icmp-port-unreachable -- returned 252
2015-06-19 11:18:11,667 fail2ban.actions        [622]: ERROR   Failed to start jail 'postfix-sasl' action 'firewallcmd-ipset': Error starting action
2015-06-19 11:18:11,668 fail2ban.actions        [622]: NOTICE  [postfix-sasl] Ban 113.174.186.131
2015-06-19 11:18:11,789 fail2ban.actions        [622]: NOTICE  [postfix-sasl] Ban 155.133.18.36
2015-06-19 11:18:32,937 fail2ban.filter         [622]: INFO    [postfix-sasl] Found 113.174.186.131
2015-06-19 11:18:32,941 fail2ban.filter         [622]: INFO    [postfix-sasl] Found 113.174.186.131
2015-06-19 11:18:32,945 fail2ban.filter         [622]: INFO    [postfix-sasl] Found 113.174.186.131
2015-06-19 11:18:32,948 fail2ban.filter         [622]: INFO    [postfix-sasl] Found 113.174.186.131
2015-06-19 11:18:33,929 fail2ban.actions        [622]: NOTICE  [postfix-sasl] 113.174.186.131 already banned
2015-06-19 11:19:10,044 fail2ban.filter         [622]: INFO    [postfix-sasl] Found 113.174.186.131



Tengo puesto en el jail.conf:
PHP Formatted Code

# "bantime" is the number of seconds that a host is banned.
bantime  = 36000

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3
 


Alguna idea de porque ha empezado a no banear ip's?? que info necesitáis para que os la ponga aquí?
 
Profile Email Website
 Quote
Contenido generado en: 0.12 segundos New Topic Post Reply
 Todas las horas son CST. Hora actual 06:04 .
Tópico normal Tópico normal
Tópico Pegado Tópico Pegado
Tópico bloqueado Tópico bloqueado
Mensaje Nuevo Mensaje Nuevo
Tópico pegado con nuevo mensaje Tópico pegado con nuevo mensaje
Tópico bloqueado con nuevo mensaje Tópico bloqueado con nuevo mensaje
Ver mensajes anónimos 
Los usuarios anónimos pueden enviar 
Se permite HTML Filtrado 
Contenido censurado