Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify fail2ban setup on U24 #481

Closed
laeti-tia opened this issue Jun 18, 2024 · 1 comment
Closed

Verify fail2ban setup on U24 #481

laeti-tia opened this issue Jun 18, 2024 · 1 comment
Assignees
@laeti-tia
Labels
debian

Comments

@laeti-tia
Copy link
Member

It seems the fail2ban setup we have is not being activated for Ubuntu 24. jail.local is not copied to the /etc/fail2ban/. We also have the following warnings showing up at installation time:

Setting up fail2ban (1.0.2-3) ...
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:224: SyntaxWarning: invalid escape sequence '\s'
  "1490349000 test failed.dns.ch", "^\s*test <F-ID>\S+</F-ID>"
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:435: SyntaxWarning: invalid escape sequence '\S'
  '^'+prefix+'<F-ID>User <F-USER>\S+</F-USER></F-ID> not allowed\n'
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:443: SyntaxWarning: invalid escape sequence '\S'
  '^'+prefix+'User <F-USER>\S+</F-USER> not allowed\n'
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:444: SyntaxWarning: invalid escape sequence '\d'
  '^'+prefix+'Received disconnect from <F-ID><ADDR> port \d+</F-ID>'
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:451: SyntaxWarning: invalid escape sequence '\s'
  _test_variants('common', prefix="\s*\S+ sshd\[<F-MLFID>\d+</F-MLFID>\]:\s+")
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:537: SyntaxWarning: invalid escape sequence '\['
  'common[prefregex="^svc\[<F-MLFID>\d+</F-MLFID>\] connect <F-CONTENT>.+</F-CONTENT>$"'
/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py:1375: SyntaxWarning: invalid escape sequence '\s'
  "`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-w-nft-mp\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`",
/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py:1378: SyntaxWarning: invalid escape sequence '\s'
  "`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-w-nft-mp\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`",
/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py:1421: SyntaxWarning: invalid escape sequence '\s'
  "`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-w-nft-ap\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`",
/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py:1424: SyntaxWarning: invalid escape sequence '\s'
  "`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-w-nft-ap\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`",
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /usr/lib/systemd/system/fail2ban.service.

and this when trying to startup the service:

2024-06-18T16:28:32.591580+00:00 psu24 systemd[1]: Started fail2ban.service - Fail2Ban Service.
2024-06-18T16:28:32.724886+00:00 psu24 fail2ban-server[21860]: 2024-06-18 16:28:32,723 fail2ban.configreader   [21860]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
2024-06-18T16:28:32.745787+00:00 psu24 fail2ban-server[21860]: 2024-06-18 16:28:32,745 fail2ban                [21860]: ERROR   No module named 'asynchat'
2024-06-18T16:28:32.768414+00:00 psu24 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
@laeti-tia laeti-tia self-assigned this Jun 18, 2024
@github-project-automation github-project-automation bot moved this to Ready in perfSONAR Jun 18, 2024
@laeti-tia laeti-tia moved this from Ready to In Progress in perfSONAR Sep 25, 2024
@laeti-tia
Copy link
Member Author

A new installation on U24 keeps the same warning messages as above but seems to be good wrt service status:

laeti@psu24:)~-⚧ sudo systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
     Active: active (running) since Wed 2024-09-25 16:10:00 UTC; 4min 13s ago
       Docs: man:fail2ban(1)
   Main PID: 25251 (fail2ban-server)
      Tasks: 5 (limit: 28832)
     Memory: 18.7M (peak: 19.2M)
        CPU: 753ms
     CGroup: /system.slice/fail2ban.service
             └─25251 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Sep 25 16:10:00 psu24 systemd[1]: Started fail2ban.service - Fail2Ban Service.
Sep 25 16:10:00 psu24 fail2ban-server[25251]: 2024-09-25 16:10:00,775 fail2ban.configreader   [25251]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Sep 25 16:10:01 psu24 fail2ban-server[25251]: Server ready
laeti@psu24:)~-⚧ sudo fail2ban-client status
Status
|- Number of jail:	1
`- Jail list:	sshd
laeti@psu24:)~-⚧ sudo fail2ban-client set sshd banip 172.17.0.2 127.0.0.1
2
laeti@psu24:)~-⚧ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	0
|  `- Journal matches:	_SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned:	2
   |- Total banned:	2
   `- Banned IP list:	172.17.0.2 127.0.0.1

@github-project-automation github-project-automation bot moved this from In Progress to Done in perfSONAR Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@laeti-tia laeti-tia

Labels
debian
Projects
perfSONAR
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@laeti-tia