Just in the past two days I’m getting multiple notifications (and seeing the corresponding attempts in the Asterisk log) for Fail2Ban bans.
Shouldn’t the initial ban be lasting longer? I shouldn’t see the bad guy getting to have multiple attempts this close together, right?
Where should I be looking and what should I be looking for?
FreePBX 14.0.3.1
Current Asterisk Version: 13.19.1
No outstanding updates.
I am also seeing this. I have it set to a days-long ban length but a firewall update this past weekend seems to have messed something up with regards to fail2ban ban length.
I can confirm this problem, now i receive every 15 min. emails with blocked ip addresses.
FreePBX 14.0.3.1
Current Asterisk Version: 13.19.1
last update firewall do something wrong.
Can anyone downgrade firewall module and see if it fixes this issue? If so. Please report a bug: issues.freepbx.org
It looks like fail2ban is restarting every 15 minutes. It’s causing me issues as well.
I have reverted back to firewall 13.0.51.1 and still have the issue. Not sure what version it was running prior, and not sure how to go back beyond 13.0.51.1.
I also didn’t have much time to look into, i will tomorrow. I can leave a quick peek at what the logs say. I will need to dig into it further to submit a bug issue. Not sure what the logs should look like.
Blockquote2018-05-07 17:30:02,003 fail2ban.server [12096]: INFO Stopping all jails
2018-05-07 17:30:02,487 fail2ban.actions.action[12096]: ERROR iptables -D INPUT -p tcp -m multiport --dports http -j fail2ban-apache-auth
iptables -F fail2ban-apache-auth
iptables -X fail2ban-apache-auth returned 100
2018-05-07 17:30:02,601 fail2ban.jail [12096]: INFO Jail ‘apache-tcpwrapper’ stopped
2018-05-07 17:30:02,991 fail2ban.actions.action[12096]: ERROR iptables -D INPUT -p all -j fail2ban-recidive
iptables -F fail2ban-recidive
iptables -X fail2ban-recidive returned 100
2018-05-07 17:30:03,603 fail2ban.jail [12096]: INFO Jail ‘recidive’ stopped
2018-05-07 17:30:04,487 fail2ban.actions.action[12096]: ERROR iptables -D INPUT -p all -j fail2ban-SIP
iptables -F fail2ban-SIP
iptables -X fail2ban-SIP returned 100
2018-05-07 17:30:04,605 fail2ban.jail [12096]: INFO Jail ‘pbx-gui’ stopped
2018-05-07 17:30:05,487 fail2ban.actions.action[12096]: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-BadBots
iptables -F fail2ban-BadBots
iptables -X fail2ban-BadBots returned 100
2018-05-07 17:30:05,488 fail2ban.jail [12096]: INFO Jail ‘apache-badbots’ stopped
2018-05-07 17:30:05,996 fail2ban.actions.action[12096]: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100
2018-05-07 17:30:05,997 fail2ban.jail [12096]: INFO Jail ‘ssh-iptables’ stopped
2018-05-07 17:30:06,491 fail2ban.actions.action[12096]: ERROR iptables -D INPUT -p tcp -m multiport --dports ftp -j fail2ban-FTP
iptables -F fail2ban-FTP
iptables -X fail2ban-FTP returned 100
2018-05-07 17:30:06,492 fail2ban.jail [12096]: INFO Jail ‘vsftpd-iptables’ stopped
2018-05-07 17:30:06,493 fail2ban.server [12096]: ERROR Unable to remove PID file: [Errno 2] No such file or directory: ‘/var/run/fail2ban/fail2ban.pid’
2018-05-07 17:30:06,493 fail2ban.server [12096]: INFO Exiting Fail2ban
2018-05-07 17:30:06,703 fail2ban.server [14425]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.14
2018-05-07 17:30:06,704 fail2ban.jail [14425]: INFO Creating new jail ‘recidive’
2018-05-07 17:30:06,705 fail2ban.jail [14425]: INFO Jail ‘recidive’ uses Gamin
2018-05-07 17:30:06,726 fail2ban.jail [14425]: INFO Initiated ‘gamin’ backend
2018-05-07 17:30:06,727 fail2ban.filter [14425]: INFO Added logfile = /var/log/fail2ban.log-20180312
2018-05-07 17:30:06,728 fail2ban.filter [14425]: INFO Added logfile = /var/log/fail2ban.log-20171209
2018-05-07 17:30:06,729 fail2ban.filter [14425]: INFO Added logfile = /var/log/fail2ban.log
2018-05-07 17:30:06,730 fail2ban.filter [14425]: INFO Added logfile = /var/log/fail2ban.log-20171023
2018-05-07 17:30:06,731 fail2ban.filter [14425]: INFO Added logfile = /var/log/fail2ban.log-20180407
2018-05-07 17:30:06,732 fail2ban.filter [14425]: INFO Set maxRetry = 20
2018-05-07 17:30:06,734 fail2ban.filter [14425]: INFO Set findtime = 86400
2018-05-07 17:30:06,735 fail2ban.actions[14425]: INFO Set banTime = 604800
2018-05-07 17:30:06,751 fail2ban.jail [14425]: INFO Creating new jail ‘ssh-iptables’
2018-05-07 17:30:06,751 fail2ban.jail [14425]: INFO Jail ‘ssh-iptables’ uses Gamin
2018-05-07 17:30:06,752 fail2ban.jail [14425]: INFO Initiated ‘gamin’ backend
2018-05-07 17:30:06,753 fail2ban.filter [14425]: INFO Added logfile = /var/log/secure
2018-05-07 17:30:06,754 fail2ban.filter [14425]: INFO Set maxRetry = 3
2018-05-07 17:30:06,756 fail2ban.filter [14425]: INFO Set findtime = 600
2018-05-07 17:30:06,757 fail2ban.actions[14425]: INFO Set banTime = 86400
I am having this same issue, fail2ban is restarting every 15 min.
FreePBX: 14.0.3.1
System firewall version: 13.0.54.3
I submitted a bug report on this. Please feel free to add any additional information…it doesn’t appear to be a crash to me, but that the system is intentionally restarting fail2ban every 15 minutes.
Also having the same issue.
If you are brave, ( but only a tiny bit 
) you could upgrade Fail2ban to the current 0.9.4 stable version, that way the bans are maintained in an sqlite3 database that is persistent over restarts.
Same issue here. When it restarts, it takes 100% cpu for minutes before settling down.
Asterisk 15.4.0
FreePBX 14.0.3.1
I upgraded my modules yesterday and now I’m getting this too.
Every 15 minutes fail2ban restarts.
FreePBX 14.0.3.1
Asterisk 13.19.1
System Firewall 13.0.54.3
System Admin 14.0.13.2
Remember to upvote the ticket (and add more documentation if you have it).
This appears to be fixed in firewall 13.0.55.1 for me
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
