fail2ban & iptables

Операционки на базе Unix
Ответить
blackdog
Злой чайник
Злой чайник
Сообщения: 111
Зарегистрирован: 07 мар 2014, 18:23
ОС: MSDOS

fail2ban & iptables

Сообщение blackdog » 01 дек 2015, 20:45

Дошли руки до f2b.
Поставил ястом,поковырял и удалил ненужное из jail.local,
но вот лог f2b меня не радует
Имею такое
[spoiler-f2b-log]2015-12-01 20:34:48,500 fail2ban.server [14973]: INFO Exiting Fail2ban
2015-12-01 20:34:48,652 fail2ban.server [15540]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.3
2015-12-01 20:34:48,653 fail2ban.database [15540]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2015-12-01 20:34:48,758 fail2ban.jail [15540]: INFO Creating new jail 'apache-auth'
2015-12-01 20:34:48,780 fail2ban.jail [15540]: INFO Jail 'apache-auth' uses pyinotify
2015-12-01 20:34:48,791 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:48,796 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:49,041 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:49,166 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:49,167 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:49,167 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:49,167 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:49,185 fail2ban.jail [15540]: INFO Creating new jail 'apache-badbots'
2015-12-01 20:34:49,185 fail2ban.jail [15540]: INFO Jail 'apache-badbots' uses pyinotify
2015-12-01 20:34:49,186 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:49,192 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:49,507 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/access_log
2015-12-01 20:34:49,624 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:49,624 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:49,625 fail2ban.actions [15540]: INFO Set banTime = 172800
2015-12-01 20:34:49,625 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:49,635 fail2ban.jail [15540]: INFO Creating new jail 'apache-noscript'
2015-12-01 20:34:49,635 fail2ban.jail [15540]: INFO Jail 'apache-noscript' uses pyinotify
2015-12-01 20:34:49,636 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:49,640 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:49,906 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:50,015 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:50,016 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,016 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:50,016 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:50,021 fail2ban.jail [15540]: INFO Creating new jail 'apache-overflows'
2015-12-01 20:34:50,021 fail2ban.jail [15540]: INFO Jail 'apache-overflows' uses pyinotify
2015-12-01 20:34:50,022 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,026 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:50,265 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:50,365 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:50,365 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,365 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:50,366 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:50,371 fail2ban.jail [15540]: INFO Creating new jail 'apache-nohome'
2015-12-01 20:34:50,371 fail2ban.jail [15540]: INFO Jail 'apache-nohome' uses pyinotify
2015-12-01 20:34:50,371 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,376 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:50,614 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:50,723 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:50,723 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,723 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:50,724 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:50,728 fail2ban.jail [15540]: INFO Creating new jail 'apache-botsearch'
2015-12-01 20:34:50,728 fail2ban.jail [15540]: INFO Jail 'apache-botsearch' uses pyinotify
2015-12-01 20:34:50,729 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,733 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:50,972 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:51,089 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:51,090 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,090 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:51,092 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:51,100 fail2ban.jail [15540]: INFO Creating new jail 'apache-fakegooglebot'
2015-12-01 20:34:51,100 fail2ban.jail [15540]: INFO Jail 'apache-fakegooglebot' uses pyinotify
2015-12-01 20:34:51,100 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,105 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:51,363 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/access_log
2015-12-01 20:34:51,481 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:51,481 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,482 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:51,482 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:51,487 fail2ban.jail [15540]: INFO Creating new jail 'apache-modsecurity'
2015-12-01 20:34:51,487 fail2ban.jail [15540]: INFO Jail 'apache-modsecurity' uses pyinotify
2015-12-01 20:34:51,488 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,494 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:51,746 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:51,872 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:51,872 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,872 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:51,873 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:51,881 fail2ban.jail [15540]: INFO Creating new jail 'apache-shellshock'
2015-12-01 20:34:51,881 fail2ban.jail [15540]: INFO Jail 'apache-shellshock' uses pyinotify
2015-12-01 20:34:51,881 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,886 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:52,146 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:52,254 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:52,255 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:52,255 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:52,256 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:52,261 fail2ban.jail [15540]: INFO Creating new jail 'php-url-fopen'
2015-12-01 20:34:52,261 fail2ban.jail [15540]: INFO Jail 'php-url-fopen' uses pyinotify
2015-12-01 20:34:52,262 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:52,266 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:52,529 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/access_log
2015-12-01 20:34:52,646 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:52,646 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:52,647 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:52,647 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:52,653 fail2ban.jail [15540]: INFO Creating new jail 'squid'
2015-12-01 20:34:52,653 fail2ban.jail [15540]: INFO Jail 'squid' uses pyinotify
2015-12-01 20:34:52,654 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:52,660 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:52,920 fail2ban.filter [15540]: INFO Added logfile = /var/log/squid/access.log
2015-12-01 20:34:53,037 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:53,038 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,038 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:53,038 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:53,042 fail2ban.jail [15540]: INFO Creating new jail 'proftpd'
2015-12-01 20:34:53,042 fail2ban.jail [15540]: INFO Jail 'proftpd' uses pyinotify
2015-12-01 20:34:53,043 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,048 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:53,311 fail2ban.filter [15540]: INFO Added logfile = /var/log/messages
2015-12-01 20:34:53,412 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:53,412 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,412 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:53,413 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:53,423 fail2ban.jail [15540]: INFO Creating new jail 'exim'
2015-12-01 20:34:53,423 fail2ban.jail [15540]: INFO Jail 'exim' uses pyinotify
2015-12-01 20:34:53,423 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,428 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:53,694 fail2ban.filter [15540]: INFO Added logfile = /var/log/exim/main.log
2015-12-01 20:34:53,778 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:53,778 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,779 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:53,779 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:53,787 fail2ban.jail [15540]: INFO Creating new jail 'exim-spam'
2015-12-01 20:34:53,788 fail2ban.jail [15540]: INFO Jail 'exim-spam' uses pyinotify
2015-12-01 20:34:53,788 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,794 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:54,077 fail2ban.filter [15540]: INFO Added logfile = /var/log/exim/main.log
2015-12-01 20:34:54,186 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:54,186 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,187 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:54,187 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:54,199 fail2ban.jail [15540]: INFO Creating new jail 'recidive'
2015-12-01 20:34:54,199 fail2ban.jail [15540]: INFO Jail 'recidive' uses pyinotify
2015-12-01 20:34:54,200 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,204 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:54,452 fail2ban.filter [15540]: INFO Added logfile = /var/log/fail2ban.log
2015-12-01 20:34:54,594 fail2ban.filter [15540]: INFO Set maxRetry = 5
2015-12-01 20:34:54,594 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,594 fail2ban.actions [15540]: INFO Set banTime = 604800
2015-12-01 20:34:54,595 fail2ban.filter [15540]: INFO Set findtime = 86400
2015-12-01 20:34:54,597 fail2ban.server [15540]: INFO Jail recidive is not a JournalFilter instance
2015-12-01 20:34:54,600 fail2ban.jail [15540]: INFO Creating new jail 'pam-generic'
2015-12-01 20:34:54,600 fail2ban.jail [15540]: INFO Jail 'pam-generic' uses pyinotify
2015-12-01 20:34:54,601 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,605 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:54,868 fail2ban.filter [15540]: INFO Added logfile = /var/log/messages
2015-12-01 20:34:54,977 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:54,977 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,977 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:54,978 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:54,986 fail2ban.jail [15540]: INFO Creating new jail 'xinetd-fail'
2015-12-01 20:34:54,986 fail2ban.jail [15540]: INFO Jail 'xinetd-fail' uses pyinotify
2015-12-01 20:34:54,987 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,992 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:55,351 fail2ban.filter [15540]: INFO Added logfile = /var/log/messages
2015-12-01 20:34:55,485 fail2ban.filter [15540]: INFO Set maxRetry = 2
2015-12-01 20:34:55,485 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:55,485 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:55,486 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:55,493 fail2ban.jail [15540]: INFO Jail 'apache-auth' started
2015-12-01 20:34:55,496 fail2ban.jail [15540]: INFO Jail 'apache-badbots' started
2015-12-01 20:34:55,499 fail2ban.jail [15540]: INFO Jail 'apache-noscript' started
2015-12-01 20:34:55,501 fail2ban.jail [15540]: INFO Jail 'apache-overflows' started
2015-12-01 20:34:55,502 fail2ban.jail [15540]: INFO Jail 'apache-nohome' started
2015-12-01 20:34:55,505 fail2ban.jail [15540]: INFO Jail 'apache-botsearch' started
2015-12-01 20:34:55,506 fail2ban.jail [15540]: INFO Jail 'apache-fakegooglebot' started
2015-12-01 20:34:55,507 fail2ban.jail [15540]: INFO Jail 'apache-modsecurity' started
2015-12-01 20:34:55,508 fail2ban.jail [15540]: INFO Jail 'apache-shellshock' started
2015-12-01 20:34:55,509 fail2ban.jail [15540]: INFO Jail 'php-url-fopen' started
2015-12-01 20:34:55,510 fail2ban.jail [15540]: INFO Jail 'squid' started
2015-12-01 20:34:55,511 fail2ban.jail [15540]: INFO Jail 'proftpd' started
2015-12-01 20:34:55,512 fail2ban.jail [15540]: INFO Jail 'exim' started
2015-12-01 20:34:55,513 fail2ban.jail [15540]: INFO Jail 'exim-spam' started
2015-12-01 20:34:55,513 fail2ban.jail [15540]: INFO Jail 'recidive' started
2015-12-01 20:34:55,517 fail2ban.jail [15540]: INFO Jail 'pam-generic' started
2015-12-01 20:34:55,521 fail2ban.jail [15540]: INFO Jail 'xinetd-fail' started
2015-12-01 20:34:55,600 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-authiptables -w -A f2b-apache-auth -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-auth -- stdout: ''
2015-12-01 20:34:55,600 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-auth
iptables -w -A f2b-apache-auth -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-auth -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:55,601 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-auth
iptables -w -A f2b-apache-auth -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-auth -- returned 2
2015-12-01 20:34:55,602 fail2ban.actions [15540]: ERROR Failed to start jail 'apache-auth' action 'iptables-multiport': Error starting action
2015-12-01 20:34:55,705 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-badbots
iptables -w -A f2b-apache-badbots -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-badbots -- stdout: ''
2015-12-01 20:34:55,705 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-badbots
iptables -w -A f2b-apache-badbots -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-badbots -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:55,705 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-badbots
iptables -w -A f2b-apache-badbots -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-badbots -- returned 2
2015-12-01 20:34:55,705 fail2ban.actions [15540]: ERROR Failed to start jail 'apache-badbots' action 'iptables-multiport': Error starting action
2015-12-01 20:34:55,810 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-noscript
iptables -w -A f2b-apache-noscript -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-noscript -- stdout: ''
2015-12-01 20:34:55,810 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-noscript
iptables -w -A f2b-apache-noscript -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-noscript -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:55,810 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-noscript
iptables -w -A f2b-apache-noscript -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-noscript -- returned 2
2015-12-01 20:34:55,810 fail2ban.actions [15540]: ERROR Failed to start jail 'apache-noscript' action 'iptables-multiport': Error starting action
2015-12-01 20:34:55,812 fail2ban.actions [15540]: NOTICE [apache-noscript] Ban 62.210.88.201
2015-12-01 20:34:55,827 fail2ban.filter [15540]: INFO [recidive] Found 62.210.88.201
2015-12-01 20:34:55,914 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-overflows
iptables -w -A f2b-apache-overflows -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-overflows -- stdout: ''
2015-12-01 20:34:55,914 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-overflows
iptables -w -A f2b-apache-overflows -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-overflows -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:55,915 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-overflows
iptables -w -A f2b-apache-overflows -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-overflows -- returned 2
2015-12-01 20:34:55,915 fail2ban.actions [15540]: ERROR Failed to start jail 'apache-overflows' action 'iptables-multiport': Error starting action
2015-12-01 20:34:56,019 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-nohome
iptables -w -A f2b-apache-nohome -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-nohome -- stdout: ''
2015-12-01 20:34:56,019 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-nohome
iptables -w -A f2b-apache-nohome -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-nohome -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:56,019 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-nohome
iptables -w -A f2b-apache-nohome -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-nohome -- returned 2
2015-12-01 20:34:56,019 fail2ban.actions [15540]: ERROR Failed to start jail 'apache-nohome' action 'iptables-multiport': Error starting action
2015-12-01 20:34:56,123 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-botsearch
iptables -w -A f2b-apache-botsearch -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-botsearch -- stdout: ''
2015-12-01 20:34:56,123 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-botsearch
iptables -w -A f2b-apache-botsearch -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-botsearch -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:56,124 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-botsearch
iptables -w -A f2b-apache-botsearch -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-botsearch -- returned 2
2015-12-01 20:34:56,124 fail2ban.actions [15540]: ERROR Failed to start jail 'apache-botsearch' action 'iptables-multiport': Error starting action
2015-12-01 20:34:56,228 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-fakegooglebot
iptables -w -A f2b-apache-fakegooglebot -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-fakegooglebot -- stdout: ''
2015-12-01 20:34:56,228 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-fakegooglebot
iptables -w -A f2b-apache-fakegooglebot -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-fakegooglebot -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:56,229 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-fakegooglebot
iptables -w -A f2b-apache-fakegooglebot -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-fakegooglebot -- returned 2
2015-12-01 20:34:56,230 fail2ban.actions [15540]: ERROR Failed to start jail 'apache-fakegooglebot' action 'iptables-multiport': Error starting action
2015-12-01 20:34:56,332 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-modsecurity
iptables -w -A f2b-apache-modsecurity -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-modsecurity -- stdout: ''
2015-12-01 20:34:56,332 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-modsecurity
iptables -w -A f2b-apache-modsecurity -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-modsecurity -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:56,333 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-modsecurity
iptables -w -A f2b-apache-modsecurity -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-modsecurity -- returned 2
2015-12-01 20:34:56,334 fail2ban.actions [15540]: ERROR Failed to start jail 'apache-modsecurity' action 'iptables-multiport': Error starting action
2015-12-01 20:34:56,436 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-shellshock
iptables -w -A f2b-apache-shellshock -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-shellshock -- stdout: ''2015-12-01 20:34:48,500 fail2ban.server [14973]: INFO Exiting Fail2ban
2015-12-01 20:34:48,652 fail2ban.server [15540]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.3
2015-12-01 20:34:48,653 fail2ban.database [15540]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2015-12-01 20:34:48,758 fail2ban.jail [15540]: INFO Creating new jail 'apache-auth'
2015-12-01 20:34:48,780 fail2ban.jail [15540]: INFO Jail 'apache-auth' uses pyinotify
2015-12-01 20:34:48,791 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:48,796 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:49,041 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:49,166 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:49,167 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:49,167 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:49,167 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:49,185 fail2ban.jail [15540]: INFO Creating new jail 'apache-badbots'
2015-12-01 20:34:49,185 fail2ban.jail [15540]: INFO Jail 'apache-badbots' uses pyinotify
2015-12-01 20:34:49,186 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:49,192 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:49,507 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/access_log
2015-12-01 20:34:49,624 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:49,624 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:49,625 fail2ban.actions [15540]: INFO Set banTime = 172800
2015-12-01 20:34:49,625 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:49,635 fail2ban.jail [15540]: INFO Creating new jail 'apache-noscript'
2015-12-01 20:34:49,635 fail2ban.jail [15540]: INFO Jail 'apache-noscript' uses pyinotify
2015-12-01 20:34:49,636 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:49,640 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:49,906 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:50,015 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:50,016 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,016 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:50,016 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:50,021 fail2ban.jail [15540]: INFO Creating new jail 'apache-overflows'
2015-12-01 20:34:50,021 fail2ban.jail [15540]: INFO Jail 'apache-overflows' uses pyinotify
2015-12-01 20:34:50,022 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,026 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:50,265 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:50,365 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:50,365 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,365 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:50,366 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:50,371 fail2ban.jail [15540]: INFO Creating new jail 'apache-nohome'
2015-12-01 20:34:50,371 fail2ban.jail [15540]: INFO Jail 'apache-nohome' uses pyinotify
2015-12-01 20:34:50,371 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,376 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:50,614 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:50,723 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:50,723 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,723 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:50,724 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:50,728 fail2ban.jail [15540]: INFO Creating new jail 'apache-botsearch'
2015-12-01 20:34:50,728 fail2ban.jail [15540]: INFO Jail 'apache-botsearch' uses pyinotify
2015-12-01 20:34:50,729 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:50,733 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:50,972 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:51,089 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:51,090 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,090 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:51,092 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:51,100 fail2ban.jail [15540]: INFO Creating new jail 'apache-fakegooglebot'
2015-12-01 20:34:51,100 fail2ban.jail [15540]: INFO Jail 'apache-fakegooglebot' uses pyinotify
2015-12-01 20:34:51,100 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,105 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:51,363 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/access_log
2015-12-01 20:34:51,481 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:51,481 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,482 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:51,482 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:51,487 fail2ban.jail [15540]: INFO Creating new jail 'apache-modsecurity'
2015-12-01 20:34:51,487 fail2ban.jail [15540]: INFO Jail 'apache-modsecurity' uses pyinotify
2015-12-01 20:34:51,488 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,494 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:51,746 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:51,872 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:51,872 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,872 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:51,873 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:51,881 fail2ban.jail [15540]: INFO Creating new jail 'apache-shellshock'
2015-12-01 20:34:51,881 fail2ban.jail [15540]: INFO Jail 'apache-shellshock' uses pyinotify
2015-12-01 20:34:51,881 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:51,886 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:52,146 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/error_log
2015-12-01 20:34:52,254 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:52,255 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:52,255 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:52,256 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:52,261 fail2ban.jail [15540]: INFO Creating new jail 'php-url-fopen'
2015-12-01 20:34:52,261 fail2ban.jail [15540]: INFO Jail 'php-url-fopen' uses pyinotify
2015-12-01 20:34:52,262 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:52,266 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:52,529 fail2ban.filter [15540]: INFO Added logfile = /var/log/apache2/access_log
2015-12-01 20:34:52,646 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:52,646 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:52,647 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:52,647 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:52,653 fail2ban.jail [15540]: INFO Creating new jail 'squid'
2015-12-01 20:34:52,653 fail2ban.jail [15540]: INFO Jail 'squid' uses pyinotify
2015-12-01 20:34:52,654 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:52,660 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:52,920 fail2ban.filter [15540]: INFO Added logfile = /var/log/squid/access.log
2015-12-01 20:34:53,037 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:53,038 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,038 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:53,038 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:53,042 fail2ban.jail [15540]: INFO Creating new jail 'proftpd'
2015-12-01 20:34:53,042 fail2ban.jail [15540]: INFO Jail 'proftpd' uses pyinotify
2015-12-01 20:34:53,043 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,048 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:53,311 fail2ban.filter [15540]: INFO Added logfile = /var/log/messages
2015-12-01 20:34:53,412 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:53,412 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,412 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:53,413 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:53,423 fail2ban.jail [15540]: INFO Creating new jail 'exim'
2015-12-01 20:34:53,423 fail2ban.jail [15540]: INFO Jail 'exim' uses pyinotify
2015-12-01 20:34:53,423 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,428 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:53,694 fail2ban.filter [15540]: INFO Added logfile = /var/log/exim/main.log
2015-12-01 20:34:53,778 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:53,778 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,779 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:53,779 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:53,787 fail2ban.jail [15540]: INFO Creating new jail 'exim-spam'
2015-12-01 20:34:53,788 fail2ban.jail [15540]: INFO Jail 'exim-spam' uses pyinotify
2015-12-01 20:34:53,788 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:53,794 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:54,077 fail2ban.filter [15540]: INFO Added logfile = /var/log/exim/main.log
2015-12-01 20:34:54,186 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:54,186 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,187 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:54,187 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:54,199 fail2ban.jail [15540]: INFO Creating new jail 'recidive'
2015-12-01 20:34:54,199 fail2ban.jail [15540]: INFO Jail 'recidive' uses pyinotify
2015-12-01 20:34:54,200 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,204 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:54,452 fail2ban.filter [15540]: INFO Added logfile = /var/log/fail2ban.log
2015-12-01 20:34:54,594 fail2ban.filter [15540]: INFO Set maxRetry = 5
2015-12-01 20:34:54,594 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,594 fail2ban.actions [15540]: INFO Set banTime = 604800
2015-12-01 20:34:54,595 fail2ban.filter [15540]: INFO Set findtime = 86400
2015-12-01 20:34:54,597 fail2ban.server [15540]: INFO Jail recidive is not a JournalFilter instance
2015-12-01 20:34:54,600 fail2ban.jail [15540]: INFO Creating new jail 'pam-generic'
2015-12-01 20:34:54,600 fail2ban.jail [15540]: INFO Jail 'pam-generic' uses pyinotify
2015-12-01 20:34:54,601 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,605 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:54,868 fail2ban.filter [15540]: INFO Added logfile = /var/log/messages
2015-12-01 20:34:54,977 fail2ban.filter [15540]: INFO Set maxRetry = 1
2015-12-01 20:34:54,977 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,977 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:54,978 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:54,986 fail2ban.jail [15540]: INFO Creating new jail 'xinetd-fail'
2015-12-01 20:34:54,986 fail2ban.jail [15540]: INFO Jail 'xinetd-fail' uses pyinotify
2015-12-01 20:34:54,987 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:54,992 fail2ban.jail [15540]: INFO Initiated 'pyinotify' backend
2015-12-01 20:34:55,351 fail2ban.filter [15540]: INFO Added logfile = /var/log/messages
2015-12-01 20:34:55,485 fail2ban.filter [15540]: INFO Set maxRetry = 2
2015-12-01 20:34:55,485 fail2ban.filter [15540]: INFO Set jail log file encoding to UTF-8
2015-12-01 20:34:55,485 fail2ban.actions [15540]: INFO Set banTime = 4294967
2015-12-01 20:34:55,486 fail2ban.filter [15540]: INFO Set findtime = 6000
2015-12-01 20:34:55,493 fail2ban.jail [15540]: INFO Jail 'apache-auth' started
2015-12-01 20:34:55,496 fail2ban.jail [15540]: INFO Jail 'apache-badbots' started
2015-12-01 20:34:55,499 fail2ban.jail [15540]: INFO Jail 'apache-noscript' started
2015-12-01 20:34:55,501 fail2ban.jail [15540]: INFO Jail 'apache-overflows' started
2015-12-01 20:34:55,502 fail2ban.jail [15540]: INFO Jail 'apache-nohome' started
2015-12-01 20:34:55,505 fail2ban.jail [15540]: INFO Jail 'apache-botsearch' started
2015-12-01 20:34:55,506 fail2ban.jail [15540]: INFO Jail 'apache-fakegooglebot' started
2015-12-01 20:34:55,507 fail2ban.jail [15540]: INFO Jail 'apache-modsecurity' started
2015-12-01 20:34:55,508 fail2ban.jail [15540]: INFO Jail 'apache-shellshock' started
2015-12-01 20:34:55,509 fail2ban.jail [15540]: INFO Jail 'php-url-fopen' started
2015-12-01 20:34:55,510 fail2ban.jail [15540]: INFO Jail 'squid' started
2015-12-01 20:34:55,511 fail2ban.jail [15540]: INFO Jail 'proftpd' started
2015-12-01 20:34:55,512 fail2ban.jail [15540]: INFO Jail 'exim' started
2015-12-01 20:34:55,513 fail2ban.jail [15540]: INFO Jail 'exim-spam' started
2015-12-01 20:34:55,513 fail2ban.jail [15540]: INFO Jail 'recidive' started
2015-12-01 20:34:55,517 fail2ban.jail [15540]: INFO Jail 'pam-generic' started
2015-12-01 20:34:55,521 fail2ban.jail [15540]: INFO Jail 'xinetd-fail' started
2015-12-01 20:34:55,600 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-auth
2015-12-01 20:34:56,437 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-shellshock
iptables -w -A f2b-apache-shellshock -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-shellshock -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:56,437 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-shellshock
iptables -w -A f2b-apache-shellshock -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-shellshock -- returned 2
2015-12-01 20:34:56,438 fail2ban.actions [15540]: ERROR Failed to start jail 'apache-shellshock' action 'iptables-multiport': Error starting action
2015-12-01 20:34:56,541 fail2ban.action [15540]: ERROR iptables -w -N f2b-php-url-fopen
iptables -w -A f2b-php-url-fopen -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-php-url-fopen -- stdout: ''
2015-12-01 20:34:56,541 fail2ban.action [15540]: ERROR iptables -w -N f2b-php-url-fopen
iptables -w -A f2b-php-url-fopen -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-php-url-fopen -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:56,542 fail2ban.action [15540]: ERROR iptables -w -N f2b-php-url-fopen
iptables -w -A f2b-php-url-fopen -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-php-url-fopen -- returned 2
2015-12-01 20:34:56,543 fail2ban.actions [15540]: ERROR Failed to start jail 'php-url-fopen' action 'iptables-multiport': Error starting action
2015-12-01 20:34:57,379 fail2ban.action [15540]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-apache-noscript[ \t]' -- stdout: ''
2015-12-01 20:34:57,380 fail2ban.action [15540]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-apache-noscript[ \t]' -- stderr: ''
2015-12-01 20:34:57,380 fail2ban.action [15540]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-apache-noscript[ \t]' -- returned 1
2015-12-01 20:34:57,380 fail2ban.CommandAction [15540]: ERROR Invariant check failed. Trying to restore a sane environment
2015-12-01 20:34:57,591 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-noscript
iptables -w -A f2b-apache-noscript -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-noscript -- stdout: ''
2015-12-01 20:34:57,591 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-noscript
iptables -w -A f2b-apache-noscript -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-noscript -- stderr: "iptables v1.4.21: invalid port/service `bin' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
2015-12-01 20:34:57,591 fail2ban.action [15540]: ERROR iptables -w -N f2b-apache-noscript
iptables -w -A f2b-apache-noscript -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports * -j f2b-apache-noscript -- returned 2
2015-12-01 20:34:57,591 fail2ban.actions [15540]: ERROR Failed to execute ban jail 'apache-noscript' action 'iptables-multiport' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f3a22524500>, 'matches': "[Mon Nov 30 19:54:42.781677 2015] [php5:error] [pid 5974] [client 62.210.88.201:35340] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Mon Nov 30 19:54:42.781677 2015] [php5:error] [pid 5974] [client 62.210.88.201:35340] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Mon Nov 30 21:11:35.852909 2015] [php5:error] [pid 19554] [client 62.210.88.201:33212] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Mon Nov 30 21:11:35.852909 2015] [php5:error] [pid 19554] [client 62.210.88.201:33212] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Mon Nov 30 23:49:25.663490 2015] [php5:error] [pid 13336] [client 62.210.88.201:44298] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Mon Nov 30 23:54:36.204830 2015] [php5:error] [pid 3235] [client 62.210.88.201:39719] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 04:10:16.685884 2015] [php5:error] [pid 3241] [client 62.210.88.201:38345] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 04:47:24.450733 2015] [php5:error] [pid 4923] [client 62.210.88.201:40271] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 05:39:02.426904 2015] [php5:error] [pid 3235] [client 62.210.88.201:37245] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 05:45:03.126568 2015] [php5:error] [pid 3241] [client 62.210.88.201:47090] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 06:24:24.748911 2015] [php5:error] [pid 3239] [client 62.210.88.201:46728] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 11:03:01.857647 2015] [php5:error] [pid 3235] [client 62.210.88.201:34740] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 11:35:50.372975 2015] [php5:error] [pid 3237] [client 62.210.88.201:32801] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 14:28:49.392324 2015] [php5:error] [pid 3235] [client 62.210.88.201:40067] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 15:38:02.026822 2015] [php5:error] [pid 4923] [client 62.210.88.201:60774] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 18:51:37.307187 2015] [php5:error] [pid 4923] [client 62.210.88.201:58441] script '/srv/www/htdocs/httptest.php' not found or unable to stat\n[Tue Dec 01 18:51:37.307187 2015] [php5:error] [pid 4923] [client 62.210.88.201:58441] script '/srv/www/htdocs/httptest.php' not found or unable to stat", 'ip': '62.210.88.201', 'ipmatches': <function <lambda> at 0x7f3a22524488>, 'ipfailures': <function <lambda> at 0x7f3a22524578>, 'time': 1448980495.811907, 'failures': 17, 'ipjailfailures': <function <lambda> at 0x7f3a225245f0>})': Error starting action[/spoiler]
Сам jail.conf
[spoiler-jail.conf]#
# WARNING: heavily refactored in 0.9.0 release. Please review and
# customize settings for your setup.
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in jail.local file,
# or separate .conf files under jail.d/ directory, e.g.:
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwritten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]
# bantime = 3600
#
# [sshd]
# enabled = true
#
# See jail.conf(5) man page for more information



# Comments: use '#' for comment lines and ';' (following a space) for inline comments


[INCLUDES]

#before = paths-distro.conf
before = paths-opensuse.conf

# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.

[DEFAULT]

#
# MISCELLANEOUS OPTIONS
#

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8

# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =

# "bantime" is the number of seconds that a host is banned.
bantime = 4294967

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 6000
# "maxretry" is the number of failures before a host get banned.
maxretry = 1

# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
# If pyinotify is not installed, Fail2ban will use auto.
# gamin: requires Gamin (a file alteration monitor) to be installed.
# If Gamin is not installed, Fail2ban will use auto.
# polling: uses a polling algorithm which does not require external libraries.
# systemd: uses systemd python library to access the systemd journal.
# Specifying "logpath" is not valid for this backend.
# See "journalmatch" in the jails associated filter config
# auto: will try to use the following backends, in order:
# pyinotify, gamin, polling.
#
# Note: if systemd backend is choses as the default but you enable a jail
# for which logs are present only in its own log files, specify some other
# backend for that jail (e.g. polling) and provide empty value for
# journalmatch. See https://github.com/fail2ban/fail2ban/is ... t-74901200
backend = auto

# "usedns" specifies if jails should trust hostnames in logs,
# warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes: if a hostname is encountered, a DNS lookup will be performed.
# warn: if a hostname is encountered, a DNS lookup will be performed,
# but it will be logged as a warning.
# no: if a hostname is encountered, will not be used for banning,
# but it will be logged as info.
usedns = warn

# "logencoding" specifies the encoding of the log files handled by the jail
# This is used to decode the lines from the log file.
# Typical examples: "ascii", "utf-8"
#
# auto: will use the system locale setting
logencoding = auto

# "enabled" enables the jails.
# By default all jails are disabled, and it should stay this way.
# Enable only relevant to your setup jails in your .local or jail.d/*.conf
#
# true: jail will be enabled and log files will get monitored for changes
# false: jail is not enabled
enabled = true


# "filter" defines the filter to use by the jail.
# By default jails have names matching their filter name
#
filter = %(__name__)s


#
# ACTIONS
#

# Some options used for actions

# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = root@localhost

# Sender email address used solely for some actions
sender = root@localhost

# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
# mailing. Change mta configuration parameter to mail if you want to
# revert to conventional 'mail'.
mta = sendmail

# Default protocol
protocol = tcp

# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT

# Ports to be banned
# Usually should be overridden in a particular jail
port = 0:65535

#
# Action shortcuts. To be used to define action parameter

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
#banaction = iptables
banaction = iptables-multiport
#banaction = firewallcmd-ipset
#banaction = hostsdeny[file=/etc/hosts.deny]
# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
#
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
# to the destemail.
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]

# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
# to the destemail.
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

# Report block via blocklist.de fail2ban reporting service API
#
# See the IMPORTANT note in action.d/blocklist_de.conf for when to
# use this action. Create a file jail.d/blocklist_de.local containing
# [Init]
# blocklist_de_apikey = {api key from registration]
#
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]

# Report ban via badips.com, and use as blacklist
#
# See BadIPsAction docstring in config/action.d/badips.py for
# documentation for this action.
#
# NOTE: This action relies on banaction being present on start and therefore
# should be last action defined for a jail.
#
action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"]

# Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e4294967.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s


#
# JAILS
#

#
# SSH servers
#

#[sshd]

#port = ssh
#logpath = %(sshd_log)s


#[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
port = ssh
#logpath = %(sshd_log)s






#
# HTTP servers
#

[apache-auth]

port = *
logpath = %(apache_error_log)s


[apache-badbots]
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
port = *
logpath = %(apache_access_log)s
bantime = 172800
maxretry = 1


[apache-noscript]

port = *
logpath = %(apache_error_log)s
maxretry = 1


[apache-overflows]

port = *
logpath = %(apache_error_log)s
maxretry = 1


[apache-nohome]

port = *
logpath = %(apache_error_log)s
maxretry = 1


[apache-botsearch]

port = *
logpath = %(apache_error_log)s
maxretry = 1


[apache-fakegooglebot]

port = *
logpath = %(apache_access_log)s
maxretry = 1
ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>


[apache-modsecurity]

port = *
logpath = %(apache_error_log)s
maxretry = 1

[apache-shellshock]

port = *
logpath = %(apache_error_log)s
maxretry = 1


# Ban attackers that try to use PHP's URL-fopen() functionality
# through GET/POST variables. - Experimental, with more than a year
# of usage in production environments.

[php-url-fopen]

port = *
logpath = %(apache_access_log)s



[squid]

port = 80,443,3128,8080
logpath = /var/log/squid/access.log



#
# FTP servers
#


[proftpd]

port = ftp,ftp-data,ftps,ftps-data
logpath = %(proftpd_log)s




[exim]

port = smtp,465,submission
logpath = %(exim_main_log)s


[exim-spam]

port = smtp,465,submission
logpath = %(exim_main_log)s



# Jail for more extended banning of persistent abusers
# !!! WARNINGS !!!
# 1. Make sure that your loglevel specified in fail2ban.conf/.local
# is not at DEBUG level -- which might then cause fail2ban to fall into
# an infinite loop constantly feeding itself with non-informative lines
# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
# to maintain entries for failed logins for sufficient amount of time
[recidive]

logpath = /var/log/fail2ban.log
banaction = iptables-allports
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 5


# Generic filter for PAM. Has to be used with action which bans all
# ports such as iptables-allports, shorewall

[pam-generic]
# pam-generic filter can be customized to monitor specific subset of 'tty's
banaction = iptables-allports
logpath = %(syslog_authpriv)s


[xinetd-fail]

banaction = iptables-multiport-log
logpath = %(syslog_daemon)s
maxretry = 2[/spoiler]
Делаю в терминале для пробы
linux-suse:/home/white # iptables -w -N f2b-apache-auth
получаю
iptables: Chain already exists.
С iptables и f2b соответственно столкунлся впервые.
Чего за ошибки и как побеждать?В гугле чет как то не особо инфы нашел
по конкретно этому вопросу.
Ответить

Вернуться в «Unix»