Задать вопрос
Lakika
@Lakika
Sicario

Как исправить ошибку в fail2ban?

Здравствуйте. Установил fail2ban и настроил самый минимум.
При запуске вижу в логах ошибки, подскажите как исправить?

2019-09-10 14:49:18,805 fail2ban.jail           [15386]: INFO    Jail 'sshd' started
2019-09-10 14:49:18,811 fail2ban.jail           [15386]: INFO    Jail 'sshd-ddos' started
2019-09-10 14:49:18,814 fail2ban.jail           [15386]: INFO    Jail 'apache-auth' started
2019-09-10 14:49:18,816 fail2ban.jail           [15386]: INFO    Jail 'apache-noscript' started
2019-09-10 14:49:18,818 fail2ban.jail           [15386]: INFO    Jail 'apache-overflows' started
2019-09-10 14:49:18,820 fail2ban.jail           [15386]: INFO    Jail 'apache-nohome' started
2019-09-10 14:49:18,910 fail2ban.action         [15386]: ERROR   ipset create fail2ban-default hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-default src -j REJECT --reject-with icmp-port-unreachable -- stdout: b''
2019-09-10 14:49:18,910 fail2ban.action         [15386]: ERROR   ipset create fail2ban-default hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-default src -j REJECT --reject-with icmp-port-unreachable -- stderr: b'/bin/sh: 2: firewall-cmd: not found\n'
2019-09-10 14:49:18,911 fail2ban.action         [15386]: ERROR   ipset create fail2ban-default hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-default src -j REJECT --reject-with icmp-port-unreachable -- returned 127
2019-09-10 14:49:18,911 fail2ban.action         [15386]: INFO    HINT on 127: "Command not found".  Make sure that all commands in 'ipset create fail2ban-default hash:ip timeout 600\nfirewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-default src -j REJECT --reject-with icmp-port-unreachable' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals.
2019-09-10 14:49:18,911 fail2ban.actions        [15386]: ERROR   Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action
2019-09-10 14:49:18,912 fail2ban.actions        [15386]: NOTICE  [sshd] Ban 51.75.123.124
  • Вопрос задан
  • 662 просмотра
Подписаться 2 Простой Комментировать
Пригласить эксперта
Ответы на вопрос 1
Radjah
@Radjah
> firewall-cmd: not found
Либо поставить пакет firewalld, либо переключить на action, использующий iptables.
Ответ написан
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы