• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

fail2ban: ERROR iptables

R

rgruyters

Basic Pleskian
I have installed Fail2ban via the Plesk add-on packages. When I run fail2ban after few hours I see a lot of error messages in the `/var/log/messages`.

Code: 
...
Oct 23 15:17:12 server fail2ban.actions.action[3281]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH#012iptables -F fail2ban-SSH#012iptables -X fail2ban-SSH returned 300
Oct 23 15:17:12 server fail2ban.actions.action[3281]: ERROR iptables -N fail2ban-SSH#012iptables -A fail2ban-SSH -j RETURN#012iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
Oct 23 15:27:13 server fail2ban.actions.action[3281]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH#012iptables -F fail2ban-SSH#012iptables -X fail2ban-SSH returned 300
Oct 23 15:27:13 server fail2ban.actions.action[3281]: ERROR iptables -N fail2ban-SSH#012iptables -A fail2ban-SSH -j RETURN#012iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
Oct 23 20:36:42 server fail2ban.actions.action[3281]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH#012iptables -F fail2ban-SSH#012iptables -X fail2ban-SSH returned 300
Oct 23 20:36:42 server fail2ban.actions.action[3281]: ERROR iptables -N fail2ban-SSH#012iptables -A fail2ban-SSH -j RETURN#012iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
Oct 23 20:44:32 server fail2ban.actions.action[3281]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH#012iptables -F fail2ban-SSH#012iptables -X fail2ban-SSH returned 300
Oct 23 20:44:32 server fail2ban.actions.action[3281]: ERROR iptables -N fail2ban-SSH#012iptables -A fail2ban-SSH -j RETURN#012iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
Oct 23 20:46:42 server fail2ban.actions.action[3281]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH#012iptables -F fail2ban-SSH#012iptables -X fail2ban-SSH returned 300
Oct 23 20:46:42 server fail2ban.actions.action[3281]: ERROR iptables -N fail2ban-SSH#012iptables -A fail2ban-SSH -j RETURN#012iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
Oct 23 20:54:33 server fail2ban.actions.action[3281]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH#012iptables -F fail2ban-SSH#012iptables -X fail2ban-SSH returned 300
Oct 23 20:54:33 server fail2ban.actions.action[3281]: ERROR iptables -N fail2ban-SSH#012iptables -A fail2ban-SSH -j RETURN#012iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
...

And have fail2ban 0.8.14 installed:
fail2ban-0.8.14-1.el6.noarch
plesk-fail2ban-configurator-12.0.18-cos6.build1200140526.11.noarch

Any ideas what is the problem?

Regards,

Robin.
 
Have you got selinux installed?

Please provide some logs from "/var/log/audit/audit.log" for further investigations.
 
Here. Looks like selinux is blocking things. (and that answered your question as well)

Code: 
type=SYSCALL msg=audit(1414094129.495:1896754): arch=c000003e syscall=41 success=no exit=-13 a0=2 a1=3 a2=ff a3=4 items=0 ppid=26281 pid=26284 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10696 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1414094129.495:1896755): avc:  denied  { search } for  pid=26284 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1414094129.495:1896755): arch=c000003e syscall=2 success=no exit=-13 a0=3b6e005672 a1=0 a2=0 a3=4 items=0 ppid=26281 pid=26284 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10696 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1414094129.496:1896756): avc:  denied  { create } for  pid=26281 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:system_r:fail2ban_t:s0 tclass=rawip_socket
type=SYSCALL msg=audit(1414094129.496:1896756): arch=c000003e syscall=41 success=no exit=-13 a0=2 a1=3 a2=ff a3=4 items=0 ppid=26255 pid=26281 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10696 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1414094129.496:1896757): avc:  denied  { search } for  pid=26281 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1414094129.496:1896757): arch=c000003e syscall=2 success=no exit=-13 a0=3b6e005672 a1=0 a2=0 a3=4 items=0 ppid=26255 pid=26281 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10696 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1414094129.606:1896761): avc:  denied  { create } for  pid=26300 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:system_r:fail2ban_t:s0 tclass=rawip_socket
type=SYSCALL msg=audit(1414094129.606:1896761): arch=c000003e syscall=41 success=no exit=-13 a0=2 a1=3 a2=ff a3=0 items=0 ppid=26299 pid=26300 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10696 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1414094129.607:1896762): avc:  denied  { search } for  pid=26300 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1414094129.607:1896762): arch=c000003e syscall=2 success=no exit=-13 a0=3b6e005672 a1=0 a2=0 a3=0 items=0 ppid=26299 pid=26300 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10696 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1414094129.613:1896763): avc:  denied  { create } for  pid=26301 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:system_r:fail2ban_t:s0 tclass=rawip_socket
type=SYSCALL msg=audit(1414094129.613:1896763): arch=c000003e syscall=41 success=no exit=-13 a0=2 a1=3 a2=ff a3=4 items=0 ppid=26299 pid=26301 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10696 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1414094129.616:1896764): avc:  denied  { search } for  pid=26301 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1414094129.616:1896764): arch=c000003e syscall=2 success=no exit=-13 a0=3b6e005672 a1=0 a2=0 a3=4 items=0 ppid=26299 pid=26301 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10696 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1414094129.617:1896765): avc:  denied  { create } for  pid=26299 comm="iptables" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:system_r:fail2ban_t:s0 tclass=rawip_socket
 
The policies from selinux are incorrect. This bug may be solved manually, or by an upgrade of the selinux-policy package.
 
You must log in or register to reply here.

Similar threads

Liwindo
Input New Firewall App 18.0.52
Replies
4
Views
798
Liwindo
Liwindo
D
Resolved Docker containers crash randomly any few days
Replies
3
Views
2K
devnull
D
Sailorhost
Question IPv6 unreachable
Replies
4
Views
1K
Sailorhost
Sailorhost
S
Issue How to resolve docker install - iptable
Replies
1
Views
2K
IgorG
IgorG
K
Issue Docker containers don't start after plesk/extension upgrades
Replies
0
Views
640
kassi
K
Back
Top