FHEM-Hacker mit fail2ban blocken

pillepalle12 · 23 Januar 2022, 20:15:04

Danke für die weiteren Hinweise,
ja die Configs habe ich natürlich angepasst, inkl. Ports und die local angepasst, wie in der Anleitung.

Es hat in Jessy auch geklappt und seit Jahren funktioniert, nun leider nicht mehr.
Habe nochmal alle angepassten Dateien und Pfade geprüft, stimmt (leider) alles...

die "Login denied" Meldungen tauchen auch im FHEM Log auf, fail2ban sollte diese Meldungen auch finden, der /opt/fhem/log Pfad stimmt auch...

Bin ratlos...
Anbei noch meine Inhalte, evtl. bin ich inzwischen ja Betriebsblind

fhem.conf

Code Auswählen

# Fail2ban filter for fhem

[INCLUDES]

before = common.conf

[Definition]

failregex = ^(.*?)Login denied (.*?)_<HOST>_

ignoreregex =

jail.local

Code Auswählen

# JAILS
#
#
[fhem]
enabled  = true
port     = 8080
action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
filter   = fhem
logpath  = /opt/fhem/log/fhem-20*
maxretry = 2
bantime = 86400

JensS · 23 Januar 2022, 21:03:17

Port 8080 stimmt?

pillepalle12 · 23 Januar 2022, 21:03:59

Ja, der stimmt

JensS · 23 Januar 2022, 21:05:17

Kommt was in /var/log/fail2ban.log an?

pillepalle12 · 23 Januar 2022, 21:20:18

Guter Hinweis, hier hab ich noch gar nicht rein geschaut, ja das log ist voller Einträge, auch Fehlern:

der Hinweis "already banned" kann aber nicht stimmen, da ich mich immer noch einloggen kann vom Handy

Code Auswählen

The jail fhem has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root@localhost"
2022-01-23 19:42:35,740 fail2ban.utils          [481]: ERROR   74381020 -- stderr: '/bin/sh: 8: /usr/sbin/sendmail: not found'
2022-01-23 19:42:35,741 fail2ban.jail           [481]: INFO    Jail 'sshd' started
2022-01-23 19:42:35,742 fail2ban.utils          [481]: ERROR   74381020 -- returned 127
2022-01-23 19:42:35,745 fail2ban.utils          [481]: INFO    HINT on 127: "Command not found".  Make sure that all commands in 'printf %b "Subject: [Fail2>
2022-01-23 19:42:35,746 fail2ban.actions        [481]: ERROR   Failed to start jail 'fhem' action 'sendmail-whois': Error starting action Jail('fhem')/sendm>
2022-01-23 19:42:35,748 fail2ban.actions        [481]: NOTICE  [fhem] Restore Ban 109.43.49.223
2022-01-23 19:42:35,765 fail2ban.utils          [481]: ERROR   75a37d40 -- exec: iptables -w -N f2b-fhem-tcp
iptables -w -A f2b-fhem-tcp -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports 8080 -j f2b-fhem-tcp
2022-01-23 19:42:35,765 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 1: iptables: not found'
2022-01-23 19:42:35,766 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 2: iptables: not found'
2022-01-23 19:42:35,766 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 3: iptables: not found'
2022-01-23 19:42:35,767 fail2ban.utils          [481]: ERROR   75a37d40 -- returned 127
2022-01-23 19:42:35,767 fail2ban.utils          [481]: INFO    HINT on 127: "Command not found".  Make sure that all commands in 'iptables -w -N f2b-fhem-tc>
2022-01-23 19:42:35,767 fail2ban.actions        [481]: ERROR   Failed to execute ban jail 'fhem' action 'iptables-multiport-tcp' info 'ActionInfo({'ip': '10>
2022-01-23 19:42:35,769 fail2ban.actions        [481]: NOTICE  [fhem] Restore Ban 109.43.50.103
2022-01-23 19:42:35,781 fail2ban.utils          [481]: ERROR   75a37d40 -- exec: iptables -w -N f2b-fhem-tcp
iptables -w -A f2b-fhem-tcp -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports 8080 -j f2b-fhem-tcp
2022-01-23 19:42:35,782 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 1: iptables: not found'
2022-01-23 19:42:35,783 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 2: iptables: not found'
2022-01-23 19:42:35,783 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 3: iptables: not found'
2022-01-23 19:42:35,783 fail2ban.utils          [481]: ERROR   75a37d40 -- returned 127
2022-01-23 19:42:35,784 fail2ban.utils          [481]: INFO    HINT on 127: "Command not found".  Make sure that all commands in 'iptables -w -N f2b-fhem-tc>
2022-01-23 19:42:35,784 fail2ban.actions        [481]: ERROR   Failed to execute ban jail 'fhem' action 'iptables-multiport-tcp' info 'ActionInfo({'ip': '10>
2022-01-23 19:42:35,785 fail2ban.actions        [481]: NOTICE  [fhem] Restore Ban 185.204.1.183
2022-01-23 19:42:35,798 fail2ban.utils          [481]: ERROR   75a37d40 -- exec: iptables -w -N f2b-fhem-tcp
iptables -w -A f2b-fhem-tcp -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports 8080 -j f2b-fhem-tcp
2022-01-23 19:42:35,799 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 1: iptables: not found'
2022-01-23 19:42:35,799 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 2: iptables: not found'
2022-01-23 19:42:35,799 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 3: iptables: not found'
2022-01-23 19:42:35,800 fail2ban.utils          [481]: ERROR   75a37d40 -- returned 127
2022-01-23 19:42:35,800 fail2ban.utils          [481]: INFO    HINT on 127: "Command not found".  Make sure that all commands in 'iptables -w -N f2b-fhem-tc>
2022-01-23 19:42:35,801 fail2ban.actions        [481]: ERROR   Failed to execute ban jail 'fhem' action 'iptables-multiport-tcp' info 'ActionInfo({'ip': '18>
2022-01-23 19:42:35,802 fail2ban.actions        [481]: NOTICE  [fhem] Restore Ban 84.144.78.217
2022-01-23 19:42:35,814 fail2ban.utils          [481]: ERROR   75a37d40 -- exec: iptables -w -N f2b-fhem-tcp
iptables -w -A f2b-fhem-tcp -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports 8080 -j f2b-fhem-tcp
2022-01-23 19:42:35,815 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 1: iptables: not found'
2022-01-23 19:42:35,815 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 2: iptables: not found'
2022-01-23 19:42:35,816 fail2ban.utils          [481]: ERROR   75a37d40 -- stderr: '/bin/sh: 3: iptables: not found'
2022-01-23 19:42:35,816 fail2ban.utils          [481]: ERROR   75a37d40 -- returned 127
2022-01-23 19:42:35,817 fail2ban.utils          [481]: INFO    HINT on 127: "Command not found".  Make sure that all commands in 'iptables -w -N f2b-fhem-tc>
2022-01-23 19:42:35,817 fail2ban.actions        [481]: ERROR   Failed to execute ban jail 'fhem' action 'iptables-multiport-tcp' info 'ActionInfo({'ip': '84>
2022-01-23 20:00:57,565 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:00:57
2022-01-23 20:00:59,170 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:00:58
2022-01-23 20:00:59,213 fail2ban.actions        [481]: WARNING [fhem] 109.43.50.103 already banned
2022-01-23 20:01:00,128 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:01:00
2022-01-23 20:01:01,735 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:01:01
2022-01-23 20:01:01,817 fail2ban.actions        [481]: WARNING [fhem] 109.43.50.103 already banned
2022-01-23 20:01:02,535 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:01:02
2022-01-23 20:01:03,615 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:01:03
2022-01-23 20:01:04,021 fail2ban.actions        [481]: WARNING [fhem] 109.43.50.103 already banned
2022-01-23 20:01:04,907 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:01:04
2022-01-23 20:01:06,954 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:01:06
2022-01-23 20:01:07,226 fail2ban.actions        [481]: WARNING [fhem] 109.43.50.103 already banned
2022-01-23 20:01:08,561 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:01:08
2022-01-23 20:24:08,135 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:24:08
2022-01-23 20:24:09,741 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:24:09
2022-01-23 20:24:10,290 fail2ban.actions        [481]: WARNING [fhem] 109.43.50.103 already banned
2022-01-23 20:24:10,723 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:24:10
2022-01-23 20:24:12,329 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:24:12
2022-01-23 20:24:12,494 fail2ban.actions        [481]: WARNING [fhem] 109.43.50.103 already banned
2022-01-23 20:24:13,393 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:24:13
2022-01-23 20:24:14,551 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:24:14
2022-01-23 20:24:14,698 fail2ban.actions        [481]: WARNING [fhem] 109.43.50.103 already banned
2022-01-23 20:24:15,700 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 20:24:15
2022-01-23 21:05:27,322 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 21:05:27
2022-01-23 21:05:29,357 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 21:05:29
2022-01-23 21:05:30,015 fail2ban.actions        [481]: WARNING [fhem] 109.43.50.103 already banned
2022-01-23 21:05:31,134 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 21:05:31
2022-01-23 21:05:33,841 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 21:05:33
2022-01-23 21:05:34,021 fail2ban.actions        [481]: WARNING [fhem] 109.43.50.103 already banned
2022-01-23 21:05:35,674 fail2ban.filter         [481]: INFO    [fhem] Found 109.43.50.103 - 2022-01-23 21:05:35

pillepalle12 · 23 Januar 2022, 21:26:50

FEHLER GEFUNDEN!!

Dank Deinem Log Hinweis hab ich herausgefunden, dass das IP Tables Paket nicht installiert war: sudo apt install iptables

Jetzt funktioniert es.

VIELEN VIELEN DANK EUCH ALLEN!!

Wernieman · 24 Januar 2022, 08:48:34

Danke, das Du eine Erfolgmeldung gebracht hat.

Das Sahnehäubchen wäre. wenn Du im ersten Post den Titel ergänzt mit [gelöst] o.Ä.