Hello guys,
Today I had a real sudden crash of my Asterisk box (on site) and while investigating on the reasons (probably a bad HDD cable) I found this inside /var/log/fail2ban.log
Sorry for the long log but this way you can see exactly what is going on. This is not a one-off error. It happens at seemingly random times and fail2ban recovers (it autorestarts the jails). Does anyone have any idea what is going on. It looks like a bug but I'm not sure
Today I had a real sudden crash of my Asterisk box (on site) and while investigating on the reasons (probably a bad HDD cable) I found this inside /var/log/fail2ban.log
Code:
2016-06-27 18:45:01,849 fail2ban.server : INFO Stopping all jails
2016-06-27 18:45:02,758 fail2ban.jail : INFO Jail 'apache-tcpwrapper' stopped
2016-06-27 18:45:03,669 fail2ban.jail : INFO Jail 'apache-badbots' stopped
2016-06-27 18:45:04,600 fail2ban.jail : INFO Jail 'apache-banhttp' stopped
2016-06-27 18:45:05,099 fail2ban.jail : INFO Jail 'asterisk' stopped
2016-06-27 18:45:06,483 fail2ban.jail : INFO Jail 'ssh-iptables' stopped
2016-06-27 18:45:06,485 fail2ban.server : INFO Exiting Fail2ban
2016-06-27 18:46:22,593 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.7
2016-06-27 18:46:22,867 fail2ban.jail : INFO Creating new jail 'ssh-iptables'
2016-06-27 18:46:22,910 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin
2016-06-27 18:46:23,119 fail2ban.jail : INFO Initiated 'gamin' backend
2016-06-27 18:46:23,123 fail2ban.filter : INFO Added logfile = /var/log/secure
2016-06-27 18:46:23,125 fail2ban.filter : INFO Set maxRetry = 5
2016-06-27 18:46:23,129 fail2ban.filter : INFO Set findtime = 10800
2016-06-27 18:46:23,130 fail2ban.actions: INFO Set banTime = 3155692600
2016-06-27 18:46:23,351 fail2ban.jail : INFO Creating new jail 'apache-tcpwrapper'
2016-06-27 18:46:23,352 fail2ban.jail : INFO Jail 'apache-tcpwrapper' uses Gamin
2016-06-27 18:46:23,353 fail2ban.jail : INFO Initiated 'gamin' backend
2016-06-27 18:46:23,359 fail2ban.filter : INFO Added logfile = /var/log/asterisk/freepbx_security.log
2016-06-27 18:46:23,361 fail2ban.filter : INFO Set maxRetry = 3
2016-06-27 18:46:23,366 fail2ban.filter : INFO Set findtime = 10800
2016-06-27 18:46:23,368 fail2ban.actions: INFO Set banTime = 3155692600
2016-06-27 18:46:23,402 fail2ban.jail : INFO Creating new jail 'apache-banhttp'
2016-06-27 18:46:23,403 fail2ban.jail : INFO Jail 'apache-banhttp' uses Gamin
2016-06-27 18:46:23,405 fail2ban.jail : INFO Initiated 'gamin' backend
2016-06-27 18:46:23,408 fail2ban.filter : INFO Added logfile = /var/log/asterisk/freepbx_security.log
2016-06-27 18:46:23,410 fail2ban.filter : INFO Set maxRetry = 3
2016-06-27 18:46:23,413 fail2ban.filter : INFO Set findtime = 10800
2016-06-27 18:46:23,415 fail2ban.actions: INFO Set banTime = 60
2016-06-27 18:46:23,456 fail2ban.jail : INFO Creating new jail 'apache-badbots'
2016-06-27 18:46:23,457 fail2ban.jail : INFO Jail 'apache-badbots' uses Gamin
2016-06-27 18:46:23,464 fail2ban.jail : INFO Initiated 'gamin' backend
2016-06-27 18:46:23,815 fail2ban.filter : INFO Added logfile = /var/log/httpd/access_log
2016-06-27 18:46:23,817 fail2ban.filter : INFO Set maxRetry = 1
2016-06-27 18:46:23,821 fail2ban.filter : INFO Set findtime = 10800
2016-06-27 18:46:23,822 fail2ban.actions: INFO Set banTime = 172800
2016-06-27 18:46:23,895 fail2ban.jail : INFO Creating new jail 'asterisk'
2016-06-27 18:46:23,897 fail2ban.jail : INFO Jail 'asterisk' uses Gamin
2016-06-27 18:46:23,898 fail2ban.jail : INFO Initiated 'gamin' backend
2016-06-27 18:46:24,015 fail2ban.filter : INFO Added logfile = /var/log/asterisk/full
2016-06-27 18:46:24,017 fail2ban.filter : INFO Set maxRetry = 5
2016-06-27 18:46:24,021 fail2ban.filter : INFO Set findtime = 10800
2016-06-27 18:46:24,023 fail2ban.actions: INFO Set banTime = 60
2016-06-27 18:46:24,192 fail2ban.jail : INFO Jail 'ssh-iptables' started
2016-06-27 18:46:24,344 fail2ban.jail : INFO Jail 'apache-tcpwrapper' started
2016-06-27 18:46:24,362 fail2ban.jail : INFO Jail 'apache-banhttp' started
2016-06-27 18:46:24,383 fail2ban.jail : INFO Jail 'apache-badbots' started
2016-06-27 18:46:24,400 fail2ban.jail : INFO Jail 'asterisk' started
2016-06-27 18:47:02,633 fail2ban.server : INFO Stopping all jails
2016-06-27 18:47:03,433 fail2ban.jail : INFO Jail 'apache-tcpwrapper' stopped
2016-06-27 18:47:04,421 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-BadBots
iptables -F fail2ban-BadBots
iptables -X fail2ban-BadBots returned 100
2016-06-27 18:47:05,123 fail2ban.jail : INFO Jail 'apache-badbots' stopped
2016-06-27 18:47:05,295 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-BadPassword
iptables -F fail2ban-BadPassword
iptables -X fail2ban-BadPassword returned 100
2016-06-27 18:47:05,942 fail2ban.jail : INFO Jail 'apache-banhttp' stopped
2016-06-27 18:47:06,466 fail2ban.actions.action: ERROR iptables -D INPUT -p udp -m multiport --dports 5060,5061 -j fail2ban-asterisk-udp
iptables -F fail2ban-asterisk-udp
iptables -X fail2ban-asterisk-udp returned 100
2016-06-27 18:47:06,500 fail2ban.actions.action: ERROR iptables -D INPUT -p all -j fail2ban-ASTERISK
iptables -F fail2ban-ASTERISK
iptables -X fail2ban-ASTERISK returned 100
2016-06-27 18:47:06,945 fail2ban.jail : INFO Jail 'asterisk' stopped
2016-06-27 18:47:07,431 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp --dport 22 -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100
2016-06-27 18:47:07,929 fail2ban.jail : INFO Jail 'ssh-iptables' stopped
2016-06-27 18:47:07,931 fail2ban.server : INFO Exiting Fail2ban
2016-06-27 18:47:11,292 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.7
2016-06-27 18:47:11,293 fail2ban.jail : INFO Creating new jail 'ssh-iptables'
2016-06-27 18:47:11,295 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin
2016-06-27 18:47:11,315 fail2ban.jail : INFO Initiated 'gamin' backend
2016-06-27 18:47:11,317 fail2ban.filter : INFO Added logfile = /var/log/secure
2016-06-27 18:47:11,318 fail2ban.filter : INFO Set maxRetry = 5
2016-06-27 18:47:11,320 fail2ban.filter : INFO Set findtime = 10800
2016-06-27 18:47:11,321 fail2ban.actions: INFO Set banTime = 3155692600
2016-06-27 18:47:11,424 fail2ban.jail : INFO Creating new jail 'apache-tcpwrapper'
2016-06-27 18:47:11,425 fail2ban.jail : INFO Jail 'apache-tcpwrapper' uses Gamin
2016-06-27 18:47:11,426 fail2ban.jail : INFO Initiated 'gamin' backend
2016-06-27 18:47:11,427 fail2ban.filter : INFO Added logfile = /var/log/asterisk/freepbx_security.log
2016-06-27 18:47:11,428 fail2ban.filter : INFO Set maxRetry = 3
2016-06-27 18:47:11,430 fail2ban.filter : INFO Set findtime = 10800
2016-06-27 18:47:11,431 fail2ban.actions: INFO Set banTime = 3155692600
2016-06-27 18:47:11,449 fail2ban.jail : INFO Creating new jail 'apache-banhttp'
2016-06-27 18:47:11,450 fail2ban.jail : INFO Jail 'apache-banhttp' uses Gamin
2016-06-27 18:47:11,451 fail2ban.jail : INFO Initiated 'gamin' backend
2016-06-27 18:47:11,452 fail2ban.filter : INFO Added logfile = /var/log/asterisk/freepbx_security.log
2016-06-27 18:47:11,453 fail2ban.filter : INFO Set maxRetry = 3
2016-06-27 18:47:11,456 fail2ban.filter : INFO Set findtime = 10800
2016-06-27 18:47:11,457 fail2ban.actions: INFO Set banTime = 60
2016-06-27 18:47:11,476 fail2ban.jail : INFO Creating new jail 'apache-badbots'
2016-06-27 18:47:11,477 fail2ban.jail : INFO Jail 'apache-badbots' uses Gamin
2016-06-27 18:47:11,478 fail2ban.jail : INFO Initiated 'gamin' backend
2016-06-27 18:47:11,480 fail2ban.filter : INFO Added logfile = /var/log/httpd/access_log
2016-06-27 18:47:11,481 fail2ban.filter : INFO Set maxRetry = 1
2016-06-27 18:47:11,483 fail2ban.filter : INFO Set findtime = 10800
2016-06-27 18:47:11,483 fail2ban.actions: INFO Set banTime = 172800
2016-06-27 18:47:11,522 fail2ban.jail : INFO Creating new jail 'asterisk'
2016-06-27 18:47:11,523 fail2ban.jail : INFO Jail 'asterisk' uses Gamin
2016-06-27 18:47:11,524 fail2ban.jail : INFO Initiated 'gamin' backend
2016-06-27 18:47:11,526 fail2ban.filter : INFO Added logfile = /var/log/asterisk/full
2016-06-27 18:47:11,527 fail2ban.filter : INFO Set maxRetry = 5
2016-06-27 18:47:11,528 fail2ban.filter : INFO Set findtime = 10800
2016-06-27 18:47:11,529 fail2ban.actions: INFO Set banTime = 60
2016-06-27 18:47:11,577 fail2ban.jail : INFO Jail 'ssh-iptables' started
2016-06-27 18:47:11,606 fail2ban.jail : INFO Jail 'apache-tcpwrapper' started
2016-06-27 18:47:11,617 fail2ban.jail : INFO Jail 'apache-banhttp' started
2016-06-27 18:47:11,626 fail2ban.jail : INFO Jail 'apache-badbots' started
2016-06-27 18:47:11,643 fail2ban.jail : INFO Jail 'asterisk' started
Sorry for the long log but this way you can see exactly what is going on. This is not a one-off error. It happens at seemingly random times and fail2ban recovers (it autorestarts the jails). Does anyone have any idea what is going on. It looks like a bug but I'm not sure