Fail2ban perpetual don't respect unban policy

zimny · October 12, 2018, 7:06pm

Hi guys,

Just find out this today.
Looks like Fail2ban don’t respect unban command or is doing that in wired way.
When I’m trying unban specific IP from the list is still there but NS deleting last entry on the list.
Restart service give me the same behavior.
I believe this is connected to perpetual jail in Fail2ban.
Anyone can confirm that pls.

dnutan · October 12, 2018, 8:14pm

Worked as expected. Using the UI, unbaned an IP from the middle of the list, and that one was removed (IP from recidive with perpetual setting.)

stephdl · October 12, 2018, 8:22pm

In what list did you find the ip to unban, please could you make a screenshot ?

zimny · October 12, 2018, 8:35pm

How you can blacklist when you are in “approved list”???
I just to unband this addresses

stephdl · October 12, 2018, 8:37pm

Sorry i did not understand, could you reformulate please

zimny · October 12, 2018, 8:37pm

Ok I give you full experience.
Binn some IP
Make it perpetual.
Try tu un bin it.
?

zimny · October 13, 2018, 3:59am

Thanks
Decided restart the box and here we are again.
How many banned IP do you have?
Maybe this bag is just when you have few thousand like I have?

zimny · October 13, 2018, 4:11am

When I try unban specific IP is still there but I’m loosing the last entry on the list.

stephdl · October 13, 2018, 7:02am

Still lack my question about from which list you tried to unban the IP (Banned IP or Active Jails)

Banned IP is the display of shorewall show dynamic
Active Jails is a combined action of fail2ban-client status & shorewall show dynamic

Could you please show us the relevant log lines when you try to unban (messages and fail2ban log)

zimny · October 13, 2018, 2:27pm

log
2018-10-12 20:16:01,247 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-auth’, ‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,)

screen from active jails

stephdl · October 13, 2018, 4:33pm

it is not enough for debug purpose, fail2ban says it is not possible to unban this IP because the IP is not banned by the jail apache-auth. It is probably banned by another jail

@zimny this is what I am looking for unbanip · GitHub

zimny · October 13, 2018, 4:46pm

Was banned by openvpn or apache jail.
I was even rebooting but there is no way to delete this entry.

stephdl · October 13, 2018, 4:48pm

prove me that please

stephdl · October 13, 2018, 4:51pm

use a gist provider like github

zimny · October 13, 2018, 4:52pm

2018-10-12 20:16:01,247 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-auth’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,289 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-badbots’, 			‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,331 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-botsearch’, 		‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,374 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-fakegooglebot’, 	‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,416 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-modsecurity’,	 	‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,458 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-nohome’, 			‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,502 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-noscript’, 			‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,546 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-overflows’, 		‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,588 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-scan’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,634 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-shellshock’,	 	‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,677 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘httpd-admin’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,719 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘mysqld-auth’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,761 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘nextcloud-auth’, 			‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,807 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘openvpn’, 					‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,849 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘pam-generic’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,890 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘pam-generic-nethserver’, 	‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,944 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘postfix’, 					‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:01,990 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘postfix-ddos’, 			‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:02,033 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘postfix-rbl’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:02,079 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘recidive’,				 	‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:02,120 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘sshd’, 					‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:02,163 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘sshd-ddos’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:02,205 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘vsftpd’, 					‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,484 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-auth’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,526 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-badbots’, 			‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,568 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-botsearch’, 		‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,611 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-fakegooglebot’, 	‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,652 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-modsecurity’, 		‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,695 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-nohome’, 			‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,737 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-noscript’, 			‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,779 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-overflows’, 		‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,820 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-scan’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,863 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘apache-shellshock’, 		‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,909 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘httpd-admin’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,952 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘mysqld-auth’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:19,994 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘nextcloud-auth’, 			‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:20,036 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘openvpn’, 					‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:20,085 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘pam-generic’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:20,128 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘pam-generic-nethserver’, 	‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:20,181 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘postfix’, 					‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:20,232 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘postfix-ddos’, 			‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:20,276 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘postfix-rbl’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:20,318 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘recidive’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:20,360 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘sshd’, 					‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:20,404 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘sshd-ddos’, 				‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,) 
2018-10-12 20:16:20,446 fail2ban.transmitter [857]: WARNING Command [‘set’, ‘vsftpd’, 					‘unbanip’, ‘213.205.241.130’] has failed. Received ValueError(‘IP 213.205.241.130 is not banned’,)

zimny · October 13, 2018, 4:54pm

?
What you mean like this???

Not sharing any code so what is your point?

stephdl · October 13, 2018, 4:57pm

https://gist.github.com/

I am a man, not a robot, I have few time, I try to optimize it, I cannot read your post because the display torn my eyes.

You made too much posts and I still need the informations I asked…next issue now