Ah oui, essaye avec sudo en plus
sudo cat /var/log/fail2ban.log | grep "192.168.0.22"
Et puis je viens de regarder, il y a d’autres fichiers : sudo ls /var/log/fail2ban*
Du coup il faut lancer la même commande sut les autres mais pour les .gz il faut les décompresser avant donc sudo gunzip /var/log/fail2ban.log.2.gz par exemple
sudo cat /var/log/fail2ban.log | grep « 192.168.0.22 » => ne donne rien non plus
sudo gunzip /var/log/fail2ban.log.2.gz => idem
C’est pas forcement sensé « donner quelque chose ». Si ton IP était dans le log tu le verrais.
Tapes juste sudo cat /var/log/fail2ban.log et tu verras les évènements avec les IP bloquées
La commande gunzip a, normalement, décompressé le fichier et donc mis à disposition le fichier /var/log/fail2ban.log.2 dans lequel tu pourras regarder avec la même commande que celle du dessus.
Tu comprends ?
Je ne comprend pas totalement ce que je fais pour être honnête. La commande sudo cat /var/log/fail2ban.log donne :
2023-04-09 00:00:02,131 fail2ban.server [575]: INFO rollover performed on /var/log/fail2ban.log
2023-04-12 21:17:21,793 fail2ban.server [582]: INFO --------------------------------------------- -----
2023-04-12 21:17:21,801 fail2ban.server [582]: INFO Starting Fail2ban v0.10.2
2023-04-12 21:17:21,840 fail2ban.database [582]: INFO Connected to fail2ban persistent database '/v ar/lib/fail2ban/fail2ban.sqlite3'
2023-04-12 21:17:21,874 fail2ban.jail [582]: INFO Creating new jail 'sshd'
2023-04-12 21:17:22,013 fail2ban.jail [582]: INFO Jail 'sshd' uses pyinotify {}
2023-04-12 21:17:22,027 fail2ban.jail [582]: INFO Initiated 'pyinotify' backend
2023-04-12 21:17:22,031 fail2ban.filter [582]: INFO maxLines: 1
2023-04-12 21:17:22,172 fail2ban.server [582]: INFO Jail sshd is not a JournalFilter instance
2023-04-12 21:17:22,179 fail2ban.filter [582]: INFO Added logfile: '/var/log/auth.log' (pos = 220 2612, hash = 3684a4608ed5468b11b15072a6f0f53bd391d152)
2023-04-12 21:17:22,196 fail2ban.filter [582]: INFO encoding: UTF-8
2023-04-12 21:17:22,197 fail2ban.filter [582]: INFO maxRetry: 5
2023-04-12 21:17:22,198 fail2ban.filter [582]: INFO findtime: 600
2023-04-12 21:17:22,201 fail2ban.actions [582]: INFO banTime: 600
2023-04-12 21:17:22,207 fail2ban.jail [582]: INFO Jail 'sshd' started
2023-04-13 01:09:32,296 fail2ban.filter [582]: INFO [sshd] Found 192.168.0.23 - 2023-04-13 01:09: 32
2023-04-13 01:09:34,009 fail2ban.filter [582]: INFO [sshd] Found 192.168.0.23 - 2023-04-13 01:09: 34
2023-04-13 19:18:38,298 fail2ban.server [582]: INFO Shutdown in progress...
2023-04-13 19:18:38,301 fail2ban.server [582]: INFO Stopping all jails
2023-04-13 19:18:38,303 fail2ban.filter [582]: INFO Removed logfile: '/var/log/auth.log'
2023-04-13 19:18:38,424 fail2ban.actions [582]: NOTICE [sshd] Flush ticket(s) with iptables-multipor t
2023-04-13 19:18:39,513 fail2ban.jail [582]: INFO Jail 'sshd' stopped
2023-04-13 19:18:39,516 fail2ban.database [582]: INFO Connection to database closed.
2023-04-13 19:18:39,517 fail2ban.server [582]: INFO Exiting Fail2ban
2023-04-13 19:19:02,405 fail2ban.server [589]: INFO --------------------------------------------- -----
2023-04-13 19:19:02,413 fail2ban.server [589]: INFO Starting Fail2ban v0.10.2
2023-04-13 19:19:02,466 fail2ban.database [589]: INFO Connected to fail2ban persistent database '/v ar/lib/fail2ban/fail2ban.sqlite3'
2023-04-13 19:19:02,490 fail2ban.jail [589]: INFO Creating new jail 'sshd'
2023-04-13 19:19:02,657 fail2ban.jail [589]: INFO Jail 'sshd' uses pyinotify {}
2023-04-13 19:19:02,680 fail2ban.jail [589]: INFO Initiated 'pyinotify' backend
2023-04-13 19:19:02,684 fail2ban.filter [589]: INFO maxLines: 1
2023-04-13 19:19:02,857 fail2ban.server [589]: INFO Jail sshd is not a JournalFilter instance
2023-04-13 19:19:02,872 fail2ban.filter [589]: INFO Added logfile: '/var/log/auth.log' (pos = 309 7252, hash = 3684a4608ed5468b11b15072a6f0f53bd391d152)
2023-04-13 19:19:02,888 fail2ban.filter [589]: INFO encoding: UTF-8
2023-04-13 19:19:02,889 fail2ban.filter [589]: INFO maxRetry: 5
2023-04-13 19:19:02,891 fail2ban.filter [589]: INFO findtime: 600
2023-04-13 19:19:02,892 fail2ban.actions [589]: INFO banTime: 600
2023-04-13 19:19:02,899 fail2ban.jail [589]: INFO Jail 'sshd' started
2023-04-13 19:21:16,286 fail2ban.transmitter [589]: WARNING Command ['status', 'apach-multiport'] has fai led. Received UnknownJailException('apach-multiport')
2023-04-13 22:50:17,842 fail2ban.server [589]: INFO Shutdown in progress...
2023-04-13 22:50:17,843 fail2ban.server [589]: INFO Stopping all jails
2023-04-13 22:50:17,844 fail2ban.filter [589]: INFO Removed logfile: '/var/log/auth.log'
2023-04-13 22:50:17,943 fail2ban.actions [589]: NOTICE [sshd] Flush ticket(s) with iptables-multipor t
2023-04-13 22:50:17,944 fail2ban.jail [589]: INFO Jail 'sshd' stopped
2023-04-13 22:50:17,945 fail2ban.database [589]: INFO Connection to database closed.
2023-04-13 22:50:17,946 fail2ban.server [589]: INFO Exiting Fail2ban
2023-04-13 22:50:18,865 fail2ban.server [29941]: INFO ------------------------------------------- -------
2023-04-13 22:50:18,866 fail2ban.server [29941]: INFO Starting Fail2ban v0.10.2
2023-04-13 22:50:18,883 fail2ban.database [29941]: INFO Connected to fail2ban persistent database ' /var/lib/fail2ban/fail2ban.sqlite3'
2023-04-13 22:50:18,890 fail2ban.jail [29941]: INFO Creating new jail 'sshd'
2023-04-13 22:50:18,977 fail2ban.jail [29941]: INFO Jail 'sshd' uses pyinotify {}
2023-04-13 22:50:18,997 fail2ban.jail [29941]: INFO Initiated 'pyinotify' backend
2023-04-13 22:50:19,004 fail2ban.filter [29941]: INFO maxLines: 1
2023-04-13 22:50:19,177 fail2ban.server [29941]: INFO Jail sshd is not a JournalFilter instance
2023-04-13 22:50:19,181 fail2ban.filter [29941]: INFO Added logfile: '/var/log/auth.log' (pos = 3 282116, hash = 3684a4608ed5468b11b15072a6f0f53bd391d152)
2023-04-13 22:50:19,201 fail2ban.filter [29941]: INFO encoding: UTF-8
2023-04-13 22:50:19,203 fail2ban.filter [29941]: INFO maxRetry: 3
2023-04-13 22:50:19,205 fail2ban.filter [29941]: INFO findtime: 7200
2023-04-13 22:50:19,207 fail2ban.actions [29941]: INFO banTime: 28800
2023-04-13 22:50:19,217 fail2ban.jail [29941]: INFO Creating new jail 'apache-noscript'
2023-04-13 22:50:19,217 fail2ban.jail [29941]: INFO Jail 'apache-noscript' uses pyinotify {}
2023-04-13 22:50:19,235 fail2ban.jail [29941]: INFO Initiated 'pyinotify' backend
2023-04-13 22:50:19,264 fail2ban.filter [29941]: INFO Added logfile: '/var/www/html/log/http.erro r' (pos = 0, hash = 64a9107915a6344caafa4fe68c5ac73023243353)
2023-04-13 22:50:19,366 fail2ban.filter [29941]: INFO encoding: UTF-8
2023-04-13 22:50:19,368 fail2ban.filter [29941]: INFO maxRetry: 1
2023-04-13 22:50:19,369 fail2ban.filter [29941]: INFO findtime: 7200
2023-04-13 22:50:19,370 fail2ban.actions [29941]: INFO banTime: 28800
2023-04-13 22:50:19,377 fail2ban.jail [29941]: INFO Creating new jail 'apache-overflows'
2023-04-13 22:50:19,378 fail2ban.jail [29941]: INFO Jail 'apache-overflows' uses pyinotify {}
2023-04-13 22:50:19,394 fail2ban.jail [29941]: INFO Initiated 'pyinotify' backend
2023-04-13 22:50:19,411 fail2ban.filter [29941]: INFO Added logfile: '/var/www/html/log/http.erro r' (pos = 0, hash = 64a9107915a6344caafa4fe68c5ac73023243353)
2023-04-13 22:50:19,424 fail2ban.filter [29941]: INFO encoding: UTF-8
2023-04-13 22:50:19,425 fail2ban.filter [29941]: INFO maxRetry: 2
2023-04-13 22:50:19,427 fail2ban.filter [29941]: INFO findtime: 7200
2023-04-13 22:50:19,429 fail2ban.actions [29941]: INFO banTime: 28800
2023-04-13 22:50:19,439 fail2ban.jail [29941]: INFO Creating new jail 'apache-botsearch'
2023-04-13 22:50:19,439 fail2ban.jail [29941]: INFO Jail 'apache-botsearch' uses pyinotify {}
2023-04-13 22:50:19,457 fail2ban.jail [29941]: INFO Initiated 'pyinotify' backend
2023-04-13 22:50:19,493 fail2ban.filter [29941]: INFO Added logfile: '/var/www/html/log/http.erro r' (pos = 0, hash = 64a9107915a6344caafa4fe68c5ac73023243353)
2023-04-13 22:50:19,504 fail2ban.filter [29941]: INFO encoding: UTF-8
2023-04-13 22:50:19,505 fail2ban.filter [29941]: INFO maxRetry: 6
2023-04-13 22:50:19,507 fail2ban.filter [29941]: INFO findtime: 7200
2023-04-13 22:50:19,508 fail2ban.actions [29941]: INFO banTime: 28800
2023-04-13 22:50:19,521 fail2ban.jail [29941]: INFO Jail 'sshd' started
2023-04-13 22:50:19,524 fail2ban.jail [29941]: INFO Jail 'apache-noscript' started
2023-04-13 22:50:19,528 fail2ban.jail [29941]: INFO Jail 'apache-overflows' started
2023-04-13 22:50:19,531 fail2ban.jail [29941]: INFO Jail 'apache-botsearch' started
Et la commande avec /var/log/fail2ban.log.2 donne :
2023-03-26 00:00:02,669 fail2ban.server [575]: INFO rollover performed on /var/log/fail2ban.log
Dans la premiere je vois une IP proche de celle mon Jeedom apparaitre :
2023-04-13 01:09:32,296 fail2ban.filter [582]: INFO [sshd] Found 192.168.0.23 - 2023-04-13 01:09: 32
2023-04-13 01:09:34,009 fail2ban.filter [582]: INFO [sshd] Found 192.168.0.23 - 2023-04-13 01:09:
Inutile d’aller chercher dans des logs, il y a des commandes pour voir ce qui est banni.
Pour voir tous les ban
sudo fail2ban-client banned
Par jail :
sudo fail2ban-client get <JAIL> banned
Et pour debannir:
fail2ban-client set <JAIL> unbanip <IP>
Norbert
Salut Norbert
Le premier :
pi@jeedom:~ $ sudo fail2ban-client banned
NOK: ('Invalid command',)
Invalid command
Le deuxieme :
pi@jeedom:~ $ sudo fail2ban-client get <JAIL> banned
-bash: JAIL: No such file or directory
que donne ?
sudo fail2ban-client status
pi@jeedom:~ $ sudo fail2ban-client status
Status
|- Number of jail: 4
`- Jail list: apache-botsearch, apache-noscript, apache-overflows, sshd
fail2ban-client get apache-noscript banned
et
fail2ban-client get apache-overflows banned
pi@jeedom:~ $ fail2ban-client get apache-noscript banned
Permission denied to socket: /var/run/fail2ban/fail2ban.sock, (you must be root)
du coup j’ai fait
pi@jeedom:~ $ sudo fail2ban-client get apache-noscript banned
NOK: ('Invalid command (no get action or not yet implemented)',)
Invalid command (no get action or not yet implemented)
pi@jeedom:~ $
et
pi@jeedom:~ $ sudo fail2ban-client get apache-overflows banned
NOK: ('Invalid command (no get action or not yet implemented)',)
Invalid command (no get action or not yet implemented)
tu es sur quelle version de debian ?
Debian 10.11
essaye ca, du coup
sudo fail2ban-client status apache-noscript
sudo fail2ban-client status apache-overflows
pi@jeedom:~ $ sudo fail2ban-client status apache-noscript
Status for the jail: apache-noscript
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/www/html/log/http.error
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
puis
pi@jeedom:~ $ sudo fail2ban-client status apache-overflows
Status for the jail: apache-overflows
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/www/html/log/http.error
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
Aucun ban a prioris 
et ton acces Jeedom fonctionne en ca moment ?
Actuellement j’accede à Jeedom sans soucis en local ou externe… mais je sens que ca va recommencer d’ici demain 
du coup, lorsque ca se reproduit, tu peux faire un
sudo fail2ban-client status
puis
sudo fail2ban-client status apache-noscript
A faire pour chacun des JAIL dans la JAIL list … et voir si l’adresse IP du poste sur lequel ca ne fonctionne pas est presente
et pour unban (apache-noscript et 192.168.0.50 à remplacer par le bon JAIL et la bonne adresse IP
sudo fail2ban-client set apache-noscript unbanip 192.168.0.50
Ensuite, faudra creuser ce qui ban
On peut mettre ta plage interne en whitelist … main bon, pas très satisfaisant
D’accord je vais attendre que l’erreur se réitère alors, je ne suis pas sur de comprendre ce qu’est un jail c’est une adresse IP qui est ban ?
un jail, c’est un ban sur un protocol (un port defini pour simplifier) … si le jail, c’est sshd, l’adresse IP dans le jail en question est juste bloquée pour faire du ssh
donc, ce qui t’interesse, c’est un jail apache-* (sans doute un jail apache-multiport)
Un petit sujet sur un pb equivalent lié à une interpretation de liens html dans les logs pour des plugins en mode debug : Acces Jeedom ...Bizarre
A suivre
Encore merci pour ton aide, je pense que je reviendrais poster quand ca se reproduira histoire d’etre sur de ce que je fais 