Category Archives: CentOS

fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned

Meanwhile in a new VPS…

2018-04-18 19:56:42,211 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:43,213 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:44,214 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:45,215 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:46,217 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:47,218 fail2ban.actions [14644]: NOTICE [sshd] 195.72.223.106 already banned
2018-04-18 19:56:48,219 fail2ban.actions [14644]: NOTICE [sshd] 195.72.223.106 already banned

YAH!
Take a look at /etc/fail2ban/jail.local or /etc/fail2ban/jail.d/00-firewalld.conf
banaction = firewallcmd-ipset
or
banaction = iptables-multiport

 

Meltdown & Spectre – CentOS

This is, for what I’v read about, the two main things that we need to have updated…

kernel-3.10.0-693.11.6.el7.x86_64
microcode_ctl-2.1-22.2.el7.x86_64

Check them trought uname -r and dmesg | grep microcode

 

[[email protected] www]# systemctl status microcode -l
● microcode.service - Load CPU microcode update
 Loaded: loaded (/usr/lib/systemd/system/microcode.service; enabled; vendor preset: enabled)
 Active: inactive (dead) since Fri 2018-01-05 17:43:08 CET; 1 weeks 6 days ago
 Process: 692 ExecStart=/usr/bin/bash -c grep -l GenuineIntel /proc/cpuinfo | xargs grep -l -E "model[[:space:]]*: 79$" > /dev/null || echo 1 > /sys/devices/system/cpu/microcode/reload (code=exited, status=0/SUCCESS)
 Main PID: 692 (code=exited, status=0/SUCCESS)

Jan 05 17:43:08 sd-56969 systemd[1]: Starting Load CPU microcode update...
Jan 05 17:43:08 sd-56969 systemd[1]: Started Load CPU microcode update.

 

 

 

CentOS 7 – allowing port 80 & 443 httpd

Easy!

Run

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent

and then…

firewall-cmd --reload

 

How to check the zones?

firewall-cmd --get-zones

 

If you can’t connect to the server/page…

or with curl…

hell:~ pjrfigueiredo$ curl https://www.domain.com
curl: (7) Failed to connect to www.domain.com port 443: Connection refused

Check if anything is listening to 443

sudo netstat -lnp | grep 443

If nothing show up… try to edit the domain httpd configuration file… and make it so, that httpd is listening to it… like for example

<VirtualHost *:80 *:443>

 

 

 

fail2ban.actions – ERROR Failed to start jail ‘apache-fakegooglebot’ action ‘firewallcmd-ipset’: Error starting action

Got this sh*t on my error logs…

firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-fakegooglebot src -j REJECT --reject-with icmp-port-unreachable -- killed with signal 124 (return code: 252)
2017-07-08 21:26:11,212 fail2ban.actions [3781]: ERROR Failed to start jail 'apache-fakegooglebot' action 'firewallcmd-ipset': Error starting action
2017-07-08 21:26:11,416 fail2ban.action [3781]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout 6000
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-modsecurity src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''

Solution? Let’s set banaction to iptables! 🙂

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

!!

centos – Error Summary – Disk Requirements – more space needed on the /boot filesystem

 

Error Summary
-------------
Disk Requirements:
 At least 3MB more space needed on the /boot filesystem.

[[email protected] pjrfigueiredo]# df -H /boot
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       199M  156M   29M  85% /boot
[[email protected] pjrfigueiredo]# rpm -qa | grep kernel
kernel-tools-libs-3.10.0-514.16.1.el7.x86_64
abrt-addon-kerneloops-2.1.11-45.el7.centos.x86_64
kernel-tools-3.10.0-514.16.1.el7.x86_64
kernel-3.10.0-514.10.2.el7.x86_64
kernel-3.10.0-514.16.1.el7.x86_64
[[email protected] pjrfigueiredo]# rpm -e kernel-3.10.0-514.10.2.el7.x86_64
[[email protected] pjrfigueiredo]# df -H /boot
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       199M  111M   74M  61% /boot

or…

sudo yum remove `rpm -q kernel | grep -v 'uname -r'`