Fail2ban not working (Cloudflare and NPM)

Jordy · October 22, 2022, 2:10pm

Fail2ban can successfully read the logs from Vaultwarden, and it reads the IP address and tries to block it, but when fail2ban tries to block the IP it gives an error. Also no firewall rule is created in cloudflare

Fail2ban version: 0.11.2

Guides followed: Fail2Ban Setup · dani-garcia/vaultwarden Wiki · GitHub & Using Fail2Ban with Cloudflare | NikSec

Logs from fail2ban

2022-10-22 14:56:32,051 fail2ban.filter         [595330]: INFO    [vaultwarden] Found 69.69.69.69 - 2022-10-22 14:56:31
2022-10-22 14:56:32,428 fail2ban.filter         [595330]: INFO    [vaultwarden] Found 69.69.69.69 - 2022-10-22 14:56:32
2022-10-22 14:57:16,928 fail2ban.filter         [595330]: INFO    [vaultwarden] Found 69.69.69.69 - 2022-10-22 14:57:16
2022-10-22 14:57:17,001 fail2ban.actions        [595330]: NOTICE  [vaultwarden] Ban 69.69.69.69
2022-10-22 14:57:17,005 fail2ban.utils          [595330]: ERROR   7fbb63286ab0 -- exec: <actionban>
2022-10-22 14:57:17,006 fail2ban.utils          [595330]: ERROR   7fbb63286ab0 -- stderr: '/bin/sh: 1: Syntax error: end of file unexpected'
2022-10-22 14:57:17,006 fail2ban.utils          [595330]: ERROR   7fbb63286ab0 -- returned 2
2022-10-22 14:57:17,006 fail2ban.actions        [595330]: ERROR   Failed to execute ban jail 'vaultwarden' action 'cloudflare' info 'ActionInfo({'ip': '69.69.69.69', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fbb627d11b0>, 'F-*': {'matches': [('[', '2022-10-22 14:56:31.733', '][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 69.69.69.69. Username: info@microsoft.com.'), '[2022-10-22 14:56:32.427][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 69.69.69.69. Username: info@microsoft.com.', '[2022-10-22 14:57:16.927][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 69.69.69.69. Username: info@microsoft.com.'], 'failures': 3, 'ip4': '69.69.69.69'}, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fbb627d1870>})': Error banning 69.69.69.69

jail.d/vaultwarden.local

[vaultwarden]
enabled = true
port = 80,443,8081
filter = vaultwarden
logpath = /docker_data/vaultwarden/vaultwarden.log
maxretry = 3
bantime = 14400
findtime = 14400
action = cloudflare
    iptables-allports

filter.d/vaultwarden.local

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
ignoreregex =

action.d/cloudflare.conf

[Init]

# If you like to use this action with mailing whois lines, you could use the composite action
# action_cf_mwl predefined in jail.conf, just define in your jail:
#
# action = %(action_cf_mwl)s
# # Your CF account e-mail
# cfemail  =
# # Your CF API Key
# cfapikey =

cftoken = globalapitoken

cfuser = mycf@email.com

cftarget = ip

stefan0xC · October 25, 2022, 2:49pm

If this is the whole of your action.d/cloudfare.conf file it might be incomplete. Have you used the updated file from the repository as mentioned in the tutorial?

Jordy · October 26, 2022, 6:13pm

Thanks, I think I might actually be an idiot. I only copied those lines and did no append them to the new configuration file. Thanks for helping

Topic		Replies	Views
Fail2Ban with docker and reverse proxy	1	3383	June 16, 2023
Vaulthardening against brutforce attacks Help	0	133	November 14, 2023
Qnap Webinterface not reachable after starting fail2ban Third Party Help	1	477	September 21, 2022
(SOLVED) X-Real-IP/X-Forwarded-For always show the reverse proxy or gateway ip Help	2	981	June 26, 2023
Vaultwarden app & Cloudflare Help	2	329	October 21, 2023

Fail2ban not working (Cloudflare and NPM)

Related Topics