Fail2Ban Nextcloudpi Errors

Hi - after getting a graylog notification about some failed login attempts I noticed the following in the NCP log:

2019-08-18 13:07:20,088 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:07:27,101 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:07:38,118 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:07:38,549 fail2ban.actions [1199]: NOTICE [nextcloud] 185.118.26.9 already banned
2019-08-18 13:07:46,132 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:07:57,148 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:08:05,161 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:08:05,586 fail2ban.actions [1199]: NOTICE [nextcloud] 185.118.26.9 already banned
2019-08-18 13:08:16,601 fail2ban.actions [1199]: NOTICE [nextcloud] Unban 185.118.26.9
2019-08-18 13:08:16,718 fail2ban.action [1199]: ERROR iptables -w -n -L INPUT | grep -q ‘f2b-nextcloud[ \t]’ – stdout: b’’
2019-08-18 13:08:16,719 fail2ban.action [1199]: ERROR iptables -w -n -L INPUT | grep -q ‘f2b-nextcloud[ \t]’ – stderr: b"modprobe: ERROR: …/libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file ‘/lib/modules/4.14.79-v7+/modules.dep.bin’\nmodprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.14.79-v7+\niptables v1.6.0: can’t initialize iptables table `filter’: Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.\n"
2019-08-18 13:08:16,720 fail2ban.action [1199]: ERROR iptables -w -n -L INPUT | grep -q ‘f2b-nextcloud[ \t]’ – returned 1
2019-08-18 13:08:16,721 fail2ban.CommandAction [1199]: ERROR Invariant check failed. Trying to restore a sane environment

There were about 40 attempts from that IP address so I believe fail2ban was not able to jail correctly.

My system is:

|NextCloudPi version|v1.15.3|

|NextCloudPi image|NextCloudPi_11-04-18|

I see the notice about needing to update iptables or the kernel but I am wary to do so as @nachoparker has done such a good job of maintaining a fluid update path.

Does anyone have any recommendations?

Thank you

Not sure, but seems to be an old fail2ban bug, resolved by adding small amount of sleep.

Let me DuckDuckGo that for you :wink:

Check

https://blog.laimbock.com/2013/01/11/fail2ban-error-invariant-check-failed/comment-page-1/

and

Fail2Ban / Bugs / #47 ERROR Invariant check failed. Trying to restore a sane envi

Thank you Oliver!

After some digging around, and upgrading to Buster via ncp-dist-upgrade, I found that now fail2ban works but the issue appears to be coming from iptables.

Any attempt from f2b to issue commands to iptables results in an error.

In fact, even a ‘sudo iptables -L’ will result in:

iptables/1.8.2 Failed to initialize nft: Protocol not supported

I have rebooted, having found mentions from others but no luck.

I cannot locate any help (even with duckduckgo(!)) to help with that.

Do you have any other thoughts? Thank you!

Is UFW active?

sudo ufw status

Thank you -

Interestingly:

$ sudo ufw status
ERROR: Couldn’t determine iptables version

Note: UFW, iptables and nftables are all installed

I am on:

4.14.79-v7+ #1159 SMP Sun Nov 4 17:50:20 GMT 2018 armv7l GNU/Linux

Which led me to try

update-alternatives --set iptables /usr/sbin/iptables-legacy

But ufw status now causes

ERROR: problem running iptables: modprobe: ERROR: …/libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file ‘/lib/modules/4.14.79-v7+/modules.dep.bin’
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.14.79-v7+
iptables v1.8.2 (legacy): can’t initialize iptables table `filter’: Table does not exist (do you need to insmod?)

Although:

$ ls /lib/modules
4.19.58+ 4.19.58-v7+

Should I rpi-update? Again, just being cautious over what is a very stable and well-maintained platform.

Hi - still trying to resolve this

I noticed both 1.15.5 and 1.16.4 had references to fail2ban which I thought may be related but the issue still persists.

When enabling UFW in the web panel I get messages like:

[ UFW ]
ERROR: problem running ufw-init
modprobe: ERROR: …/libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file ‘/lib/modules/4.14.79-v7+/modules.dep.bin’
modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/4.14.79-v7+
modprobe: ERROR: …/libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file ‘/lib/modules/4.14.79-v7+/modules.dep.bin’
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.14.79-v7+
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table ‘filter’

And then:

iptables v1.8.2 (legacy): can’t initialize iptables table `filter’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

To recap, I installed NCP from the 11_04_18 image, have always updated when available, and ran ncp-dist-upgrade to update to Buster.

Does anyone have any ideas? Thank you!