Hi - after getting a graylog notification about some failed login attempts I noticed the following in the NCP log:
2019-08-18 13:07:20,088 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:07:27,101 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:07:38,118 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:07:38,549 fail2ban.actions [1199]: NOTICE [nextcloud] 185.118.26.9 already banned
2019-08-18 13:07:46,132 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:07:57,148 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:08:05,161 fail2ban.filter [1199]: INFO [nextcloud] Found 185.118.26.9
2019-08-18 13:08:05,586 fail2ban.actions [1199]: NOTICE [nextcloud] 185.118.26.9 already banned
2019-08-18 13:08:16,601 fail2ban.actions [1199]: NOTICE [nextcloud] Unban 185.118.26.9
2019-08-18 13:08:16,718 fail2ban.action [1199]: ERROR iptables -w -n -L INPUT | grep -q ‘f2b-nextcloud[ \t]’ – stdout: b’’
2019-08-18 13:08:16,719 fail2ban.action [1199]: ERROR iptables -w -n -L INPUT | grep -q ‘f2b-nextcloud[ \t]’ – stderr: b"modprobe: ERROR: …/libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file ‘/lib/modules/4.14.79-v7+/modules.dep.bin’\nmodprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.14.79-v7+\niptables v1.6.0: can’t initialize iptables table `filter’: Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.\n"
2019-08-18 13:08:16,720 fail2ban.action [1199]: ERROR iptables -w -n -L INPUT | grep -q ‘f2b-nextcloud[ \t]’ – returned 1
2019-08-18 13:08:16,721 fail2ban.CommandAction [1199]: ERROR Invariant check failed. Trying to restore a sane environment
There were about 40 attempts from that IP address so I believe fail2ban was not able to jail correctly.
My system is:
|NextCloudPi version|v1.15.3|
|NextCloudPi image|NextCloudPi_11-04-18|
I see the notice about needing to update iptables or the kernel but I am wary to do so as @nachoparker has done such a good job of maintaining a fluid update path.
Does anyone have any recommendations?
Thank you
Thank you Oliver!
After some digging around, and upgrading to Buster via ncp-dist-upgrade, I found that now fail2ban works but the issue appears to be coming from iptables.
Any attempt from f2b to issue commands to iptables results in an error.
In fact, even a ‘sudo iptables -L’ will result in:
iptables/1.8.2 Failed to initialize nft: Protocol not supported
I have rebooted, having found mentions from others but no luck.
I cannot locate any help (even with duckduckgo(!)) to help with that.
Do you have any other thoughts? Thank you!
Thank you -
Interestingly:
$ sudo ufw status
ERROR: Couldn’t determine iptables version
Note: UFW, iptables and nftables are all installed
I am on:
4.14.79-v7+ #1159 SMP Sun Nov 4 17:50:20 GMT 2018 armv7l GNU/Linux
Which led me to try
update-alternatives --set iptables /usr/sbin/iptables-legacy
But ufw status now causes
ERROR: problem running iptables: modprobe: ERROR: …/libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file ‘/lib/modules/4.14.79-v7+/modules.dep.bin’
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.14.79-v7+
iptables v1.8.2 (legacy): can’t initialize iptables table `filter’: Table does not exist (do you need to insmod?)
Although:
$ ls /lib/modules
4.19.58+ 4.19.58-v7+
Should I rpi-update? Again, just being cautious over what is a very stable and well-maintained platform.
Hi - still trying to resolve this
I noticed both 1.15.5 and 1.16.4 had references to fail2ban which I thought may be related but the issue still persists.
When enabling UFW in the web panel I get messages like:
[ UFW ]
ERROR: problem running ufw-init
modprobe: ERROR: …/libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file ‘/lib/modules/4.14.79-v7+/modules.dep.bin’
modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/4.14.79-v7+
modprobe: ERROR: …/libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file ‘/lib/modules/4.14.79-v7+/modules.dep.bin’
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.14.79-v7+
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table ‘filter’
And then:
iptables v1.8.2 (legacy): can’t initialize iptables table `filter’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
To recap, I installed NCP from the 11_04_18 image, have always updated when available, and ran ncp-dist-upgrade to update to Buster.
Does anyone have any ideas? Thank you!