aws-acl-fail2ban icon indicating copy to clipboard operation
aws-acl-fail2ban copied to clipboard

Published 20 hours ago verified publisher icon anthonymartin

ACL not updating

Open nikhilshah28 opened this issue 6 years ago • 3 comments

I've attempted to try this out since i was not able to get fail2ban working behind the ALB; however, it doesn't seem to be updating the ACL.

The logs show my IP address ban: 2018-07-18 16:45:41,232 fail2ban.actions: INFO [aws-acl-example] 108.30.XX.XXalready banned 2018-07-18 16:45:46,238 fail2ban.actions: INFO [aws-acl-example] 108.30.XX.XX already banned

ACLs, don't have any entries inserted therefore am able to continue hitting the site. The ACL is attached to the VPC which the ALB and the instances are in.

I am basically using your conf files for both the action.d and the jail.local as well as the filter.d conf file. I've also set my acl in the action.d/aws-acl.conf - also ran composer install. The creds configured for aws-cli also has full access to modify ACLs

actionban = /root/aws-acl-fail2ban/bin/aws-acl-fail2ban -i acl-XXXX -b <ip>

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban = /root/aws-acl-fail2ban/bin/aws-acl-fail2ban -i acl-XXXX -u <ip>

nikhilshah28 avatar Jul 18 '18 16:07 nikhilshah28

Have you managed to get this resolved? I'm having the same problem. If I trigger the script manually ban is shown on the ACL but not through the ban action.

branislav-knezevic avatar Mar 13 '19 16:03 branislav-knezevic

Hi,

I had a very similar problem in Ubuntu Server 16.04. Everything related to fail2ban+aws-acl-fail2ban seemed to work (even I received the email alerts sent by fail2ban), but the IP was never included in the ACLs. Furthermore, I had the same configuration in Ubuntu Server 14.04 and everything worked like a charm in this environment.

After googling for an answer, I think I found the solution: the issue is not related to aws-acl-fail2ban but to the package awscli (which I had installed using apt-get install). Apparently, there is an error generated when calling awscli as part of a daemon which doesn't set a stdin value. Long story short, to fix the problem in Ubuntu 16.04 (awscli version 1.11.13-1ubuntu1~16.04.0) I had to modify the file /usr/lib/python3/dist-packages/awscli/compat.py and replace the line binary_stdin = sys.stdin.buffer by binary_stdin = sys.stdin.buffer if sys.stdin is not None else None.

If you want more info about it, you can read these two posts that helped me to fix the issue:

https://stackoverflow.com/questions/49778772/why-is-python3-throwing-an-error-when-calling-an-external-command

https://github.com/aws/aws-cli/issues/2518

amontironi avatar May 02 '19 14:05 amontironi

I'm still having this issue.

Installed a fail2ban v0.10.2 on debian:buster docker image, and using the v1.18.152 version of AWS CLI, installed with python 3.7.

The script works well when I run it manually through the shell, but the integration with the Fail2ban doesn't work. The logs show the banned history correctly, but nothing actually happens on the AWS ACL.

Is there a way to make this work?

kycfeel avatar Oct 16 '20 05:10 kycfeel