fail2ban.actions.action: ERROR

Found some discussion on dealing with “fail2ban.actions.action: ERROR” errors from fail2ban. Basically there’s a race condition and a few suggestions to deal with it. One is to modify /usr/bin/fail2ban-client like this:

def __processCmd(self, cmd, showRet = True):
	beautifier = Beautifier()
	for c in cmd:
		time.sleep(0.1)
		beautifier.setInputCmd(c)

But the other one, that I think I like better, is to edit /etc/fail2ban/actions.d/iptables-multiport.conf to include a call to sleep for a random time up to three seconds:

 actionstart =   sleep `perl -e 'print rand(3);'`
             iptables -N fail2ban-<name>
             iptables -A fail2ban-<name> -j RETURN
             iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>

Slowing down fail2ban

I had some messages from my fail2ban log like this:

 2012-02-03 00:59:33,810 fail2ban.actions.action: ERROR  iptables -N fail2ban-apache
 2012-02-03 00:59:33,838 fail2ban.actions.action: ERROR  iptables -N fail2ban-apache-overflows
 2012-02-03 03:42:49,355 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-overflows
 2012-02-03 03:43:04,998 fail2ban.actions.action: ERROR  iptables -N fail2ban-ssh-ddos
 2012-02-03 03:43:05,035 fail2ban.actions.action: ERROR  iptables -N fail2ban-apache-overflows
 2012-02-03 07:13:04,720 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-overflows
 2012-02-03 07:13:20,154 fail2ban.actions.action: ERROR  iptables -N fail2ban-ssh-ddos

I read over here about a workaround that goes like this:

Edit /usr/bin/fail2ban-client and add a call to time.sleep to mitigate a race condition:

def __processCmd(self, cmd, showRet = True):
    beautifier = Beautifier()
    for c in cmd:
        time.sleep(0.1)
        beautifier.setInputCmd(c)