I’m using Jessie for production but I’m currently testing Stretch. Spookily I received this output on Jessie this pm:
/usr/lib/ruby/vendor_ruby/symbiosis/firewall/pattern.rb:84:in rescue in block (2 levels) in apply': undefined methodverbose’ for #Symbiosis::Firewall::Pattern:0x000000024b9d10 (NoMethodError)
from /usr/lib/ruby/vendor_ruby/symbiosis/firewall/pattern.rb:81:in block (2 levels) in apply' from /usr/lib/ruby/vendor_ruby/symbiosis/firewall/pattern.rb:77:ineach’
from /usr/lib/ruby/vendor_ruby/symbiosis/firewall/pattern.rb:77:in block in apply' from /usr/lib/ruby/vendor_ruby/symbiosis/firewall/pattern.rb:76:ineach’
from /usr/lib/ruby/vendor_ruby/symbiosis/firewall/pattern.rb:76:in apply' from /usr/lib/ruby/vendor_ruby/symbiosis/firewall/blacklist.rb:119:inblock in do_read’
from /usr/lib/ruby/vendor_ruby/symbiosis/firewall/blacklist.rb:87:in each' from /usr/lib/ruby/vendor_ruby/symbiosis/firewall/blacklist.rb:87:indo_read’
from /usr/lib/ruby/vendor_ruby/symbiosis/firewall/blacklist.rb:59:in generate' from /usr/sbin/symbiosis-firewall-blacklist:221:in’
I’ve just looked up on a client’s VM, still running Jessie but at least on the surface an identical machine, and it’s happily pushing auto entries to the blacklist directory. So what can I ‘diff’ or equivalent to find out why it’s working there and not on mine?
Late response (holiday taking) but if you’re still looking…
I believe the stock patterns are largely out-of-date so it may just be that machine_1 is getting hit on one of the pattern/rules that works (e.g. ssh login) while machine_2 isn’t. So, I’d start by looking at the logs and patterns, then the SQLite databases, then the code.
This post looks vaguely accurate on how to dig around.
After much searching and some experimentation, I look to have got fail2ban working with iptables and is now blocking brute-force attacks. Thanks for the input. Think I can now safely ignore the blacklist folder, although I think it still has use for very quick manual additions when I can’t remember the commands to add to iptables!