Для первой быстрой проверки посмотрите, добавил ли fail2ban некоторые правила iptable:
sudo iptables -L f2b-sshd
Вот что у меня получилось:
target prot opt source destination
REJECT all -- mgt.pnu.ac.th anywhere reject-with icmp-port-unreachable
REJECT all -- plex1.domin8.media anywhere reject-with icmp-port-unreachable
REJECT all -- 218.92.0.197 anywhere reject-with icmp-port-unreachable
REJECT all -- 223.68.10.247 anywhere reject-with icmp-port-unreachable
REJECT all -- promote.cache-dns.local anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Кажется, мой сервер вызывает некоторый интерес. ;)
Та же проблема, но уже давно. Иногда работает, потом останавливается при следующем сканировании с сообщением об ошибке
[bjnp] bjnp_open_tcp: ERROR - Can not connect to scanner: Connection refused
scanimage: sane_read: Invalid argument
# ss -tulpn | grep :6566
tcp LISTEN 0 128 *:6566 *:* users:(("systemd",pid=1,fd=160))
Было испробовано многое:
# saned -d -a saned
[saned] saned (AF-indep+IPv6) from sane-backends 1.0.27 starting up
[saned] do_bindings: [0] bind failed: Address already in use
[saned] Now daemonized
# systemctl disable saned.socket
Removed /etc/systemd/system/sockets.target.wants/saned.socket.
# saned -d -a saned
[saned] saned (AF-indep+IPv6) from sane-backends 1.0.27 starting up
[saned] do_bindings: [1] bind failed: Address already in use
[saned] do_bindings: [0] bind failed: Address already in use
[saned] do_bindings: couldn't bind an address. Exiting.
[saned] FATAL ERROR; bailing out, waiting for children...
[saned] bail_out: all children exited
# ps ax | grep inet
23794 pts/7 S+ 0:00 grep inet
32284 ? Ss 0:01 /usr/sbin/inetd
# kill 32284
# ps ax | grep inet
23961 pts/7 S+ 0:00 grep inet
# saned -d -a saned
[saned] saned (AF-indep+IPv6) from sane-backends 1.0.27 starting up
[saned] do_bindings: [1] bind failed: Address already in use
[saned] do_bindings: [0] bind failed: Address already in use
[saned] do_bindings: couldn't bind an address. Exiting.
[saned] FATAL ERROR; bailing out, waiting for children...
[saned] bail_out: all children exited
# systemctl enable saned
saned.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable saned
# systemctl disable saned
saned.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable saned
# systemctl enable saned.socket
Created symlink /etc/systemd/system/sockets.target.wants/saned.socket → /etc/systemd/system/saned.socket.
# systemctl start saned.socket
Job for saned.socket failed.
See "systemctl status saned.socket" and "journalctl -xe" for details.
# systemctl status saned.socket
● saned.socket - saned incoming socket
Loaded: loaded (/etc/systemd/system/saned.socket; enabled; vendor preset: enabled)
Active: failed (Result: resources)
Listen: [::]:6566 (Stream)
Accepted: 0; Connected: 0;
Mai 12 09:29:41 monster systemd[1]: saned.socket: Failed to receive listening socket ([::]:6566): Input/output error
Mai 12 09:29:41 monster systemd[1]: saned.socket: Failed to listen on sockets: Input/output error
Mai 12 09:29:41 monster systemd[1]: saned.socket: Failed with result 'resources'.
Mai 12 09:29:41 monster systemd[1]: Failed to listen on saned incoming socket.
# ss -tulpn | grep :6566
tcp LISTEN 0 1 *:6566 *:* users:(("saned",pid=22068,fd=3))
В промежутках между этими командами от имени пользователя root я пытался сканировать с помощью scanimage от имени обычного пользователя в другом терминале.
Теперь ждем завершения некоторых процессов и перезагрузки.