Difference between revisions of "Fail2ban troubleshooting"

Problem: Fail2Ban does not start

Solution:

mv /usr/share/fail2ban /usr/share/fail2ban_old
cd /usr/src/fail2ban-0.8.4
python setup.py install
service fail2ban restart

Starting fail2ban in debug mode (real example how to troubleshoot)

Problem - Fail2ban does not start:

[root@ns3127522 ~]# service fail2ban restart
Stopping fail2ban:                                         [FALLITO] 
Starting fail2ban:                                         [FALLITO]
[root@ns3127522 ~]# 

Debuging

1. Go to /usr/src/fail2ban-0.8.4

cd /usr/src/fail2ban-0.8.4

2. Launch Fail2Ban in debug mode:

./fail2ban-client -v -v -v start

3. You will see a similar output:

[root@ns312752 fail2ban-0.8.4]# ./fail2ban-client -v -v -v start

DEBUG Reading /etc/fail2ban/fail2ban

DEBUG Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local']

INFO Using socket file /var/run/fail2ban/fail2ban.sock

DEBUG Reading /etc/fail2ban/fail2ban

DEBUG Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local']

DEBUG Reading /etc/fail2ban/jail

DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']

DEBUG Reading /etc/fail2ban/jail

DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']

WARNING 'action' not defined in 'php-url-fopen'. Using default value

DEBUG Reading /etc/fail2ban/jail

DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']

DEBUG Reading /etc/fail2ban/filter.d/asterisk_hgc_200

DEBUG Reading files: ['/etc/fail2ban/filter.d/asterisk_hgc_200.conf', '/etc/fail2ban/filter.d/asterisk_hgc_200.local']

DEBUG Reading /etc/fail2ban/action.d/iptables-allports

DEBUG Reading files: ['/etc/fail2ban/action.d/iptables-allports.conf', '/etc/fail2ban/action.d/iptables-allports.local']

DEBUG Reading /etc/fail2ban/action.d/sendmail-banned

DEBUG Reading files: ['/etc/fail2ban/action.d/sendmail-banned.conf', '/etc/fail2ban/action.d/sendmail-banned.local']

DEBUG Reading /etc/fail2ban/jail

DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']

DEBUG Reading /etc/fail2ban/jail

DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']

WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value

DEBUG Reading /etc/fail2ban/jail

DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']

DEBUG Reading /etc/fail2ban/filter.d/asterisk_manager

ERROR /etc/fail2ban/filter.d/asterisk_manager.conf and /etc/fail2ban/filter.d/asterisk_manager.local do not exist

ERROR Unable to read the filter

ERROR Errors in jail 'asterisk-manager'. Skipping...

4. This means that these files are missing. Let's try to update our svn tree in /usr/src/mor

[root@ns312752 ~]# svn update /usr/src/mor

U /usr/src/mor/test/files/fail2ban/jail.conf

A /usr/src/mor/test/files/fail2ban/filter.d/asterisk_manager.conf

U /usr/src/mor/db/12/permissions.sql

U /usr/src/mor/db/x4/permissions.sql

U /usr/src/mor/scripts/mor_alerts.h

U /usr/src/mor/upgrade/12/stable_revision

U /usr/src/mor/upgrade/x4/stable_revision

we see that this file was missing previously. Probably Fail2Ban patches script from Kolmisoft will be enough to fix this:

/usr/src/mor/test/scripts/various/fail2ban_patches.sh 

5. We see that this solved the problem:

[root@ns3127522 ~]# /usr/src/mor/test/scripts/various/fail2ban_patches.sh

[SOME OUTPUT SKIPPED HERE

Stopping fail2ban: [FALLITO]

Starting fail2ban: [FALLITO]

FAILED         Fail2Ban-SSH

Stopping fail2ban: [FALLITO]

Starting fail2ban: [ OK ]

[root@ns3127522 ~]#