Fail2ban troubleshooting

From Kolmisoft Wiki
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Problem: Fail2Ban does not start

Solution: 

mv /usr/share/fail2ban /usr/share/fail2ban_old
cd /usr/src/fail2ban-0.8.4
python setup.py install
service fail2ban restart


Starting fail2ban in debug mode (real example how to troubleshoot)

Problem - Fail2ban does not start: 

[root@ns3127522 ~]# service fail2ban restart
Stopping fail2ban:                                         [FALLITO] 
Starting fail2ban:                                         [FALLITO]
[root@ns3127522 ~]#

Debuging

1. Go to /usr/src/fail2ban-0.8.4 

cd /usr/src/fail2ban-0.8.4

2. Launch Fail2Ban in debug mode: 

./fail2ban-client -v -v -v start

3. You will see a similar output:

[root@ns312752 fail2ban-0.8.4]# ./fail2ban-client -v -v -v start 

DEBUG  Reading /etc/fail2ban/fail2ban
DEBUG  Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
DEBUG  Reading /etc/fail2ban/fail2ban
DEBUG  Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local']
DEBUG  Reading /etc/fail2ban/jail
DEBUG  Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
DEBUG  Reading /etc/fail2ban/jail
DEBUG  Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
WARNING 'action' not defined in 'php-url-fopen'. Using default value
DEBUG  Reading /etc/fail2ban/jail
DEBUG  Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
DEBUG  Reading /etc/fail2ban/filter.d/asterisk_hgc_200
DEBUG  Reading files: ['/etc/fail2ban/filter.d/asterisk_hgc_200.conf', '/etc/fail2ban/filter.d/asterisk_hgc_200.local']
DEBUG  Reading /etc/fail2ban/action.d/iptables-allports
DEBUG  Reading files: ['/etc/fail2ban/action.d/iptables-allports.conf', '/etc/fail2ban/action.d/iptables-allports.local']
DEBUG  Reading /etc/fail2ban/action.d/sendmail-banned
DEBUG  Reading files: ['/etc/fail2ban/action.d/sendmail-banned.conf', '/etc/fail2ban/action.d/sendmail-banned.local']
DEBUG  Reading /etc/fail2ban/jail
DEBUG  Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
DEBUG  Reading /etc/fail2ban/jail
DEBUG  Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value
DEBUG  Reading /etc/fail2ban/jail
DEBUG  Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
DEBUG  Reading /etc/fail2ban/filter.d/asterisk_manager

ERROR  /etc/fail2ban/filter.d/asterisk_manager.conf and /etc/fail2ban/filter.d/asterisk_manager.local do not exist
ERROR  Unable to read the filter
ERROR  Errors in jail 'asterisk-manager'. Skipping...

4. This means that these files are missing. Let's try to update our svn tree in /usr/src/mor

[root@ns312752 ~]# svn update /usr/src/mor 

U    /usr/src/mor/test/files/fail2ban/jail.conf                                                                                                                           
A    /usr/src/mor/test/files/fail2ban/filter.d/asterisk_manager.conf                                                                                                       
U    /usr/src/mor/db/12/permissions.sql                                                                                                                                     
U    /usr/src/mor/db/x4/permissions.sql                                                                                                                                     
U    /usr/src/mor/scripts/mor_alerts.h                                                                                                                                      
U    /usr/src/mor/upgrade/12/stable_revision                                                                                                                                
U    /usr/src/mor/upgrade/x4/stable_revision

we see that this file was missing previously. Probably Fail2Ban patches script from Kolmisoft will be enough to fix this: 

/usr/src/mor/test/scripts/various/fail2ban_patches.sh

5. We see that this solved the problem:

[root@ns3127522 ~]# /usr/src/mor/test/scripts/various/fail2ban_patches.sh

[SOME OUTPUT SKIPPED HERE 

Stopping fail2ban:                                         [FALLITO]
Starting fail2ban:                                         [FALLITO]
FAILED         Fail2Ban-SSH
Stopping fail2ban:                                         [FALLITO]
Starting fail2ban:                                         [  OK  ]

[root@ns3127522 ~]#

Fail2ban fails to start on CentOS 7

Symptoms: 

ERROR  Could not start server. Maybe an old socket file is still present. Try to remove /var/run/fail2ban/fail2ban.sock. If you used fail2ban-client to start the server, adding the -x option will do it

Resolution: 

rm -rf /var/run/fail2ban/fail2ban.sock
mkdir /var/run/fail2ban
chmod 0750 /var/run/fail2ban/
systemctl start fail2ban.service

Testing: 

systemctl status fail2ban.service

You should get similar output: 

● fail2ban.service - SYSV: Fail2ban daemon
  Loaded: loaded (/etc/rc.d/init.d/fail2ban; bad; vendor preset: disabled)
  Active: active (running) since Kt 2018-10-11 15:33:48 CEST; 12s ago
    Docs: man:systemd-sysv-generator(8)
 Process: 18840 ExecStart=/etc/rc.d/init.d/fail2ban start (code=exited, status=0/SUCCESS)
  CGroup: /system.slice/fail2ban.service
          ├─18851 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock
          └─18853 /usr/libexec/gam_server
Retrieved from "https://wiki.kolmisoft.com/index.php?title=Fail2ban_troubleshooting&oldid=24899"