Fail2ban troubleshooting
From Kolmisoft Wiki
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Problem: Fail2Ban does not start
Solution:
mv /usr/share/fail2ban /usr/share/fail2ban_old cd /usr/src/fail2ban-0.8.4 python setup.py install service fail2ban restart
Starting fail2ban in debug mode (real example how to troubleshoot)
Problem - Fail2ban does not start:
[root@ns3127522 ~]# service fail2ban restart Stopping fail2ban: [FALLITO] Starting fail2ban: [FALLITO] [root@ns3127522 ~]#
Debuging
1. Go to /usr/src/fail2ban-0.8.4
cd /usr/src/fail2ban-0.8.4
2. Launch Fail2Ban in debug mode:
./fail2ban-client -v -v -v start
3. You will see a similar output:
[root@ns312752 fail2ban-0.8.4]# ./fail2ban-client -v -v -v start
DEBUG Reading /etc/fail2ban/fail2ban DEBUG Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local'] INFO Using socket file /var/run/fail2ban/fail2ban.sock DEBUG Reading /etc/fail2ban/fail2ban DEBUG Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local'] DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] WARNING 'action' not defined in 'php-url-fopen'. Using default value DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] DEBUG Reading /etc/fail2ban/filter.d/asterisk_hgc_200 DEBUG Reading files: ['/etc/fail2ban/filter.d/asterisk_hgc_200.conf', '/etc/fail2ban/filter.d/asterisk_hgc_200.local'] DEBUG Reading /etc/fail2ban/action.d/iptables-allports DEBUG Reading files: ['/etc/fail2ban/action.d/iptables-allports.conf', '/etc/fail2ban/action.d/iptables-allports.local'] DEBUG Reading /etc/fail2ban/action.d/sendmail-banned DEBUG Reading files: ['/etc/fail2ban/action.d/sendmail-banned.conf', '/etc/fail2ban/action.d/sendmail-banned.local'] DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] DEBUG Reading /etc/fail2ban/filter.d/asterisk_manager
ERROR /etc/fail2ban/filter.d/asterisk_manager.conf and /etc/fail2ban/filter.d/asterisk_manager.local do not exist ERROR Unable to read the filter ERROR Errors in jail 'asterisk-manager'. Skipping...
4. This means that these files are missing. Let's try to update our svn tree in /usr/src/mor
[root@ns312752 ~]# svn update /usr/src/mor
U /usr/src/mor/test/files/fail2ban/jail.conf A /usr/src/mor/test/files/fail2ban/filter.d/asterisk_manager.conf U /usr/src/mor/db/12/permissions.sql U /usr/src/mor/db/x4/permissions.sql U /usr/src/mor/scripts/mor_alerts.h U /usr/src/mor/upgrade/12/stable_revision U /usr/src/mor/upgrade/x4/stable_revision
we see that this file was missing previously. Probably Fail2Ban patches script from Kolmisoft will be enough to fix this:
/usr/src/mor/test/scripts/various/fail2ban_patches.sh
5. We see that this solved the problem:
[root@ns3127522 ~]# /usr/src/mor/test/scripts/various/fail2ban_patches.sh
[SOME OUTPUT SKIPPED HERE
Stopping fail2ban: [FALLITO] Starting fail2ban: [FALLITO] FAILED Fail2Ban-SSH Stopping fail2ban: [FALLITO] Starting fail2ban: [ OK ]
[root@ns3127522 ~]#
Fail2ban fails to start on CentOS 7
Symptoms:
ERROR Could not start server. Maybe an old socket file is still present. Try to remove /var/run/fail2ban/fail2ban.sock. If you used fail2ban-client to start the server, adding the -x option will do it
Resolution:
rm -rf /var/run/fail2ban/fail2ban.sock mkdir /var/run/fail2ban chmod 0750 /var/run/fail2ban/ systemctl start fail2ban.service
Testing:
systemctl status fail2ban.service
You should get similar output:
● fail2ban.service - SYSV: Fail2ban daemon Loaded: loaded (/etc/rc.d/init.d/fail2ban; bad; vendor preset: disabled) Active: active (running) since Kt 2018-10-11 15:33:48 CEST; 12s ago Docs: man:systemd-sysv-generator(8) Process: 18840 ExecStart=/etc/rc.d/init.d/fail2ban start (code=exited, status=0/SUCCESS) CGroup: /system.slice/fail2ban.service ├─18851 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock └─18853 /usr/libexec/gam_server