Difference between revisions of "Fail2ban troubleshooting"
From Kolmisoft Wiki
Jump to navigationJump to search
Line 27: | Line 27: | ||
[root@ns312752 fail2ban-0.8.4]# ./fail2ban-client -v -v -v start | [root@ns312752 fail2ban-0.8.4]# ./fail2ban-client -v -v -v start | ||
DEBUG Reading /etc/fail2ban/fail2ban | DEBUG Reading /etc/fail2ban/fail2ban | ||
DEBUG Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local'] | |||
INFO Using socket file /var/run/fail2ban/fail2ban.sock | |||
DEBUG Reading /etc/fail2ban/fail2ban | |||
DEBUG Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local'] | |||
DEBUG Reading /etc/fail2ban/jail | |||
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] | |||
DEBUG Reading /etc/fail2ban/jail | |||
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] | |||
WARNING 'action' not defined in 'php-url-fopen'. Using default value | |||
DEBUG Reading /etc/fail2ban/jail | |||
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] | |||
DEBUG Reading /etc/fail2ban/filter.d/asterisk_hgc_200 | |||
DEBUG Reading files: ['/etc/fail2ban/filter.d/asterisk_hgc_200.conf', '/etc/fail2ban/filter.d/asterisk_hgc_200.local'] | |||
DEBUG Reading /etc/fail2ban/action.d/iptables-allports | |||
DEBUG Reading files: ['/etc/fail2ban/action.d/iptables-allports.conf', '/etc/fail2ban/action.d/iptables-allports.local'] | |||
DEBUG Reading /etc/fail2ban/action.d/sendmail-banned | |||
DEBUG Reading files: ['/etc/fail2ban/action.d/sendmail-banned.conf', '/etc/fail2ban/action.d/sendmail-banned.local'] | |||
DEBUG Reading /etc/fail2ban/jail | |||
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] | |||
DEBUG Reading /etc/fail2ban/jail | |||
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] | |||
WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value | |||
DEBUG Reading /etc/fail2ban/jail | |||
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] | |||
DEBUG Reading /etc/fail2ban/filter.d/asterisk_manager | |||
'''ERROR /etc/fail2ban/filter.d/asterisk_manager.conf and /etc/fail2ban/filter.d/asterisk_manager.local do not exist | |||
ERROR Unable to read the filter | |||
ERROR Errors in jail 'asterisk-manager'. Skipping...''' | |||
'''ERROR /etc/fail2ban/filter.d/asterisk_manager.conf and /etc/fail2ban/filter.d/asterisk_manager.local do not exist | |||
ERROR Unable to read the filter | |||
ERROR Errors in jail 'asterisk-manager'. Skipping...''' | |||
4. This means that these files are missing. Let's try to update our svn tree in /usr/src/mor | 4. This means that these files are missing. Let's try to update our svn tree in /usr/src/mor | ||
Line 89: | Line 62: | ||
[root@ns312752 ~]# svn update /usr/src/mor | [root@ns312752 ~]# svn update /usr/src/mor | ||
U /usr/src/mor/test/files/fail2ban/jail.conf | U /usr/src/mor/test/files/fail2ban/jail.conf | ||
'''A /usr/src/mor/test/files/fail2ban/filter.d/asterisk_manager.conf ''' | |||
'''A /usr/src/mor/test/files/fail2ban/filter.d/asterisk_manager.conf ''' | U /usr/src/mor/db/12/permissions.sql | ||
U /usr/src/mor/db/x4/permissions.sql | |||
U /usr/src/mor/db/12/permissions.sql | U /usr/src/mor/scripts/mor_alerts.h | ||
U /usr/src/mor/upgrade/12/stable_revision | |||
U /usr/src/mor/db/x4/permissions.sql | U /usr/src/mor/upgrade/x4/stable_revision | ||
U /usr/src/mor/scripts/mor_alerts.h | |||
U /usr/src/mor/upgrade/12/stable_revision | |||
U /usr/src/mor/upgrade/x4/stable_revision | |||
we see that this file was missing previously. Probably Fail2Ban patches script from Kolmisoft will be enough to fix this: | we see that this file was missing previously. Probably Fail2Ban patches script from Kolmisoft will be enough to fix this: | ||
Line 113: | Line 80: | ||
[SOME OUTPUT SKIPPED HERE | [SOME OUTPUT SKIPPED HERE | ||
Stopping fail2ban: [FALLITO] | Stopping fail2ban: [FALLITO] | ||
Starting fail2ban: [FALLITO] | |||
Starting fail2ban: [FALLITO] | |||
FAILED Fail2Ban-SSH | FAILED Fail2Ban-SSH | ||
Stopping fail2ban: [FALLITO] | |||
Stopping fail2ban: [FALLITO] | '''Starting fail2ban: [ OK ]''' | ||
'''Starting fail2ban: [ OK ]''' | |||
[root@ns3127522 ~]# | [root@ns3127522 ~]# |
Latest revision as of 19:10, 15 July 2019
Problem: Fail2Ban does not start
Solution:
mv /usr/share/fail2ban /usr/share/fail2ban_old cd /usr/src/fail2ban-0.8.4 python setup.py install service fail2ban restart
Starting fail2ban in debug mode (real example how to troubleshoot)
Problem - Fail2ban does not start:
[root@ns3127522 ~]# service fail2ban restart Stopping fail2ban: [FALLITO] Starting fail2ban: [FALLITO] [root@ns3127522 ~]#
Debuging
1. Go to /usr/src/fail2ban-0.8.4
cd /usr/src/fail2ban-0.8.4
2. Launch Fail2Ban in debug mode:
./fail2ban-client -v -v -v start
3. You will see a similar output:
[root@ns312752 fail2ban-0.8.4]# ./fail2ban-client -v -v -v start
DEBUG Reading /etc/fail2ban/fail2ban DEBUG Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local'] INFO Using socket file /var/run/fail2ban/fail2ban.sock DEBUG Reading /etc/fail2ban/fail2ban DEBUG Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local'] DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] WARNING 'action' not defined in 'php-url-fopen'. Using default value DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] DEBUG Reading /etc/fail2ban/filter.d/asterisk_hgc_200 DEBUG Reading files: ['/etc/fail2ban/filter.d/asterisk_hgc_200.conf', '/etc/fail2ban/filter.d/asterisk_hgc_200.local'] DEBUG Reading /etc/fail2ban/action.d/iptables-allports DEBUG Reading files: ['/etc/fail2ban/action.d/iptables-allports.conf', '/etc/fail2ban/action.d/iptables-allports.local'] DEBUG Reading /etc/fail2ban/action.d/sendmail-banned DEBUG Reading files: ['/etc/fail2ban/action.d/sendmail-banned.conf', '/etc/fail2ban/action.d/sendmail-banned.local'] DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value DEBUG Reading /etc/fail2ban/jail DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local'] DEBUG Reading /etc/fail2ban/filter.d/asterisk_manager
ERROR /etc/fail2ban/filter.d/asterisk_manager.conf and /etc/fail2ban/filter.d/asterisk_manager.local do not exist ERROR Unable to read the filter ERROR Errors in jail 'asterisk-manager'. Skipping...
4. This means that these files are missing. Let's try to update our svn tree in /usr/src/mor
[root@ns312752 ~]# svn update /usr/src/mor
U /usr/src/mor/test/files/fail2ban/jail.conf A /usr/src/mor/test/files/fail2ban/filter.d/asterisk_manager.conf U /usr/src/mor/db/12/permissions.sql U /usr/src/mor/db/x4/permissions.sql U /usr/src/mor/scripts/mor_alerts.h U /usr/src/mor/upgrade/12/stable_revision U /usr/src/mor/upgrade/x4/stable_revision
we see that this file was missing previously. Probably Fail2Ban patches script from Kolmisoft will be enough to fix this:
/usr/src/mor/test/scripts/various/fail2ban_patches.sh
5. We see that this solved the problem:
[root@ns3127522 ~]# /usr/src/mor/test/scripts/various/fail2ban_patches.sh
[SOME OUTPUT SKIPPED HERE
Stopping fail2ban: [FALLITO] Starting fail2ban: [FALLITO] FAILED Fail2Ban-SSH Stopping fail2ban: [FALLITO] Starting fail2ban: [ OK ]
[root@ns3127522 ~]#
Fail2ban fails to start on CentOS 7
Symptoms:
ERROR Could not start server. Maybe an old socket file is still present. Try to remove /var/run/fail2ban/fail2ban.sock. If you used fail2ban-client to start the server, adding the -x option will do it
Resolution:
rm -rf /var/run/fail2ban/fail2ban.sock mkdir /var/run/fail2ban chmod 0750 /var/run/fail2ban/ systemctl start fail2ban.service
Testing:
systemctl status fail2ban.service
You should get similar output:
● fail2ban.service - SYSV: Fail2ban daemon Loaded: loaded (/etc/rc.d/init.d/fail2ban; bad; vendor preset: disabled) Active: active (running) since Kt 2018-10-11 15:33:48 CEST; 12s ago Docs: man:systemd-sysv-generator(8) Process: 18840 ExecStart=/etc/rc.d/init.d/fail2ban start (code=exited, status=0/SUCCESS) CGroup: /system.slice/fail2ban.service ├─18851 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock └─18853 /usr/libexec/gam_server