Fail2ban troubleshooting
Problem: Fail2Ban does not start
Solution:
mv /usr/share/fail2ban /usr/share/fail2ban_old cd /usr/src/fail2ban-0.8.4 python setup.py install service fail2ban restart
Starting fail2ban in debug mode (real example how to troubleshoot)
Problem - Fail2ban does not start:
[root@ns3127522 ~]# service fail2ban restart Stopping fail2ban: [FALLITO] Starting fail2ban: [FALLITO] [root@ns3127522 ~]#
Debuging
1. Go to /usr/src/fail2ban-0.8.4
cd /usr/src/fail2ban-0.8.4
2. Launch Fail2Ban in debug mode:
./fail2ban-client -v -v -v start
3. You will see a similar output:
[root@ns312752 fail2ban-0.8.4]# ./fail2ban-client -v -v -v start
DEBUG Reading /etc/fail2ban/fail2ban
DEBUG Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local']
INFO Using socket file /var/run/fail2ban/fail2ban.sock
DEBUG Reading /etc/fail2ban/fail2ban
DEBUG Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local']
DEBUG Reading /etc/fail2ban/jail
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
DEBUG Reading /etc/fail2ban/jail
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
WARNING 'action' not defined in 'php-url-fopen'. Using default value
DEBUG Reading /etc/fail2ban/jail
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
DEBUG Reading /etc/fail2ban/filter.d/asterisk_hgc_200
DEBUG Reading files: ['/etc/fail2ban/filter.d/asterisk_hgc_200.conf', '/etc/fail2ban/filter.d/asterisk_hgc_200.local']
DEBUG Reading /etc/fail2ban/action.d/iptables-allports
DEBUG Reading files: ['/etc/fail2ban/action.d/iptables-allports.conf', '/etc/fail2ban/action.d/iptables-allports.local']
DEBUG Reading /etc/fail2ban/action.d/sendmail-banned
DEBUG Reading files: ['/etc/fail2ban/action.d/sendmail-banned.conf', '/etc/fail2ban/action.d/sendmail-banned.local']
DEBUG Reading /etc/fail2ban/jail
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
DEBUG Reading /etc/fail2ban/jail
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value
DEBUG Reading /etc/fail2ban/jail
DEBUG Reading files: ['/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.local']
DEBUG Reading /etc/fail2ban/filter.d/asterisk_manager
ERROR /etc/fail2ban/filter.d/asterisk_manager.conf and /etc/fail2ban/filter.d/asterisk_manager.local do not exist
ERROR Unable to read the filter
ERROR Errors in jail 'asterisk-manager'. Skipping...
4. This means that these files are missing. Let's try to update our svn tree in /usr/src/mor
[root@ns312752 ~]# svn update /usr/src/mor
U /usr/src/mor/test/files/fail2ban/jail.conf
A /usr/src/mor/test/files/fail2ban/filter.d/asterisk_manager.conf
U /usr/src/mor/db/12/permissions.sql
U /usr/src/mor/db/x4/permissions.sql
U /usr/src/mor/scripts/mor_alerts.h
U /usr/src/mor/upgrade/12/stable_revision
U /usr/src/mor/upgrade/x4/stable_revision
we see that this file was missing previously. Probably Fail2Ban patches script from Kolmisoft will be enough to fix this:
/usr/src/mor/test/scripts/various/fail2ban_patches.sh
5. We see that this solved the problem:
[root@ns3127522 ~]# /usr/src/mor/test/scripts/various/fail2ban_patches.sh
[SOME OUTPUT SKIPPED HERE
Stopping fail2ban: [FALLITO]
Starting fail2ban: [FALLITO]
FAILED Fail2Ban-SSH
Stopping fail2ban: [FALLITO]
Starting fail2ban: [ OK ]
[root@ns3127522 ~]#