Hello, after upgrade to SNG7 I was not able to run yum update. Looking to it I noticed that the reason was that fail2ban was preventing that. Then I did yum update --exclude fail2ban and all went through. Now still trying to upgrade fail2ban. The error:
Transaction check error:
file /etc/logrotate.d/fail2ban from install of fail2ban-server-0.9.7-1.el7.noarch conflicts with file from package fail2ban-fpbx-0.8.14-76.sng7.noarch
file /etc/fail2ban/action.d/badips.conf from install of fail2ban-server-0.9.7-1.el7.noarch conflicts with file from package fail2ban-fpbx-0.8.14-76.sng7.noarch
file /etc/fail2ban/action.d/blocklist_de.conf from install of fail2ban-server-0.9.7-1.el7.noarch conflicts with file from package fail2ban-fpbx-0.8.14-76.sng7.noarch
file /etc/fail2ban/action.d/firewallcmd-ipset.conf from install of fail2ban-server-0.9.7-1.el7.noarch conflicts with file from package fail2ban-fpbx-0.8.14-76.sng7.noarch
file /etc/fail2ban/action.d/firewallcmd-new.conf from install of fail2ban-server-0.9.7-1.el7.noarch conflicts with file from package fail2ban-fpbx-0.8.14-76.sng7.noarch
file /etc/fail2ban/action.d/iptables-allports.conf from install of fail2ban-server-0.9.7-1.el7.noarch conflicts with file from package fail2ban-fpbx-0.8.14-76.sng7.noarch
file /etc/fail2ban/action.d/iptables-ipset-proto4.conf from install of fail2ban-server-0.9.7-1.el7.noarch conflicts with file from package fail2ban-fpbx-0.8.14-76.sng7.noarch
file /etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf from install of fail2ban-server-0.9.7-1.el7.noarch conflicts with file from package fail2ban-fpbx-0.8.14-76.sng7.noarch
file /etc/fail2ban/action.d/iptables-ipset-proto6.conf from install of fail2ban-server-0.9.7-1.el7.noar …and etc.
yum info shows:
yum info fail2ban
Loaded plugins: fastestmirror, versionlock
Loading mirror speeds from cached hostfile
Installed Packages
Name : fail2ban
Arch : noarch
Version : 0.8.14
Release : 1.shmz65.1.129
Size : 851 k
Repo : installed
From repo : anaconda-SHMZ-201501302108.x86_64
Summary : Scan logfiles and ban ip addresses with too many password failures
URL : http://fail2ban.sourceforge.net/
License : GPL
Description : Fail2Ban monitors log files like /var/log/pwdfail or /var/log/apache/error_log
: and bans failure-prone addresses. It updates firewall rules to reject the IP
: address or executes user defined commands.
Available Packages
Name : fail2ban
Arch : noarch
Version : 0.9.7
Release : 1.el7
Size : 11 k
Repo : sng-epel/7/x86_64
Summary : Daemon to ban hosts that cause multiple authentication errors
URL : http://fail2ban.sourceforge.net/
License : GPLv2+
Description : Fail2Ban scans log files and bans IP addresses that makes too many password
: failures. It updates firewall rules to reject the IP address. These rules can
: be defined by the user. Fail2Ban can read multiple log files such as sshd or
: Apache web server ones.
:
: Fail2Ban is able to reduce the rate of incorrect authentications attempts
: however it cannot eliminate the risk that weak authentication presents.
: Configure services to use only two factor or public/private authentication
: mechanisms if you really want to protect services.
:
: This is a meta-package that will install the default configuration. Other
: sub-packages are available to install support for other actions and
: configurations.
Pls try to remove exist old F2B version on your PBX.
Then you can install below version.
I can see on my test system running same version 0.9.7.
$ yum info fail2ban
Loaded plugins: fastestmirror, versionlock
Loading mirror speeds from cached hostfile
Available Packages
Name : fail2ban
Arch : noarch
Version : 0.9.7
Release : 1.el7
Size : 11 k
Repo : sng-epel/7/x86_64
Summary : Daemon to ban hosts that cause multiple authentication errors
URL : http://fail2ban.sourceforge.net/
Licence : GPLv2+
Description : Fail2Ban scans log files and bans IP addresses that makes too many password
: failures. It updates firewall rules to reject the IP address. These rules can
: be defined by the user. Fail2Ban can read multiple log files such as sshd or
: Apache web server ones.
:
: Fail2Ban is able to reduce the rate of incorrect authentications attempts
: however it cannot eliminate the risk that weak authentication presents.
: Configure services to use only two factor or public/private authentication
: mechanisms if you really want to protect services.
:
: This is a meta-package that will install the default configuration. Other
: sub-packages are available to install support for other actions and
: configurations.
[root@hc-pbx ~]# service fail2ban start
Redirecting to /bin/systemctl start fail2ban.service
Job for fail2ban.service failed because the control process exited with error code. See “systemctl status fail2ban.service” and “journalctl -xe” for details.
I compared fail2ban.service of that system to another one and the file was different. Edited the file but that didn;t help much. Obviously is misconfigured somehow but I can’t seem to find a way to fix it. Thanks
I wished to be that simple…I already did including restarting the server, reinstalling fail2ban and etc. I have a support ticket going but I’m waiting for the tech to contact me. Thanks
somehow whatever was installed was not related with the freepbx distro. I see differences between all fail2ban files on a working SNG7 system and the one I upgraded and installed fail2ban manually. Thanks.
sure, that what I was wondering all that time…if I do yum update it installs it. I removed all 0.9.7 versions and installed manually 0.8.14. Everything is back to normal with fail2ban. Thanks for your help