Fail to ban will not start


(Antonio) #1

I click start and immediately goes to stop

I tried starting via cli and get the below

[root@freepbx ~]# service fail2ban start
Systemd shim for fail2ban running ‘/usr/sbin/systemctl start fail2ban’
Job for fail2ban.service failed because the control process exited with error code. See “systemctl status fail2ban.service” and “journalctl -xe” for details.

I also tried

yum update fail2ban
Loaded plugins: fastestmirror, versionlock
Determining fastest mirrors
sng-base | 3.6 kB 00:00:00
sng-epel | 2.9 kB 00:00:00
sng-extras | 2.9 kB 00:00:00
sng-pkgs | 3.4 kB 00:00:00
sng-updates | 2.9 kB 00:00:00
(1/6): sng-extras/7-8.2003.3.el7.sangoma/x86_64/primary_db | 206 kB 00:00:00
(2/6): sng-base/7-8.2003.3.el7.sangoma/x86_64/group_gz | 153 kB 00:00:00
(3/6): sng-pkgs/7-8.2003.3.el7.sangoma/x86_64/primary_db | 861 kB 00:00:00
(4/6): sng-base/7-8.2003.3.el7.sangoma/x86_64/primary_db | 6.1 MB 00:00:01
(5/6): sng-updates/7-8.2003.3.el7.sangoma/x86_64/primary_db | 4.5 MB 00:00:01
(6/6): sng-epel/7-8.2003.3.el7.sangoma/x86_64/primary_db | 7.3 MB 00:00:02
Package(s) fail2ban available, but not installed.
No packages marked for update


(Lorne Gaetz) #2

Have you seen this thread https://community.freepbx.org/t/intrusion-detection-will-not-start/72788/9?u=lgaetz


#3

One would have to ask if you ever tried (from a shell)

systemctl status fail2ban.service

or

journalctl -xe

? If you did, what did they report?


(Antonio) #4

systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor pr eset: disabled)
Active: inactive (dead)

[root@freepbx ~]# journalctl -xe
Feb 12 00:55:20 freepbx.sangoma.local runuser[2605]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:20 freepbx.sangoma.local runuser[2615]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:20 freepbx.sangoma.local runuser[2615]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:20 freepbx.sangoma.local fwconsole[1674]: [>---------------------------] < 1 sec
Feb 12 00:55:20 freepbx.sangoma.local fwconsole[1674]: Started RestApps Server. PID is 2568
Feb 12 00:55:20 freepbx.sangoma.local fwconsole[1674]: Running Asterisk post from Ucp module
Feb 12 00:55:20 freepbx.sangoma.local runuser[2625]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:20 freepbx.sangoma.local runuser[2625]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:20 freepbx.sangoma.local fwconsole[1674]: Starting UCP Node Server…
Feb 12 00:55:20 freepbx.sangoma.local runuser[2635]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:21 freepbx.sangoma.local runuser[2635]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:21 freepbx.sangoma.local runuser[2645]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:21 freepbx.sangoma.local runuser[2645]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:21 freepbx.sangoma.local runuser[2655]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:22 freepbx.sangoma.local runuser[2655]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:22 freepbx.sangoma.local runuser[2671]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:23 freepbx.sangoma.local runuser[2671]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:23 freepbx.sangoma.local runuser[2688]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:23 freepbx.sangoma.local runuser[2688]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:23 freepbx.sangoma.local fwconsole[1674]: [>---------------------------] < 1 sec
Feb 12 00:55:23 freepbx.sangoma.local runuser[2698]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:24 freepbx.sangoma.local runuser[2698]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:24 freepbx.sangoma.local runuser[2708]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:24 freepbx.sangoma.local runuser[2708]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:24 freepbx.sangoma.local fwconsole[1674]: Started UCP Node Server. PID is 2665
Feb 12 00:55:24 freepbx.sangoma.local fwconsole[1674]: Running Asterisk post from Vqplus module
Feb 12 00:55:24 freepbx.sangoma.local fwconsole[1674]: Queues Pro is not licensed.
Feb 12 00:55:24 freepbx.sangoma.local fwconsole[1674]: Running Asterisk post from Xmpp module
Feb 12 00:55:25 freepbx.sangoma.local runuser[2737]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:26 freepbx.sangoma.local runuser[2737]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:26 freepbx.sangoma.local fwconsole[1674]: Starting Chat Server…
Feb 12 00:55:26 freepbx.sangoma.local runuser[2747]: pam_unix(runuser:session): session opened for user asteris
Feb 12 00:55:27 freepbx.sangoma.local runuser[2747]: pam_unix(runuser:session): session closed for user asteris
Feb 12 00:55:27 freepbx.sangoma.local runuser[2757]: pam_unix(runuser:session): session opened for user asteris
lines 1959-1992/1992 (END)
Feb 12 00:55:20 freepbx.sangoma.local runuser[2605]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:20 freepbx.sangoma.local runuser[2615]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:20 freepbx.sangoma.local runuser[2615]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:20 freepbx.sangoma.local fwconsole[1674]: [>---------------------------] < 1 sec
Feb 12 00:55:20 freepbx.sangoma.local fwconsole[1674]: Started RestApps Server. PID is 2568
Feb 12 00:55:20 freepbx.sangoma.local fwconsole[1674]: Running Asterisk post from Ucp module
Feb 12 00:55:20 freepbx.sangoma.local runuser[2625]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:20 freepbx.sangoma.local runuser[2625]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:20 freepbx.sangoma.local fwconsole[1674]: Starting UCP Node Server…
Feb 12 00:55:20 freepbx.sangoma.local runuser[2635]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:21 freepbx.sangoma.local runuser[2635]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:21 freepbx.sangoma.local runuser[2645]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:21 freepbx.sangoma.local runuser[2645]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:21 freepbx.sangoma.local runuser[2655]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:22 freepbx.sangoma.local runuser[2655]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:22 freepbx.sangoma.local runuser[2671]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:23 freepbx.sangoma.local runuser[2671]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:23 freepbx.sangoma.local runuser[2688]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:23 freepbx.sangoma.local runuser[2688]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:23 freepbx.sangoma.local fwconsole[1674]: [>---------------------------] < 1 sec
Feb 12 00:55:23 freepbx.sangoma.local runuser[2698]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:24 freepbx.sangoma.local runuser[2698]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:24 freepbx.sangoma.local runuser[2708]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:24 freepbx.sangoma.local runuser[2708]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:24 freepbx.sangoma.local fwconsole[1674]: Started UCP Node Server. PID is 2665
Feb 12 00:55:24 freepbx.sangoma.local fwconsole[1674]: Running Asterisk post from Vqplus module
Feb 12 00:55:24 freepbx.sangoma.local fwconsole[1674]: Queues Pro is not licensed.
Feb 12 00:55:24 freepbx.sangoma.local fwconsole[1674]: Running Asterisk post from Xmpp module
Feb 12 00:55:25 freepbx.sangoma.local runuser[2737]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:26 freepbx.sangoma.local runuser[2737]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:26 freepbx.sangoma.local fwconsole[1674]: Starting Chat Server…
Feb 12 00:55:26 freepbx.sangoma.local runuser[2747]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)
Feb 12 00:55:27 freepbx.sangoma.local runuser[2747]: pam_unix(runuser:session): session closed for user asterisk
Feb 12 00:55:27 freepbx.sangoma.local runuser[2757]: pam_unix(runuser:session): session opened for user asterisk by (uid=0)


#5

Forget the journal, what does

systemctl enable fail2ban 

report


(Antonio) #6

systemctl enable fail2ban
Created symlink from /etc/systemd/system/default.target.wants/fail2ban.service to /usr/lib/systemd/system/fail2ban.service.
You have mail in /var/spool/mail/root


#7

Now start fail2ban systemctl start fail2ban time to read you mail perhaps?


(Antonio) #8

I was able to fixed it by uninstalling and re-installing. how ever I keep getting the alert of the messages in mail queue. I don’t have anything configured for mail queue. What is this referring to. I can clear the alert via cli but it keeps poping up


#9

The mail you are not reading are informational messages about your system you should set a mail aluas for asterisk and root to an address you use.?


(Antonio) #10

were do I go for that? I have an email under notification setting


#11

Good question, it’s probably somewhere in the GUI, personally I use mutt from a shell but adding to /etc/aliases

root: you@email.com
asterisk: you@email.com

and running newaliases will also work


(Antonio) #12

Thanks., ok I am back to square run, after a restart the module is not starting again. I tried all the above and no go…this is driving me crazy…


#13

Capture


#14

So post again the result of systemctl restart fail2ban and then systemctl status fail2ban


(Antonio) #15

[root@freepbx ~]# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2021-02-12 23:27:33 UTC; 14s ago
Docs: man:fail2ban(1)
Process: 5683 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
Process: 5694 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 5696 (f2b/server)
CGroup: /system.slice/fail2ban.service
├─5696 /usr/bin/python2 -s /usr/bin/fail2ban-server -xf start
└─5702 /usr/libexec/gam_server

Feb 12 23:27:33 freepbx.sangoma.local systemd[1]: Stopped Fail2Ban Service.
Feb 12 23:27:33 freepbx.sangoma.local systemd[1]: Starting Fail2Ban Service…
Feb 12 23:27:33 freepbx.sangoma.local systemd[1]: Started Fail2Ban Service.
Feb 12 23:27:33 freepbx.sangoma.local fail2ban-server[5696]: 2021-02-12 23:27:33,623 fail2ban.configreader [5…ban
Feb 12 23:27:33 freepbx.sangoma.local fail2ban-server[5696]: 2021-02-12 23:27:33,623 fail2ban.jailreader [5…bx’
Feb 12 23:27:33 freepbx.sangoma.local fail2ban-server[5696]: 2021-02-12 23:27:33,624 fail2ban.jailsreader [5…
Feb 12 23:27:33 freepbx.sangoma.local fail2ban-server[5696]: 2021-02-12 23:27:33,651 fail2ban.configreader [5…ban
Feb 12 23:27:33 freepbx.sangoma.local fail2ban-server[5696]: 2021-02-12 23:27:33,651 fail2ban.jailreader [5…lu’
Feb 12 23:27:33 freepbx.sangoma.local fail2ban-server[5696]: 2021-02-12 23:27:33,651 fail2ban.jailsreader [5…
Feb 12 23:27:33 freepbx.sangoma.local fail2ban-server[5696]: Server ready
Hint: Some lines were ellipsized, use -l to show in full.


#16

That shows a restarted started it, you can systemctl enable fail2ban to have it always start on boot,

(this might not be how the ‘distro’ does things though)


(Antonio) #17

Thats the problem, I cant seem to start the module


(Antonio) #18

can I uninstall and re-install fail2ban see if it corrects the issue

I tried
yum remove fail2ban
yum install fail2ban

But the result is the same. the module does not start. About to give up and rebuild and then restore config


#19

Sorry, deep in ‘distro’ territory now which I don’t use so I don’t want to mislead you.


#20

That is because the email address is still set the email address for fail2ban in the location I showed you. Otherwise it will keep trying to send an alert email to the fake default one, "you@youremail.com" and that is why you are getting the Queue alert, because it was not successful sending it.