Fail2ban again


#1

Ok, so what’s going on with fail2ban not starting again? I see several posts and they’re all closed including the big one from august - sept. Has the issue been discovered? is a fix in the works?


(Sam Shomi) #2

I am also seeing this. Seemed to have started with recent updates to firewall/sysadmin modules. Also firewall is not reloading itself anymore on changes and not loading rules. I think in my case, part of the problem is that it assumes eth0 interface exists and if your server doesn’t have that it has problems.


(Yois) #3

Can you be more specific?


#4

it’s a mess. I’m installing a brand new install today and the firewall is just doing weird stuff. Fail2ban won’t load. Somehow I lost IPV4 on eth0 and it was only IPV6 which I didn’t even authorize for this VM.

Have rebuilt from scratch now from ISO (that I’ve used before) and after updates everything seems to go to hell.


#5

Finally had to abort the firewall config on initial boot and just do updates. Couldn’t get past it…


#6

● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2021-09-10 15:51:36 UTC; 7s ago
Process: 28638 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
Process: 28637 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)

Sep 10 15:51:36 freepbx.sangoma.local systemd[1]: fail2ban.service: control process exited, code=exited status=255
Sep 10 15:51:36 freepbx.sangoma.local systemd[1]: Failed to start Fail2Ban Service.
Sep 10 15:51:36 freepbx.sangoma.local systemd[1]: Unit fail2ban.service entered failed state.
Sep 10 15:51:36 freepbx.sangoma.local systemd[1]: fail2ban.service failed.
Sep 10 15:51:36 freepbx.sangoma.local systemd[1]: fail2ban.service holdoff time over, scheduling restart.
Sep 10 15:51:36 freepbx.sangoma.local systemd[1]: Stopped Fail2Ban Service.
Sep 10 15:51:36 freepbx.sangoma.local systemd[1]: start request repeated too quickly for fail2ban.service
Sep 10 15:51:36 freepbx.sangoma.local systemd[1]: Failed to start Fail2Ban Service.
Sep 10 15:51:36 freepbx.sangoma.local systemd[1]: Unit fail2ban.service entered failed state.
Sep 10 15:51:36 freepbx.sangoma.local systemd[1]: fail2ban.service failed.


(Sam Shomi) #7

I wish I could. It’s in firewall module which is locked down. As soon as I try insert a var_dump in the code to try see what is going on it stops working, presumable because of signature checking even though I have signature checking disabled in the GUI. Basically impossible to troubleshoot any of the PHP related stuff. I can only try turn on debug and look at what the log files are saying which is not much.


(Sam Shomi) #8

I agree. I always seem to be fighting with firewall module. Before I just wouldn’t install it at all and add my own IPTables rules from CLI. Now you need to have it installed to use fail2ban so I am forced to deal with it.


(Yois) #9

(Sam Shomi) #10

Thanks a lot! I was hoping there was some trick to get around it. Seems to me that should happen automatically when you disable signature checking in the GUI.


(Sam Shomi) #11

I am assuming you probably know this already but do you have firewall module installed and enabled? It needs to be installed AND enabled in module admin now, unfortunately. You can still have it disabled in Connectivity > Firewall. So if that firewall activation wizard thing runs say “Abort”.


(Sam Shomi) #12

My problem may be a little different. In my case fail2ban starts but keeps crashing every few minutes. My theory is that sysadmin doesn’t recognize it as running and keeps trying to start it which is causing the crash.


(Yois) #13

Silly question but are you using the distro and fail2ban 0.8.14?

If yes, what happens if you run fail2ban-client -x start


#14

Not sure I follow you. are you saying that in addition to enabling the firewall under connectivity > Fire wall it must also be enabled somewhere under Admin > Systems Admin ??


(Sam Shomi) #15

If you are seeing it under Connectivity tab it is already enabled in Admin > Module Admin. So that’s not your problem.


#16

oh, yes, the firewall module is installed and enabled…


#17

shows: 0.11.1-9.el7.2


(Yois) #18

Then you’re either not running the distro, or you hacked around the fail2ban package to upgrade it.

Sysadmin checks if fail2ban is running by using pidof, which doesn’t work in 0.11.1 because python forks the process. The fix is to change this to pgrep. There’s a JIRA for this and we’re waiting…

Meanwhile, use the 0.8.14 version in the distro.

While we’re at it, starting a post with this attitude when something broke after hacking around doesn’t seem fair to me.


#20

@yois the actual issue is I forgot the “installed” switch when I ran yum list…

I do indeed have 0.8.14-76.sng7 installed.

fail2ban-client -x start
ERROR Found no accessible config files for ‘filter.d/apache-api’ under /etc/fail2ban
ERROR Unable to read the filter
ERROR Errors in jail ‘apache-api’. Skipping…


(Yois) #21

Yeah, sorry then we’re all good now :slight_smile:. Had it been otherwise I hope you can understand where I was coming from.

This is the same issue everyone else is having, and yes it’s been broken and no one seems to care. The fix is to run the hook to create the apache jail manually, or edit jail.local and delete the apache jail.