Fail2ban Disabled after System Activation

We are migrating an installtion on an internal server to a cloud hosted server, and following activation of the installtion the fail2ban service fails to start stating that is disabled ‘vendor preset: disabled’ and we have been unable to locate any documentation on how to circumvent this.
If anyone knows how we can enable the fail2ban service, your assistance would be greatly appreciated.

I have some rough notes for something that worked for me if you don’t need Zulu, which seemed to be interfering with Fail2Ban following a migration. Obviously be careful if you do need Zulu. I can’t be sure if there is a step here that was unnecessary or incorrect, so please take a snapshot and proceed with caution, and take any advice from others if it is offered:

Is fail2ban broken?
Install Zulu if it isn’t installed
[root@pbx ~]# service fail2ban restart
Systemd shim for fail2ban running ‘/usr/sbin/systemctl restart fail2ban’
Job for fail2ban.service failed because the control process exited with error code. See “systemctl status fail2ban.service” and “journalctl -xe” for details.
[root@pbx ~]# fwconsole ma remove zulu
Stopping old running processes…Zulu Server is not running
Done

[root@pbx ~]# /var/www/html/admin/modules/sysadmin/hooks/fail2ban-apache-config
[root@pbx ~]# systemctl reset-failed fail2ban.service
[root@pbx ~]# systemctl start fail2ban.service
[root@pbx ~]# fwconsole reload
[root@pbx ~]# fwconsole chown
[root@pbx ~]# fwconsole restart
Is fail2ban now working?

After attempting the above, the output from the final restart included the following failure message:

Restarting fail2ban
fail2ban Restart failed Failed: The command “systemctl restart fail2ban” failed.

Exit Code: 1(General error)

Working directory: /etc

Output:

Error Output:

Job for fail2ban.service failed because the control process exited with error code. See “systemctl status fail2ban.service” and “journalctl -xe” for details.

when checking the status, the following output is received:
fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Tue 2023-03-14 16:03:15 EDT; 5min ago
Process: 26361 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
Process: 26358 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)

Mar 14 16:03:15 VM-WP-FPBX-01 systemd[1]: Failed to start Fail2Ban Service.
Mar 14 16:03:15 VM-WP-FPBX-01 systemd[1]: Unit fail2ban.service entered failed state.
Mar 14 16:03:15 VM-WP-FPBX-01 systemd[1]: fail2ban.service failed.
Mar 14 16:03:15 VM-WP-FPBX-01 systemd[1]: fail2ban.service holdoff time over, scheduling restart.
Mar 14 16:03:15 VM-WP-FPBX-01 systemd[1]: Stopped Fail2Ban Service.
Mar 14 16:03:15 VM-WP-FPBX-01 systemd[1]: start request repeated too quickly for fail2ban.service
Mar 14 16:03:15 VM-WP-FPBX-01 systemd[1]: Failed to start Fail2Ban Service.
Mar 14 16:03:15 VM-WP-FPBX-01 systemd[1]: Unit fail2ban.service entered failed state.
Mar 14 16:03:15 VM-WP-FPBX-01 systemd[1]: fail2ban.service failed.

Did you do anything with Zulu?

Run from a a shell


/usr/bin/fail2ban-client -tx start

( -t is ‘test’ )

Kierknoby, I checked and Zulu was not enabled, but will try again.

Dicko, -t is not an option (output of that command line was the ‘usage’ details)… version reports Fail2Ban v0.8.14

Well, in an interesting turn of events following updates (core and modules) and installing the SMS and Zulu Modules the fail2ban services is now working again… As there were numerous module updates I am not certain what actually resolved the error (could have been Zulu, or could have been Core).

I appreciate all the assistance regardless.

1 Like

Might not be your issue here, but oftentimes running journalctl -xe and looking at the errors will indicate a missing log file that needs to be created. After that, a quick “service fail2ban start” will get you up again.

That is just one improvement made over the last eight years by fail2ban, check with your provider :wink:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.