Fail2ban not starting

FreePBX Security
1

Hi,

I have a fresh installation of Freepbx V16 all on the latest version but I can’t enable Intrusion Detection, when I hit the start button I get please wait then a few second later simply says stopped

2

look in /var/log/fail2ban.log

3

Hello Dicko, Can you explain it a bit more exactly whats needed please.

4

when fail2ban is started it starts writing progress lines to that file and continues to do so until it stops running, read it.

5

I get permission denied

6

did you tied with cat command ?
cat /var/log/fail2ban.log

7

I think that worked

2021-11-17 22:31:42,832 fail2ban.server [23228]: INFO Stopping all jails
2021-11-17 22:31:43,839 fail2ban.jail [23228]: INFO Jail ‘apache-tcpwrapper’ stopped
2021-11-17 22:31:44,826 fail2ban.actions.action[23228]: ERROR iptables -D INPUT -p all -j fai l2ban-recidive
iptables -F fail2ban-recidive
iptables -X fail2ban-recidive returned 100
2021-11-17 22:31:44,827 fail2ban.jail [23228]: INFO Jail ‘recidive’ stopped
2021-11-17 22:31:45,828 fail2ban.actions.action[23228]: ERROR iptables -D INPUT -p tcp --dpor t ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100
2021-11-17 22:31:45,829 fail2ban.jail [23228]: INFO Jail ‘ssh-iptables’ stopped
2021-11-17 22:31:46,829 fail2ban.actions.action[23228]: ERROR iptables -D INPUT -p tcp -m mul tiport --dports http,https -j fail2ban-BadBots
iptables -F fail2ban-BadBots
iptables -X fail2ban-BadBots returned 100
2021-11-17 22:31:46,830 fail2ban.jail [23228]: INFO Jail ‘apache-badbots’ stopped
2021-11-17 22:31:47,832 fail2ban.actions.action[23228]: ERROR iptables -D INPUT -p all -j fai l2ban-PBX-GUI
iptables -F fail2ban-PBX-GUI
iptables -X fail2ban-PBX-GUI returned 100
2021-11-17 22:31:47,833 fail2ban.jail [23228]: INFO Jail ‘pbx-gui’ stopped
2021-11-17 22:31:48,831 fail2ban.actions.action[23228]: ERROR iptables -D INPUT -p all -j fai l2ban-SIP
iptables -F fail2ban-SIP
iptables -X fail2ban-SIP returned 100
2021-11-17 22:31:48,832 fail2ban.jail [23228]: INFO Jail ‘asterisk-iptables’ stopped
2021-11-17 22:31:49,832 fail2ban.actions.action[23228]: ERROR iptables -D INPUT -p tcp --dpor t ftp -j fail2ban-FTP
iptables -F fail2ban-FTP
iptables -X fail2ban-FTP returned 100
2021-11-17 22:31:49,832 fail2ban.jail [23228]: INFO Jail ‘vsftpd-iptables’ stopped
2021-11-17 22:31:49,833 fail2ban.server [23228]: INFO Exiting Fail2ban
2024-03-12 00:29:35,177 fail2ban.server [7880]: INFO Changed logging target to /var/log/fail 2ban.log for Fail2ban v0.8.14
2024-03-12 00:29:35,178 fail2ban.jail [7880]: INFO Creating new jail ‘asterisk-iptables’
2024-03-12 00:29:35,180 fail2ban.jail [7880]: INFO Jail ‘asterisk-iptables’ uses Gamin
2024-03-12 00:29:35,245 fail2ban.jail [7880]: INFO Initiated ‘gamin’ backend
2024-03-12 00:29:35,247 fail2ban.filter [7880]: INFO Added logfile = /var/log/asterisk/fail2 ban
2024-03-12 00:29:35,248 fail2ban.filter [7880]: INFO Set maxRetry = 5
2024-03-12 00:29:35,249 fail2ban.filter [7880]: INFO Set findtime = 600
2024-03-12 00:29:35,250 fail2ban.actions[7880]: INFO Set banTime = 1800
2024-03-12 00:29:35,316 fail2ban.jail [7880]: INFO Creating new jail ‘pbx-gui’
2024-03-12 00:29:35,316 fail2ban.jail [7880]: INFO Jail ‘pbx-gui’ uses Gamin
2024-03-12 00:29:35,316 fail2ban.jail [7880]: INFO Initiated ‘gamin’ backend
2024-03-12 00:29:35,317 fail2ban.filter [7880]: INFO Added logfile = /var/log/asterisk/freep bx_security.log
2024-03-12 00:29:35,318 fail2ban.filter [7880]: INFO Set maxRetry = 5
2024-03-12 00:29:35,318 fail2ban.filter [7880]: INFO Set findtime = 600
2024-03-12 00:29:35,318 fail2ban.actions[7880]: INFO Set banTime = 1800
2024-03-12 00:29:35,324 fail2ban.jail [7880]: INFO Creating new jail ‘ssh-iptables’
2024-03-12 00:29:35,325 fail2ban.jail [7880]: INFO Jail ‘ssh-iptables’ uses Gamin
2024-03-12 00:29:35,325 fail2ban.jail [7880]: INFO Initiated ‘gamin’ backend
2024-03-12 00:29:35,326 fail2ban.filter [7880]: INFO Added logfile = /var/log/secure
2024-03-12 00:29:35,326 fail2ban.filter [7880]: INFO Set maxRetry = 3
2024-03-12 00:29:35,327 fail2ban.filter [7880]: INFO Set findtime = 600
2024-03-12 00:29:35,327 fail2ban.actions[7880]: INFO Set banTime = 1800
2024-03-12 00:29:35,359 fail2ban.jail [7880]: INFO Creating new jail ‘apache-tcpwrapper’
2024-03-12 00:29:35,360 fail2ban.jail [7880]: INFO Jail ‘apache-tcpwrapper’ uses Gamin
2024-03-12 00:29:35,360 fail2ban.jail [7880]: INFO Initiated ‘gamin’ backend
2024-03-12 00:29:35,361 fail2ban.filter [7880]: INFO Added logfile = /var/log/httpd/error_lo g
2024-03-12 00:29:35,361 fail2ban.filter [7880]: INFO Set maxRetry = 3
2024-03-12 00:29:35,362 fail2ban.filter [7880]: INFO Set findtime = 600

8

What you have in your F2B Gui ? Can you pls share screenshot.

9

Hi,

Also run this “ls -lh /usr/bin/fail2ban-*” to see if fail2ban scripts are enabled

10

The error lines all contain spurious spaces, e.g., fai l2ban
If that’s not an artifact of the forum posting, track down the source.

11

image
image1920×1080 220 KB

12

[root@freepbx16oncentos78-s-2vcpu-4gb-120gb-intel-syd1-01 ~]# ls -lh /usr/bin/fail2ban-*
-rwxr-xr-x 1 root root 240 Jan 5 2022 /usr/bin/fail2ban-check
-rwxr-xr-x 1 root root 13K Jan 5 2022 /usr/bin/fail2ban-client
-rwxr-xr-x 1 root root 14K Jan 5 2022 /usr/bin/fail2ban-regex
-rwxr-xr-x 1 root root 4.4K Jan 5 2022 /usr/bin/fail2ban-server

14

Hi @voip-system
Could you pls do that for us.
1st - Open CLI terminal and Run that command → tail -f /var/log/fail2ban.log
2nd - Press to START Button to generate F2B Service error logs.

Thanks.

15

2024-03-12 01:55:10,381 fail2ban.jail [9918]: INFO Jail ‘apache-tcpwrapper’ stopped
2024-03-12 01:55:10,712 fail2ban.jail [9918]: INFO Jail ‘recidive’ stopped
2024-03-12 01:55:11,588 fail2ban.jail [9918]: INFO Jail ‘ssh-iptables’ stopped
2024-03-12 01:55:12,316 fail2ban.jail [9918]: INFO Jail ‘apache-badbots’ stopped
2024-03-12 01:55:13,315 fail2ban.jail [9918]: INFO Jail ‘pbx-gui’ stopped
2024-03-12 01:55:13,749 fail2ban.actions[9918]: WARNING [asterisk-iptables] Unban 45.155.91.7
2024-03-12 01:55:13,759 fail2ban.actions[9918]: WARNING [asterisk-iptables] Unban 45.155.91.11
2024-03-12 01:55:13,776 fail2ban.jail [9918]: INFO Jail ‘asterisk-iptables’ stopped
2024-03-12 01:55:14,604 fail2ban.jail [9918]: INFO Jail ‘vsftpd-iptables’ stopped
2024-03-12 01:55:14,605 fail2ban.server [9918]: INFO Exiting Fail2ban

16

tail -f only gives 10 lines and follows but you didn’t press the start button as requested, if you wont do that we need to see more , try
tail -50 /var/log/fail2ban.log

17

[root@freepbx16oncentos78-s-2vcpu-4gb-120gb-intel-syd1-01 ~]# tail -50 /var/log/fail2ban.log
2024-03-12 00:29:53,095 fail2ban.jail [9918]: INFO Jail ‘apache-tcpwrapper’ uses Gamin
2024-03-12 00:29:53,095 fail2ban.jail [9918]: INFO Initiated ‘gamin’ backend
2024-03-12 00:29:53,096 fail2ban.filter [9918]: INFO Added logfile = /var/log/httpd/error_log
2024-03-12 00:29:53,097 fail2ban.filter [9918]: INFO Set maxRetry = 3
2024-03-12 00:29:53,098 fail2ban.filter [9918]: INFO Set findtime = 600
2024-03-12 00:29:53,098 fail2ban.actions[9918]: INFO Set banTime = 1800
2024-03-12 00:29:53,129 fail2ban.jail [9918]: INFO Creating new jail ‘vsftpd-iptables’
2024-03-12 00:29:53,129 fail2ban.jail [9918]: INFO Jail ‘vsftpd-iptables’ uses Gamin
2024-03-12 00:29:53,130 fail2ban.jail [9918]: INFO Initiated ‘gamin’ backend
2024-03-12 00:29:53,131 fail2ban.filter [9918]: INFO Added logfile = /var/log/vsftpd.log
2024-03-12 00:29:53,131 fail2ban.filter [9918]: INFO Set maxRetry = 3
2024-03-12 00:29:53,132 fail2ban.filter [9918]: INFO Set findtime = 600
2024-03-12 00:29:53,132 fail2ban.actions[9918]: INFO Set banTime = 1800
2024-03-12 00:29:53,145 fail2ban.jail [9918]: INFO Creating new jail ‘apache-badbots’
2024-03-12 00:29:53,145 fail2ban.jail [9918]: INFO Jail ‘apache-badbots’ uses Gamin
2024-03-12 00:29:53,146 fail2ban.jail [9918]: INFO Initiated ‘gamin’ backend
2024-03-12 00:29:53,146 fail2ban.filter [9918]: INFO Added logfile = /var/log/httpd/access_log
2024-03-12 00:29:53,147 fail2ban.filter [9918]: INFO Added logfile = /var/log/httpd/ssl_access_log
2024-03-12 00:29:53,147 fail2ban.filter [9918]: INFO Set maxRetry = 1
2024-03-12 00:29:53,148 fail2ban.filter [9918]: INFO Set findtime = 600
2024-03-12 00:29:53,148 fail2ban.actions[9918]: INFO Set banTime = 1800
2024-03-12 00:29:53,163 fail2ban.jail [9918]: INFO Creating new jail ‘recidive’
2024-03-12 00:29:53,163 fail2ban.jail [9918]: INFO Jail ‘recidive’ uses Gamin
2024-03-12 00:29:53,164 fail2ban.jail [9918]: INFO Initiated ‘gamin’ backend
2024-03-12 00:29:53,165 fail2ban.filter [9918]: INFO Added logfile = /var/log/fail2ban.log
2024-03-12 00:29:53,165 fail2ban.filter [9918]: INFO Set maxRetry = 20
2024-03-12 00:29:53,166 fail2ban.filter [9918]: INFO Set findtime = 86400
2024-03-12 00:29:53,166 fail2ban.actions[9918]: INFO Set banTime = 604800
2024-03-12 00:29:53,176 fail2ban.jail [9918]: INFO Jail ‘asterisk-iptables’ started
2024-03-12 00:29:53,194 fail2ban.jail [9918]: INFO Jail ‘pbx-gui’ started
2024-03-12 00:29:53,198 fail2ban.jail [9918]: INFO Jail ‘ssh-iptables’ started
2024-03-12 00:29:53,208 fail2ban.jail [9918]: INFO Jail ‘apache-tcpwrapper’ started
2024-03-12 00:29:53,216 fail2ban.jail [9918]: INFO Jail ‘vsftpd-iptables’ started
2024-03-12 00:29:53,226 fail2ban.jail [9918]: INFO Jail ‘apache-badbots’ started
2024-03-12 00:29:53,227 fail2ban.jail [9918]: INFO Jail ‘recidive’ started
2024-03-12 01:22:46,561 fail2ban.actions[9918]: WARNING [asterisk-iptables] Ban 45.155.91.11
2024-03-12 01:36:55,496 fail2ban.actions[9918]: WARNING [asterisk-iptables] Ban 45.155.91.7
2024-03-12 01:52:47,556 fail2ban.actions[9918]: WARNING [asterisk-iptables] Unban 45.155.91.11
2024-03-12 01:53:07,586 fail2ban.actions[9918]: WARNING [asterisk-iptables] Ban 45.155.91.11
2024-03-12 01:55:09,413 fail2ban.server [9918]: INFO Stopping all jails
2024-03-12 01:55:10,381 fail2ban.jail [9918]: INFO Jail ‘apache-tcpwrapper’ stopped
2024-03-12 01:55:10,712 fail2ban.jail [9918]: INFO Jail ‘recidive’ stopped
2024-03-12 01:55:11,588 fail2ban.jail [9918]: INFO Jail ‘ssh-iptables’ stopped
2024-03-12 01:55:12,316 fail2ban.jail [9918]: INFO Jail ‘apache-badbots’ stopped
2024-03-12 01:55:13,315 fail2ban.jail [9918]: INFO Jail ‘pbx-gui’ stopped
2024-03-12 01:55:13,749 fail2ban.actions[9918]: WARNING [asterisk-iptables] Unban 45.155.91.7
2024-03-12 01:55:13,759 fail2ban.actions[9918]: WARNING [asterisk-iptables] Unban 45.155.91.11
2024-03-12 01:55:13,776 fail2ban.jail [9918]: INFO Jail ‘asterisk-iptables’ stopped
2024-03-12 01:55:14,604 fail2ban.jail [9918]: INFO Jail ‘vsftpd-iptables’ stopped
2024-03-12 01:55:14,605 fail2ban.server [9918]: INFO Exiting Fail2ban
[root@freepbx16oncentos78-s-2vcpu-4gb-120gb-intel-syd1-01 ~]#

18

Something stopped it
2024-03-12 01:55:09

II might suspect a ‘protection against lockout’ mechanism is in place. but it is deliberate so you might have been compromised by your friends from Palestine

whois -h whois.cymru.com  '  -v 45.155.91.11'
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
47154   | 45.155.91.11     | 45.155.91.0/24      | HK | ripencc  | 2019-09-18 | HUSAM-NETWORK, PS

(All those Palestinian attacks can be stopped by moving to TLS)

19

In my experience, this is usually due to a missing logfile for a jail. You can determine that with
`

systemctl start fail2ban

Then when it fails

journalctl -xe

`
Will usually tell you what went wrong. If it is a missing log, you can just execute

`

touch /var/log/[missing log]

`

Then thry to start fail2ban again.

20

Not in this case, it weas running fine until

then was cleanly stopped

21

This has worked for me in the past

Edit jail.local and remove or comment out the Zulu jail

systemctl start fail2ban.service