FreePBX 15
Asterisk 16
Edge Modules turn on
System was rebooted and showed very high CPU. Looking at top it was Fail2Ban that was the culprit eating 98% of the CPU.
I stopped Fail2ban, ran updates on both modules and SNG7 and applied. CPU has returned to normal levels but Fail2Ban will not start.
How are you trying to start it, and does it five you any errors?
If you disable the firewall with:
fwconsole firewall disable
Can you then run:
systemctl start fail2ban
Can you also show what version of fail2ban youâre running:
yum list installed | grep fail2ban
Is your new firewall still dependant on âsystem adminâ ?
Yes, I need incron to do root commands and itâs easier to use the built-in signature verification with sysadmin then to create my own hacky way of doing it.
Thank you.
Iâm in the same boat - ran some module updates over the weekend and Fail2Ban will not start back up.
[root@freepbx ~]# fwconsole firewall disable
Broadcast message from [email protected] (Tue Jul 13 13:27:40 2021):
/etc/aterisk/firewall.lock or /etc/asterisk/firewall.enabled exists!
Refusing to shut down.
[root@freepbx ~]# systemctl start fail2ban
Job for fail2ban.service failed because the control process exited with error code. See âsystemctl status fail2ban.serviceâ and âjournalctl -xeâ for details.
[root@freepbx ~]#
thatâs exactly what I get
exactly ? typo? cut and paste error? or maybe /etc/aterisk/firewall.lock does exists 
Very new to PBX and not quite sure what youâre insinuating. Just need a little help 
This partâŚ
He means that the error is right there in what got posted. Check to see if either of those files exist and, if they do, delete them.
Not insinuating anything, if you posted exactly what you saw there is a problem, the directory /etc/aterisk should NEVER exist unless someone effed up. You can however expect the directory /etc/asterisk to exists and if there is a file called firewall.lock in that directory , well, thatâs a different story . . .
Using WinSCP I was able to navigate to the directory. I do not see a /etc/aterisk however I do see /etc/asterisk and when I expand that folder there is a file called âfirewall.enableâ
Just to confirm - it is okay to delete âfirewall.enableâ ??
thanks for all the help!
[root@advcardhackpbx asterisk]# systemctl start fail2ban
Job for fail2ban.service failed because the control process exited with error code. See âsystemctl status fail2ban.serviceâ and âjournalctl -xeâ for details.
[root@advcardhackpbx asterisk]# systemctl status fail2ban.service
â fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Tue 2021-07-13 15:25:42 EDT; 12s ago
Process: 12487 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
Process: 12486 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
Jul 13 15:25:42 advcardhackpbx.ashcortechnologies.com systemd[1]: fail2ban.service: control process exited, code=exited status=255
Jul 13 15:25:42 advcardhackpbx.ashcortechnologies.com systemd[1]: Failed to start Fail2Ban Service.
Jul 13 15:25:42 advcardhackpbx.ashcortechnologies.com systemd[1]: Unit fail2ban.service entered failed state.
Jul 13 15:25:42 advcardhackpbx.ashcortechnologies.com systemd[1]: fail2ban.service failed.
Jul 13 15:25:42 advcardhackpbx.ashcortechnologies.com systemd[1]: fail2ban.service holdoff time over, scheduling restart.
Jul 13 15:25:42 advcardhackpbx.ashcortechnologies.com systemd[1]: Stopped Fail2Ban Service.
Jul 13 15:25:42 advcardhackpbx.ashcortechnologies.com systemd[1]: start request repeated too quickly for fail2ban.service
Jul 13 15:25:42 advcardhackpbx.ashcortechnologies.com systemd[1]: Failed to start Fail2Ban Service.
Jul 13 15:25:42 advcardhackpbx.ashcortechnologies.com systemd[1]: Unit fail2ban.service entered failed state.
Jul 13 15:25:42 advcardhackpbx.ashcortechnologies.com systemd[1]: fail2ban.service failed.
[root@advcardhackpbx asterisk]#
You too, cool your jets
It is unlikely that any fail2ban service should be enabled or started until the presumably authoritative "firewall service " tells it to
You have to to proceed from where you are. The program died and left the enable file; with that still on the system, the new instance canât start.
Seems to me like there should be a problem here. I think @dicko is on the right track; you may need to start the firewall service first. In fact, if you can, it might be time to âWindows debugâ the system and power cyc le it.