I found a few threads on this and only one was able to get it going, and his fix did not work for me. This is a new instance and everything looked OK until I went to Firewall → Advanced → Advanced Settings → and enabled Intrusion Detection Sync Firewall. Went back to Intrusion Detection and told it to sync IPs in the networks list and currently registered extensions. The next time I noticed the dashboard I saw that fail2ban was not running.
Now I get the same thing others have reported where I click Start in Intrusion Detection, it thinks for a second but it never starts. I tried turning off the sync setting as well as reinstalling the firewall from module admin with no luck.
service fail2ban start and restart both yield this
Also tried rolling the firewall back to earlier version (15.0.8.9 vs 15.0.8.14), no change
Tried upgrading to edge track (15.0.12). Same result.
On another server with a similar problem I saw something about a mention ofthe zulu jail in fail2ban. I tried running the commands I found in another thread that seem to have no affect. Also tried disabling zulu with no luck.
The fail2ban log is being written to but i dont see anyone being blocked
@lgaetz - I finally was able to repro, and the issue seems to be coming from here:
ERROR Found no accessible config files for 'filter.d/apache-api' under /etc/fail2ban ERROR Unable to read the filter ERROR Errors in jail 'apache-api'. Skipping...
generates the necessary file. Checking the incron log shows that this was run but did not yield any resulting file. The hook is Zend encrypted so I can’t check the contents or tell why it’s not working.
@lgaetz - can you confirm that there’s a ticket for this?
I spoke too soon. For some reason I thought it had started fine but then checked on it later and found the service had stopped with the same error as others reported. Ran the hook and solved.
Edit: I know what happened. I ran the yum update and fwconsole ma upgradeall and checked that services were running before I set up the firewall. After the updates I went through the out-of-box experience in the GUI where I configured the firewall. Once firewall was enabled, fail2ban stopped.