Fail2ban wont start

I found a few threads on this and only one was able to get it going, and his fix did not work for me. This is a new instance and everything looked OK until I went to Firewall → Advanced → Advanced Settings → and enabled Intrusion Detection Sync Firewall. Went back to Intrusion Detection and told it to sync IPs in the networks list and currently registered extensions. The next time I noticed the dashboard I saw that fail2ban was not running.

Now I get the same thing others have reported where I click Start in Intrusion Detection, it thinks for a second but it never starts. I tried turning off the sync setting as well as reinstalling the firewall from module admin with no luck.

service fail2ban start and restart both yield this

image992×119 6.42 KB

It suggests to do systemctl status fail2ban.service , which yields

image1232×406 23.5 KB

journalctl -xe

image1948×952 70.1 KB

I can see it trying and failing to start but I don’t see an obvious culprit.

PBX Version: 15.0.17.43
PBX Distro: 12.7.8-2104-1.sng7
Asterisk Version: 16.17.0

I’m seeing the same thing

I tried clearing the cache and using different browsers, so I dont think it has to do with this

image2038×131 12.9 KB

Also tried rolling the firewall back to earlier version (15.0.8.9 vs 15.0.8.14), no change

Tried upgrading to edge track (15.0.12). Same result.

On another server with a similar problem I saw something about a mention ofthe zulu jail in fail2ban. I tried running the commands I found in another thread that seem to have no affect. Also tried disabling zulu with no luck.

The fail2ban log is being written to but i dont see anyone being blocked

Come on @jcolp , merge it

I’ll let the @lgaetz character merge it if he wishes.

You guys might want to follow a similarly named thread current on this forum . . .

@lgaetz - I finally was able to repro, and the issue seems to be coming from here:

ERROR Found no accessible config files for 'filter.d/apache-api' under /etc/fail2ban
ERROR Unable to read the filter
ERROR Errors in jail 'apache-api'. Skipping...

As far as I can tell on the system I have, the file

/etc/fail2ban/filter.d/apache-api

Is created when sysadmin 15.0.21.66 is installed.

I have that version of sysadmin and the file does not exist

My server was on .55 when this started for what that’s worth.

Manually running
/var/www/html/admin/modules/sysadmin/hooks/fail2ban-apache-config

generates the necessary file. Checking the incron log shows that this was run but did not yield any resulting file. The hook is Zend encrypted so I can’t check the contents or tell why it’s not working.

@lgaetz - can you confirm that there’s a ticket for this?

This fixed it for me

Did you guys yum update recently? I just added a new Distro and started with yum update which yielded this update:

sangoma-pbx-2107-3.sng7.noarch.rpm

then module upgrade and fail2ban (and everything else) are loading fine.

I mention it because the sangoma-pbx package does some work on apache.

I repro’d on 2107 too, so that’s not the issue.

I spoke too soon. For some reason I thought it had started fine but then checked on it later and found the service had stopped with the same error as others reported. Ran the hook and solved.

Edit: I know what happened. I ran the yum update and fwconsole ma upgradeall and checked that services were running before I set up the firewall. After the updates I went through the out-of-box experience in the GUI where I configured the firewall. Once firewall was enabled, fail2ban stopped.

Hi,
This issue is fixed in sysadmin 15.0.21.66, can you guys please try to run

fwconsole ma downloadinstall sysadmin --tag 15.0.21.66 -f

from CLI and try to restart fail2ban.

Thank you.

This seemed to fix it for me. Thank you.

I still get the same message about See “systemctl status fail2ban.service” and “journalctl -xe” for details.

It seems there was a typo. Try tag 15.0.21.67