Fail2ban wont start


(Bob Reiber) #1

I found a few threads on this and only one was able to get it going, and his fix did not work for me. This is a new instance and everything looked OK until I went to Firewall -> Advanced -> Advanced Settings -> and enabled Intrusion Detection Sync Firewall. Went back to Intrusion Detection and told it to sync IPs in the networks list and currently registered extensions. The next time I noticed the dashboard I saw that fail2ban was not running.

Now I get the same thing others have reported where I click Start in Intrusion Detection, it thinks for a second but it never starts. I tried turning off the sync setting as well as reinstalling the firewall from module admin with no luck.

service fail2ban start and restart both yield this

It suggests to do systemctl status fail2ban.service , which yields

journalctl -xe

I can see it trying and failing to start but I don’t see an obvious culprit.

PBX Version: 15.0.17.43
PBX Distro: 12.7.8-2104-1.sng7
Asterisk Version: 16.17.0


(Mvogel4949) #2

I’m seeing the same thing


(Bob Reiber) #3

I tried clearing the cache and using different browsers, so I dont think it has to do with this

Also tried rolling the firewall back to earlier version (15.0.8.9 vs 15.0.8.14), no change

Tried upgrading to edge track (15.0.12). Same result.

On another server with a similar problem I saw something about a mention ofthe zulu jail in fail2ban. I tried running the commands I found in another thread that seem to have no affect. Also tried disabling zulu with no luck.

The fail2ban log is being written to but i dont see anyone being blocked


#4

Come on @jcolp , merge it :slight_smile:


(Joshua C. Colp) #5

I’ll let the @lgaetz character merge it if he wishes.


#6

You guys might want to follow a similarly named thread current on this forum . . .


(Lorne Gaetz) #7

(Yois) #8

@lgaetz - I finally was able to repro, and the issue seems to be coming from here:

ERROR Found no accessible config files for 'filter.d/apache-api' under /etc/fail2ban
ERROR Unable to read the filter
ERROR Errors in jail 'apache-api'. Skipping...


Fail2ban won't start after update
(Lorne Gaetz) #9

As far as I can tell on the system I have, the file

/etc/fail2ban/filter.d/apache-api

Is created when sysadmin 15.0.21.66 is installed.


(Yois) #10

I have that version of sysadmin and the file does not exist


(Bob Reiber) #11

My server was on .55 when this started for what that’s worth.


(Yois) #12

Manually running
/var/www/html/admin/modules/sysadmin/hooks/fail2ban-apache-config

generates the necessary file. Checking the incron log shows that this was run but did not yield any resulting file. The hook is Zend encrypted so I can’t check the contents or tell why it’s not working.

@lgaetz - can you confirm that there’s a ticket for this?


Whoops \ Exception \ ErrorException (E_WARNING) Illegal string offset 'fail2ban_ban_time'
#13

This fixed it for me


Fail2ban won't start after update
(Simon Telephonics) #14

Did you guys yum update recently? I just added a new Distro and started with yum update which yielded this update:

sangoma-pbx-2107-3.sng7.noarch.rpm

then module upgrade and fail2ban (and everything else) are loading fine.

I mention it because the sangoma-pbx package does some work on apache.


(Yois) #15

I repro’d on 2107 too, so that’s not the issue.


(Simon Telephonics) #16

I spoke too soon. For some reason I thought it had started fine but then checked on it later and found the service had stopped with the same error as others reported. Ran the hook and solved.

Edit: I know what happened. I ran the yum update and fwconsole ma upgradeall and checked that services were running before I set up the firewall. After the updates I went through the out-of-box experience in the GUI where I configured the firewall. Once firewall was enabled, fail2ban stopped.


(Sandesh Prakash) #17

Hi,
This issue is fixed in sysadmin 15.0.21.66, can you guys please try to run

fwconsole ma downloadinstall sysadmin --tag 15.0.21.66 -f

from CLI and try to restart fail2ban.

Thank you.


(Lucas Ryan) #18

This seemed to fix it for me. Thank you.


(Bob Reiber) #19

I still get the same message about See “systemctl status fail2ban.service” and “journalctl -xe” for details.


(Yois) #20

It seems there was a typo. Try tag 15.0.21.67