Fail2ban wont start

@lgaetz - I finally was able to repro, and the issue seems to be coming from here:

ERROR Found no accessible config files for 'filter.d/apache-api' under /etc/fail2ban
ERROR Unable to read the filter
ERROR Errors in jail 'apache-api'. Skipping...

2 Likes

As far as I can tell on the system I have, the file

/etc/fail2ban/filter.d/apache-api

Is created when sysadmin 15.0.21.66 is installed.

I have that version of sysadmin and the file does not exist

My server was on .55 when this started for what that’s worth.

Manually running
/var/www/html/admin/modules/sysadmin/hooks/fail2ban-apache-config

generates the necessary file. Checking the incron log shows that this was run but did not yield any resulting file. The hook is Zend encrypted so I can’t check the contents or tell why it’s not working.

@lgaetz - can you confirm that there’s a ticket for this?

6 Likes

This fixed it for me

2 Likes

Did you guys yum update recently? I just added a new Distro and started with yum update which yielded this update:

sangoma-pbx-2107-3.sng7.noarch.rpm

then module upgrade and fail2ban (and everything else) are loading fine.

I mention it because the sangoma-pbx package does some work on apache.

I repro’d on 2107 too, so that’s not the issue.

I spoke too soon. For some reason I thought it had started fine but then checked on it later and found the service had stopped with the same error as others reported. Ran the hook and solved.

Edit: I know what happened. I ran the yum update and fwconsole ma upgradeall and checked that services were running before I set up the firewall. After the updates I went through the out-of-box experience in the GUI where I configured the firewall. Once firewall was enabled, fail2ban stopped.

Hi,
This issue is fixed in sysadmin 15.0.21.66, can you guys please try to run

fwconsole ma downloadinstall sysadmin --tag 15.0.21.66 -f

from CLI and try to restart fail2ban.

Thank you.

5 Likes

This seemed to fix it for me. Thank you.

I still get the same message about See “systemctl status fail2ban.service” and “journalctl -xe” for details.

It seems there was a typo. Try tag 15.0.21.67

Now I get a slightly different message that includes: .
To force a start use “systemctl reset-failed fail2ban.service” followed by “sysemctl start fail2ban.service” again.

Can’t tell what’s happening after doing the first command but after the second command I’m back to square 1

Do I need to reboot?

Has Fail2ban issue been resolved yet? I have FreePBX 15 PBXes that wont start Fail2Ban, even after upgrading sysadmin.

I dont think so. I just tried upgrading sys admin and the firewall and see no difference.

Did either of you try this:

Yes and that did not work, same error message. I looked through all of these recent threads before I left the question asking if it was resolved