Fail2ban wont start


(Bob Reiber) #3

I tried clearing the cache and using different browsers, so I dont think it has to do with this

Also tried rolling the firewall back to earlier version (15.0.8.9 vs 15.0.8.14), no change

Tried upgrading to edge track (15.0.12). Same result.

On another server with a similar problem I saw something about a mention ofthe zulu jail in fail2ban. I tried running the commands I found in another thread that seem to have no affect. Also tried disabling zulu with no luck.

The fail2ban log is being written to but i dont see anyone being blocked


#4

Come on @jcolp , merge it :slight_smile:


(Joshua C. Colp) #5

I’ll let the @lgaetz character merge it if he wishes.


#6

You guys might want to follow a similarly named thread current on this forum . . .


(Lorne Gaetz) #7

(Yois) #8

@lgaetz - I finally was able to repro, and the issue seems to be coming from here:

ERROR Found no accessible config files for 'filter.d/apache-api' under /etc/fail2ban
ERROR Unable to read the filter
ERROR Errors in jail 'apache-api'. Skipping...


Fail2ban won't start after update
(Lorne Gaetz) #9

As far as I can tell on the system I have, the file

/etc/fail2ban/filter.d/apache-api

Is created when sysadmin 15.0.21.66 is installed.


(Yois) #10

I have that version of sysadmin and the file does not exist


(Bob Reiber) #11

My server was on .55 when this started for what that’s worth.


(Yois) #12

Manually running
/var/www/html/admin/modules/sysadmin/hooks/fail2ban-apache-config

generates the necessary file. Checking the incron log shows that this was run but did not yield any resulting file. The hook is Zend encrypted so I can’t check the contents or tell why it’s not working.

@lgaetz - can you confirm that there’s a ticket for this?


Fail2ban not starting - Default installation STABLE SNG7-PBX-64bit-2104-1
Whoops \ Exception \ ErrorException (E_WARNING) Illegal string offset 'fail2ban_ban_time'
#13

This fixed it for me


Fail2ban won't start after update
Finally Upgrading!
(Simon Telephonics) #14

Did you guys yum update recently? I just added a new Distro and started with yum update which yielded this update:

sangoma-pbx-2107-3.sng7.noarch.rpm

then module upgrade and fail2ban (and everything else) are loading fine.

I mention it because the sangoma-pbx package does some work on apache.


(Yois) #15

I repro’d on 2107 too, so that’s not the issue.


[System 40] fail2ban should always be running
(Simon Telephonics) #16

I spoke too soon. For some reason I thought it had started fine but then checked on it later and found the service had stopped with the same error as others reported. Ran the hook and solved.

Edit: I know what happened. I ran the yum update and fwconsole ma upgradeall and checked that services were running before I set up the firewall. After the updates I went through the out-of-box experience in the GUI where I configured the firewall. Once firewall was enabled, fail2ban stopped.


(Sandesh Prakash) #17

Hi,
This issue is fixed in sysadmin 15.0.21.66, can you guys please try to run

fwconsole ma downloadinstall sysadmin --tag 15.0.21.66 -f

from CLI and try to restart fail2ban.

Thank you.


(Lucas Ryan) #18

This seemed to fix it for me. Thank you.


(Bob Reiber) #19

I still get the same message about See “systemctl status fail2ban.service” and “journalctl -xe” for details.


(Yois) #20

It seems there was a typo. Try tag 15.0.21.67


(Bob Reiber) #21

Now I get a slightly different message that includes: .
To force a start use “systemctl reset-failed fail2ban.service” followed by “sysemctl start fail2ban.service” again.

Can’t tell what’s happening after doing the first command but after the second command I’m back to square 1

Do I need to reboot?


(Jeremy Lizzotte) #22

Has Fail2ban issue been resolved yet? I have FreePBX 15 PBXes that wont start Fail2Ban, even after upgrading sysadmin.