Intrusion detection will not start


(Ariel Pena) #1

Hey Guys I have the firewall enabled, however the Intrusion detection will not

intrusion%20detection fail2band start. I click on start and it immediately goes to stopped. also on the main page the fai2band shows


(Itzik) #2

Try running

fwconsole chown
fwconsole reload
service fail2ban restart

And post the output of the last command


(Ariel Pena) #3

[root@freepbx ~]# fwconsole chown
Taking too long? Customize the chown command, See http://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf
Setting Permissionsā€¦
Setting base permissionsā€¦^[[A^[[A^[[B^[[BDone Setting specific permissionsā€¦ 43687 [============================]
Finished setting permissions

[root@freepbx ~]# fwconsole reload
Reloading FreePBX
Successfully reloaded

[root@freepbx ~]# service fail2band restart
Redirecting to /bin/systemctl restart fail2band.service
Failed to restart fail2band.service: Unit not found.


#4

It is fail2ban not fail2band , post the output of

fail2ban-client  -t
systemctl status fail2ban

(Ariel Pena) #5

systemctl status fail2ban
ā— fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Sun 2021-02-07 11:47:13 MST; 1min 13s ago
Process: 4589 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
Process: 4587 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)

Feb 07 11:47:12 freepbx.sangoma.local systemd[1]: fail2ban.service: control process exited, code=exited status=255
Feb 07 11:47:12 freepbx.sangoma.local systemd[1]: Failed to start Fail2Ban Service.
Feb 07 11:47:12 freepbx.sangoma.local systemd[1]: Unit fail2ban.service entered failed state.
Feb 07 11:47:12 freepbx.sangoma.local systemd[1]: fail2ban.service failed.
Feb 07 11:47:13 freepbx.sangoma.local systemd[1]: fail2ban.service holdoff time over, scheduling restart.
Feb 07 11:47:13 freepbx.sangoma.local systemd[1]: Stopped Fail2Ban Service.
Feb 07 11:47:13 freepbx.sangoma.local systemd[1]: start request repeated too quickly for fail2ban.service
Feb 07 11:47:13 freepbx.sangoma.local systemd[1]: Failed to start Fail2Ban Service.
Feb 07 11:47:13 freepbx.sangoma.local systemd[1]: Unit fail2ban.service entered failed state.
Feb 07 11:47:13 freepbx.sangoma.local systemd[1]: fail2ban.service failed.
[root@freepbx ~]#


(Ariel Pena) #6

[root@freepbx ~]# fail2ban-client -t
Usage: /usr/bin/fail2ban-client [OPTIONS]

Fail2Ban v0.8.14 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.

Options:
-c configuration directory
-s socket path
-p pidfile path
-d dump configuration. For debugging
-i interactive mode
-v increase verbosity
-q decrease verbosity
-x force execution of the server (remove socket file)
-h, --help display this help message
-V, --version print the version

Command:
BASIC
start starts the server and the jails
reload reloads the configuration
reload reloads the jail
stop stops all jails and terminate the
server
status gets the current status of the
server
ping tests if the server is alive
help return this output

                                         LOGGING
set loglevel <LEVEL>                     sets logging level to <LEVEL>. 0
                                         is minimal, 4 is debug
get loglevel                             gets the logging level
set logtarget <TARGET>                   sets logging target to <TARGET>.
                                         Can be STDOUT, STDERR, SYSLOG or a
                                         file
get logtarget                            gets logging target
flushlogs                                flushes the logtarget if a file
                                         and reopens it. For log rotation.

                                         JAIL CONTROL
add <JAIL> <BACKEND>                     creates <JAIL> using <BACKEND>
start <JAIL>                             starts the jail <JAIL>
stop <JAIL>                              stops the jail <JAIL>. The jail is
                                         removed
status <JAIL>                            gets the current status of <JAIL>

                                         JAIL CONFIGURATION
set <JAIL> idle on|off                   sets the idle state of <JAIL>
set <JAIL> addignoreip <IP>              adds <IP> to the ignore list of
                                         <JAIL>
set <JAIL> delignoreip <IP>              removes <IP> from the ignore list
                                         of <JAIL>
set <JAIL> addlogpath <FILE>             adds <FILE> to the monitoring list
                                         of <JAIL>
set <JAIL> dellogpath <FILE>             removes <FILE> from the monitoring
                                         list of <JAIL>
set <JAIL> addfailregex <REGEX>          adds the regular expression
                                         <REGEX> which must match failures
                                         for <JAIL>
set <JAIL> delfailregex <INDEX>          removes the regular expression at
                                         <INDEX> for failregex
set <JAIL> ignorecommand <VALUE>         sets ignorecommand of <JAIL>
set <JAIL> addignoreregex <REGEX>        adds the regular expression
                                         <REGEX> which should match pattern
                                         to exclude for <JAIL>
set <JAIL> delignoreregex <INDEX>        removes the regular expression at
                                         <INDEX> for ignoreregex
set <JAIL> findtime <TIME>               sets the number of seconds <TIME>
                                         for which the filter will look
                                         back for <JAIL>
set <JAIL> bantime <TIME>                sets the number of seconds <TIME>
                                         a host will be banned for <JAIL>
set <JAIL> usedns <VALUE>                sets the usedns mode for <JAIL>
set <JAIL> banip <IP>                    manually Ban <IP> for <JAIL>
set <JAIL> unbanip <IP>                  manually Unban <IP> in <JAIL>
set <JAIL> maxretry <RETRY>              sets the number of failures
                                         <RETRY> before banning the host
                                         for <JAIL>
set <JAIL> addaction <ACT>               adds a new action named <NAME> for
                                         <JAIL>
set <JAIL> delaction <ACT>               removes the action <NAME> from
                                         <JAIL>
set <JAIL> setcinfo <ACT> <KEY> <VALUE>  sets <VALUE> for <KEY> of the
                                         action <NAME> for <JAIL>
set <JAIL> delcinfo <ACT> <KEY>          removes <KEY> for the action
                                         <NAME> for <JAIL>
set <JAIL> actionstart <ACT> <CMD>       sets the start command <CMD> of
                                         the action <ACT> for <JAIL>
set <JAIL> actionstop <ACT> <CMD>        sets the stop command <CMD> of the
                                         action <ACT> for <JAIL>
set <JAIL> actioncheck <ACT> <CMD>       sets the check command <CMD> of
                                         the action <ACT> for <JAIL>
set <JAIL> actionban <ACT> <CMD>         sets the ban command <CMD> of the
                                         action <ACT> for <JAIL>
set <JAIL> actionunban <ACT> <CMD>       sets the unban command <CMD> of
                                         the action <ACT> for <JAIL>

                                         JAIL INFORMATION
get <JAIL> logpath                       gets the list of the monitored
                                         files for <JAIL>
get <JAIL> ignoreip                      gets the list of ignored IP
                                         addresses for <JAIL>
get <JAIL> ignorecommand                 gets ignorecommand of <JAIL>
get <JAIL> failregex                     gets the list of regular
                                         expressions which matches the
                                         failures for <JAIL>
get <JAIL> ignoreregex                   gets the list of regular
                                         expressions which matches patterns
                                         to ignore for <JAIL>
get <JAIL> findtime                      gets the time for which the filter
                                         will look back for failures for
                                         <JAIL>
get <JAIL> bantime                       gets the time a host is banned for
                                         <JAIL>
get <JAIL> usedns                        gets the usedns setting for <JAIL>
get <JAIL> maxretry                      gets the number of failures
                                         allowed for <JAIL>
get <JAIL> addaction                     gets the last action which has
                                         been added for <JAIL>
get <JAIL> actionstart <ACT>             gets the start command for the
                                         action <ACT> for <JAIL>
get <JAIL> actionstop <ACT>              gets the stop command for the
                                         action <ACT> for <JAIL>
get <JAIL> actioncheck <ACT>             gets the check command for the
                                         action <ACT> for <JAIL>
get <JAIL> actionban <ACT>               gets the ban command for the
                                         action <ACT> for <JAIL>
get <JAIL> actionunban <ACT>             gets the unban command for the
                                         action <ACT> for <JAIL>
get <JAIL> cinfo <ACT> <KEY>             gets the value for <KEY> for the
                                         action <ACT> for <JAIL>

Report bugs to https://github.com/fail2ban/fail2ban/issues


#7

The ā€˜distroā€™ distributes a very old version of fail2ban without the option -t (for test), try

fail2ban-client status
fail2ban-client start
fail2ban-client status

Edit:
It would seem that you are using the distro, so I canā€™t help you further as fail2ban seems to be entangled within the sysadmin/firewall modules neither of which I use.


(Ariel Pena) #8

[root@freepbx ~]# fail2ban-client status
ERROR Unable to contact server. Is it running?

[root@freepbx ~]# fail2ban-client start
ERROR No file(s) found for glob /var/log/asterisk/zulu_out.log
ERROR Failed during configuration: Have not found any log file for zulu jail

[root@freepbx ~]# fail2ban-client status
ERROR Unable to contact server. Is it running?


(Lorne Gaetz) #9

A clue. Try running

touch /var/log/asterisk/zulu_out.log
chown asterisk:asterisk /var/log/asterisk/zulu_out.log

And then restart fail2ban


Fail to ban will not start
(Ariel Pena) #10

Thanks this worked