Solved: Fail2Ban won't start due to config for missing Zulu module after restore

michthom · March 19, 2023, 10:00am

Hi folks. I think this is similar / same as this thread, but I’m keen not to “bodge” the solution.

I restored a backup from a FreePBX 16 server that I prototyped in AWS onto a similar but different FreePBX 16 server with our preferred hosting provider.

The original had the Zulu module installed, the new one does not.

Whenever I restart the new server, the /etc/fail2ban/jail.local file is regenerated, and includes a block for the Zulu module, despite the fact the new server has never had that module installed (?)

As a result, fail2ban will not start until / unless I manually remove that Zulu config.

Given that at the top of the file it says:
Configuration automatically generated via the Sysadmin Module
I presume there’s something in the database that was imported in the restore step that thinks Zulu is available.

Is there any way to (safely) remove that information to prevent this problem more permanently? I’ve hunted through the Sysadmin GUI and can’t see anything directly relevant…

Or would it be enough to install and then remove the Zulu module on the new server?

michthom · March 19, 2023, 10:21am

Solved - installing and then removing the Zulu module, then restarting the server, seems to have cleared the problem, fail2ban starts cleanly now.

chrisrw · March 25, 2023, 3:37pm

I wanted to add into this. Thanks for posting. Below are some things you may see when this happens.

When in SSH you run:
“systemctl start fail2ban”
you get the below output:
Job for fail2ban.service failed because the control process exited with error code. See “systemctl status fail2ban.service” and “journalctl -xe” for details.

Or when attempting to start the service in GUI you get the below results (this was uploaded by someone else) (remove the spaces since I am not able to post links yet)
HTTPs :// screenrec. com/ share/ 3lwCtWNBG5

Looking at the log files using the below command you will see the zulu reference at the bottom which clued me into the issue.
[[email protected] ~]# sudo fail2ban-client -vvv -x start
DEBUG Reading configs for /etc/fail2ban/fail2ban under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/fail2ban.conf, /etc/fail2ban/fail2ban.local
DEBUG Reading files: [‘/etc/fail2ban/fail2ban.conf’, ‘/etc/fail2ban/fail2ban.local’]
INFO Using socket file /var/run/fail2ban/fail2ban.sock
DEBUG Reading configs for /etc/fail2ban/fail2ban under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/fail2ban.conf, /etc/fail2ban/fail2ban.local
DEBUG Reading files: [‘/etc/fail2ban/fail2ban.conf’, ‘/etc/fail2ban/fail2ban.local’]
DEBUG Reading configs for /etc/fail2ban/jail under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.local
DEBUG Reading files: [‘/etc/fail2ban/jail.conf’, ‘/etc/fail2ban/jail.local’]
DEBUG Reading configs for /etc/fail2ban/jail under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.local
DEBUG Reading files: [‘/etc/fail2ban/jail.conf’, ‘/etc/fail2ban/jail.local’]
DEBUG Reading configs for /etc/fail2ban/filter.d/asterisk under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/filter.d/asterisk.conf
DEBUG Reading files: [‘/etc/fail2ban/filter.d/common.conf’, ‘/etc/fail2ban/filter.d/common.local’, ‘/etc/fail2ban/filter.d/asterisk.conf’]
DEBUG Reading configs for /etc/fail2ban/action.d/iptables-allports under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/action.d/iptables-allports.conf
DEBUG Reading files: [‘/etc/fail2ban/action.d/iptables-blocktype.conf’, ‘/etc/fail2ban/action.d/iptables-blocktype.local’, ‘/etc/fail2ban/action.d/iptables-allports.conf’]
DEBUG Reading configs for /etc/fail2ban/jail under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.local
DEBUG Reading files: [‘/etc/fail2ban/jail.conf’, ‘/etc/fail2ban/jail.local’]
DEBUG Reading configs for /etc/fail2ban/filter.d/freepbx under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/filter.d/freepbx.conf
DEBUG Reading files: [‘/etc/fail2ban/filter.d/freepbx.conf’]
DEBUG Reading configs for /etc/fail2ban/action.d/iptables-allports under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/action.d/iptables-allports.conf
DEBUG Reading files: [‘/etc/fail2ban/action.d/iptables-blocktype.conf’, ‘/etc/fail2ban/action.d/iptables-blocktype.local’, ‘/etc/fail2ban/action.d/iptables-allports.conf’]
DEBUG Reading configs for /etc/fail2ban/jail under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.local
DEBUG Reading files: [‘/etc/fail2ban/jail.conf’, ‘/etc/fail2ban/jail.local’]
DEBUG Reading configs for /etc/fail2ban/filter.d/sshd under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/filter.d/sshd.conf
DEBUG Reading files: [‘/etc/fail2ban/filter.d/common.conf’, ‘/etc/fail2ban/filter.d/common.local’, ‘/etc/fail2ban/filter.d/sshd.conf’]
DEBUG Reading configs for /etc/fail2ban/action.d/iptables-multiport under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/action.d/iptables-multiport.conf
DEBUG Reading files: [‘/etc/fail2ban/action.d/iptables-blocktype.conf’, ‘/etc/fail2ban/action.d/iptables-blocktype.local’, ‘/etc/fail2ban/action.d/iptables-multiport.conf’]
DEBUG Reading configs for /etc/fail2ban/jail under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.local
DEBUG Reading files: [‘/etc/fail2ban/jail.conf’, ‘/etc/fail2ban/jail.local’]
DEBUG Reading configs for /etc/fail2ban/filter.d/apache-auth under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/filter.d/apache-auth.conf
DEBUG Reading files: [‘/etc/fail2ban/filter.d/apache-common.conf’, ‘/etc/fail2ban/filter.d/apache-common.local’, ‘/etc/fail2ban/filter.d/apache-auth.conf’]
DEBUG Reading configs for /etc/fail2ban/action.d/iptables-allports under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/action.d/iptables-allports.conf
DEBUG Reading files: [‘/etc/fail2ban/action.d/iptables-blocktype.conf’, ‘/etc/fail2ban/action.d/iptables-blocktype.local’, ‘/etc/fail2ban/action.d/iptables-allports.conf’]
DEBUG Reading configs for /etc/fail2ban/jail under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.local
DEBUG Reading files: [‘/etc/fail2ban/jail.conf’, ‘/etc/fail2ban/jail.local’]
DEBUG Reading configs for /etc/fail2ban/filter.d/vsftpd under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/filter.d/vsftpd.conf
DEBUG Reading files: [‘/etc/fail2ban/filter.d/common.conf’, ‘/etc/fail2ban/filter.d/common.local’, ‘/etc/fail2ban/filter.d/vsftpd.conf’]
DEBUG Reading configs for /etc/fail2ban/action.d/iptables-multiport under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/action.d/iptables-multiport.conf
DEBUG Reading files: [‘/etc/fail2ban/action.d/iptables-blocktype.conf’, ‘/etc/fail2ban/action.d/iptables-blocktype.local’, ‘/etc/fail2ban/action.d/iptables-multiport.conf’]
DEBUG Reading configs for /etc/fail2ban/jail under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.local
DEBUG Reading files: [‘/etc/fail2ban/jail.conf’, ‘/etc/fail2ban/jail.local’]
DEBUG Reading configs for /etc/fail2ban/filter.d/apache-badbots under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/filter.d/apache-badbots.conf
DEBUG Reading files: [‘/etc/fail2ban/filter.d/apache-badbots.conf’]
DEBUG Reading configs for /etc/fail2ban/action.d/iptables-multiport under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/action.d/iptables-multiport.conf
DEBUG Reading files: [‘/etc/fail2ban/action.d/iptables-blocktype.conf’, ‘/etc/fail2ban/action.d/iptables-blocktype.local’, ‘/etc/fail2ban/action.d/iptables-multiport.conf’]
DEBUG Reading configs for /etc/fail2ban/jail under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.local
DEBUG Reading files: [‘/etc/fail2ban/jail.conf’, ‘/etc/fail2ban/jail.local’]
DEBUG Reading configs for /etc/fail2ban/filter.d/zulu under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/filter.d/zulu.conf
DEBUG Reading files: [‘/etc/fail2ban/filter.d/zulu.conf’]
DEBUG Reading configs for /etc/fail2ban/action.d/iptables-allports under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/action.d/iptables-allports.conf
DEBUG Reading files: [‘/etc/fail2ban/action.d/iptables-blocktype.conf’, ‘/etc/fail2ban/action.d/iptables-blocktype.local’, ‘/etc/fail2ban/action.d/iptables-allports.conf’]
DEBUG Reading configs for /etc/fail2ban/jail under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.local
DEBUG Reading files: [‘/etc/fail2ban/jail.conf’, ‘/etc/fail2ban/jail.local’]
DEBUG Reading configs for /etc/fail2ban/filter.d/recidive under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/filter.d/recidive.conf
DEBUG Reading files: [‘/etc/fail2ban/filter.d/common.conf’, ‘/etc/fail2ban/filter.d/common.local’, ‘/etc/fail2ban/filter.d/recidive.conf’]
DEBUG Reading configs for /etc/fail2ban/action.d/iptables-allports under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/action.d/iptables-allports.conf
DEBUG Reading files: [‘/etc/fail2ban/action.d/iptables-blocktype.conf’, ‘/etc/fail2ban/action.d/iptables-blocktype.local’, ‘/etc/fail2ban/action.d/iptables-allports.conf’]
ERROR No file(s) found for glob /var/log/asterisk/zulu_out.log
ERROR Failed during configuration: Have not found any log file for zulu jail

We do not use zulu but it was installed and active. As the above messages stated, it was uninstalled and that resolved the issue and fail2ban was able to work.