Issue Almalinux 9 and Fail2Ban

[OverWolf]

Server operating system version

Almalinux 9

Plesk version and microupdate number

18.0.52

Hi,

as it was discussed in this thread (Question - New installation: best practices, useful tips, suggests) before installing Plesk on server, I have removed Fail2Ban, there was been some problems during installation. When I have reboot the server, Fail2ban was disable (I cannot start it) and I cannot connect to ssh.

I think that the warning "stop plesk-fail2ban-configurator" and "trying to upgrade Fail2ban from 1.0.2 to 0.11.2" are my problems, but I cannot understand what to do, since I have removed fail2ban but something is still present on the server.

Does anyone have any suggestions?

Thank you

 

[Peter Debik]

You already mentioned the solution yourself: Fail2ban was not uninstalled properly. You'll need to remove your own Fail2Ban before you install it from a new source.

 

[OverWolf]

Hi Peter,
I know that, but when I have used dnf remove fail2ban (and all the dependencies), what can I do ? Delete fail2ban directory from /etc ?

 

[artalva]

What's the error when you try to start it? Show me the output of service fail2ban status

 

[OverWolf]

Hi artalva,
unfortunately I cannot access anymore to log data because this problem block me to access to ssh and so yesterday I have reseted the server (luckily it was a new server for test).

 

[Peter Debik]

You can check the autostart-status of the service by
# systemctl is-enabled fail2ban.
If you do not want fail2ban to start on boot:
# systemctl disable fail2ban
I'd suggest to check whether your Plesk thinks it has a Fail2Ban installed and to uninstall that. Also do # yum remove fail2ban afterwards and remove /etc/fail2ban after the binaries were removed. Then install Fail2Ban from Plesk again.

 

[OverWolf]

Hi,

fortunately I have resolved this problem, but I have found a (possible) bug with Plesk and Fail2ban configured with nftables.

I have tested that if I use iptable, I can stop/start/restart fail2ban services from Plesk, but if I configure nftables I cannot stop/restart anymore fail2ban service from Plesk GUI and I must connect via ssh and use systemctl restart/stop fail2ban.

Someone have this problem too ?

 

[Peter Debik]

I think using nftables with Plesk is not an intended configuration. Plesk relies on iptables, because the third-party vendors like Fail2Ban do so, too.

 

[OverWolf]

Hi Peter,
my question was about this message :

- kernel: Warning: Deprecated Driver is detected: ipset will not be maintained in a future major release and may be disabled
- kernel: Warning: Deprecated Driver is detected: nft_compat will not be maintained in a future major release and may be disabled

I know that fail2ban haven't any problem with nftables, and on my configuration is working like a charm, but when I tried to use Plesk for fail2ban services, I have encountered that little problem (error 500)

 

[Peter Debik]

The warning can be ignored for now. I still don't understand what the problem is though.

 

[Fede Marsell]

Same problem (Issue - Fail2ban error with Almalinux ¿nf_tables?).

I think many PLESK users, with Almalinux (nftables) are using Fail2ban believing that it works correctly. When it doesn't.

@OverWolf Were you able to resolve the error? Were you able to get Fail2ban working with nftables (in PLESK)?

Thanks!!

 

[OverWolf]

Hi Fede Marsell,
I've installed ipset 7.11 and iptables 1.8.10, disable nftables and fail2ban works correctly

 

[Fede Marsell]

Hi OverWolf, Thanks for your reply.

Indeed, I think that PLESK + Fail2Ban + nftables does not work, and the only solution is to migrate to iptables (which is a step backwards) or stop using Fail2Ban and migrate to solutions like CSF; in my case, I am testing the latter option.

I am concerned about the lack of response from PLESK, I guess they know that in Almalinux, which includes nftables by default, Fail2Ban does not work.