Resolved Fail2Ban Cannot Access Log File Inside a Domain

[canadamcpherson]

Hi,

I created a custom filter and jail in Plesk. The logfile is not inside /var/log/. It is inside the /var/www/vhosts/mydomain.com/httpdocs/logs/entries.log. Therefore, the log path is "/var/www/vhosts/*/httpdocs/logs/entries.log"

This is causing the following permission error: f2bmng failed: 2021-04-07 09:30:25,891 fail2ban [2222]: ERROR NOK: (13, 'Permission denied')

I know the issue is about permission because when I copy the entries.log. file into /var/log/, the error disappears and I can enable the jail.

It seems that fail2ban does not have permission to read files inside a domain. How can I resolve this permission issue without compromising the security?

Sincerely,

McPherson

 

[pleskpanel]

Out of curiosity, you placed the log file in a publicly accessible web directory?

 

[canadamcpherson]

Out of curiosity, you placed the log file in a publicly accessible web directory?

Not in a publicly accessible web directory. Also, it's not I placed it. The program I am using has a special directory for logs. I am not a newbie, so I hope I will receive more focused replies.

 

[IgorG]

Maybe go from the other side and in the settings of the software used, change the log files' location to the one in which the fail2ban works correctly?

 

[canadamcpherson]

Maybe go from the other side and in the settings of the software used, change the log files' location to the one in which the fail2ban works correctly?

Thank you, Igor for your suggestion. It is the most logical way of dealing with the issue. I was actually successful in changing the location of the log file.

Now problem is that the logs are useless. For example, “remoteAddr”:"" instead of showing any IP address. I am waiting to receive a reply from the software's developer.

HOWEVER, in this case, it would be better to resolve the access of the fail2ban because the logs inside my domain directory are just perfect, but inaccessible to fail2ban.

 

[Linulex]

Maybe its not the existing logs that give permission denied, but the fact that some logs/paths don't exist

/var/www/vhosts/*/httpdocs/logs/entries.log will also try to open

/var/www/vhosts/system/httpdocs/logs/entries.log
/var/www/vhosts/default/httpdocs/logs/entries.log
/var/www/vhosts/fs/ttpdocs/logs/entries.log
/var/www/vhosts/fs-passwd/ttpdocs/logs/entries.log
/var/www/vhosts/chroot/ttpdocs/logs/entries.log

none of these maps have a httpdocs map in them.

What happens if you change the path to

/var/www/vhosts/*.*/httpdocs/logs/entries.log ? maybe it even needs to be /var/www/vhosts/*\.*/httpdocs/logs/entries.log im not sure if fail2ban needs to be excaped

That wil only open path with a point in it.

regards
Jan

 

[canadamcpherson]

Hi Jan,

Thanks for trying to help. It is a permission issue, and it finds the file. It just cannot read the content. Otherwise, I would receive a "no files found" message. That said, I still tried your suggestion with some hopes and the result was no files found instead of permission denied. So it is a step backward. This a strange issue or maybe a strange wish.

 

[canadamcpherson]

Alright. I found the solution for both issues.

Here is the reason: PHP: Description of core php.ini directives - Manual