• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Fail2Ban Cannot Access Log File Inside a Domain

canadamcpherson

New Pleskian
Hi,

I created a custom filter and jail in Plesk. The logfile is not inside /var/log/. It is inside the /var/www/vhosts/mydomain.com/httpdocs/logs/entries.log. Therefore, the log path is "/var/www/vhosts/*/httpdocs/logs/entries.log"

This is causing the following permission error: f2bmng failed: 2021-04-07 09:30:25,891 fail2ban [2222]: ERROR NOK: (13, 'Permission denied')

I know the issue is about permission because when I copy the entries.log. file into /var/log/, the error disappears and I can enable the jail.

It seems that fail2ban does not have permission to read files inside a domain. How can I resolve this permission issue without compromising the security?

Sincerely,

McPherson
 
Last edited:
Out of curiosity, you placed the log file in a publicly accessible web directory?
Not in a publicly accessible web directory. Also, it's not I placed it. The program I am using has a special directory for logs. I am not a newbie, so I hope I will receive more focused replies.
 
Maybe go from the other side and in the settings of the software used, change the log files' location to the one in which the fail2ban works correctly?
 
Maybe go from the other side and in the settings of the software used, change the log files' location to the one in which the fail2ban works correctly?
Thank you, Igor for your suggestion. It is the most logical way of dealing with the issue. I was actually successful in changing the location of the log file.

Now problem is that the logs are useless. For example, “remoteAddr”:"" instead of showing any IP address. I am waiting to receive a reply from the software's developer.

HOWEVER, in this case, it would be better to resolve the access of the fail2ban because the logs inside my domain directory are just perfect, but inaccessible to fail2ban.
 
Maybe its not the existing logs that give permission denied, but the fact that some logs/paths don't exist

/var/www/vhosts/*/httpdocs/logs/entries.log will also try to open

/var/www/vhosts/system/httpdocs/logs/entries.log
/var/www/vhosts/default/httpdocs/logs/entries.log
/var/www/vhosts/fs/ttpdocs/logs/entries.log
/var/www/vhosts/fs-passwd/ttpdocs/logs/entries.log
/var/www/vhosts/chroot/ttpdocs/logs/entries.log


none of these maps have a httpdocs map in them.

What happens if you change the path to

/var/www/vhosts/*.*/httpdocs/logs/entries.log ? maybe it even needs to be /var/www/vhosts/*\.*/httpdocs/logs/entries.log im not sure if fail2ban needs to be excaped

That wil only open path with a point in it.

regards
Jan
 
Hi Jan,

Thanks for trying to help. It is a permission issue, and it finds the file. It just cannot read the content. Otherwise, I would receive a "no files found" message. That said, I still tried your suggestion with some hopes and the result was no files found instead of permission denied. So it is a step backward. This a strange issue or maybe a strange wish.
 
Last edited:
Back
Top