Fail2ban does not work

[Jonas Imping]

My fail2ban server does not work after a clean plesk installation.

Error Message:

Die Einstellungen können nicht gespeichert werden: f2bmng failed: Synchronizing state for fail2ban.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d fail2ban defaults
Executing /usr/sbin/update-rc.d fail2ban enable
Job for fail2ban.service failed. See 'systemctl status fail2ban.service' and 'journalctl -xn' for details.
invoke-rc.d: initscript fail2ban, action "start" failed.
ERROR:f2bmng:Failed to start fail2ban service

Error log (/var/log/fail2ban.log) says:

[5718]: ERROR Unable to remove PID file: [Errno 2] No such file or directory: '/var/run/fail2ban/fail2ban.pid'

2016-05-26 21:28:40,599 fail2ban.server [5718]: INFO Exiting Fail2ban

Permission at /var/run/fail2ban are 0755
and folder does exist, too.

Removed whole fail2ban with: apt-get remove —purge fail2ban
and installed it over the auto installer via web interface again but with no success.

 

[Jonas Imping]

Plesk 12.5.3 with debian 8.4 and fail2ban 0.9.2

 

[Lloyd_mcse]

Does this kb help...

https://kb.plesk.com/en/128686

Regards

Lloyd

 

[Jonas Imping]

No it does not

 

[trialotto]

@Jonas Imping

The problem is clear, but in response to

Removed whole fail2ban with: apt-get remove —purge fail2ban
and installed it over the auto installer via web interface again but with no success.

I first have to state that it still can be the case that some files are being left, depending on how you installed fail2ban previously and which version has been installed.

Nevertheless, you should first verify the following:

- does the fail2ban.pid file exist (with 0600 permissions)? If not, try to create an empty file with the name fail2ban.pid (and 0600 permissions).
- is some existing fail2ban process still running? (run ps aux | grep ... or something similar, or have a look at the contents of the fail2ban.pid file) If so, kill those existing processes.

Can you give me some feedback in the form of output? Just copy the lines from the console, that should suffice.

Regards.....

 

[trialotto]

@Jonas Imping

By the way, I just realized that in the far (very far) past, some fail2ban releases had a PID issue that has been fixed in the meantime (read: a long time ago).

Can you also give me the fail2ban version by providing me the full (!) package name?

Regards...

 

[Jonas Imping]

root@myserver /var/run/fail2ban # ps aux | grep fail
root 13542 0.0 0.0 15416 2268 pts/0 S+ 15:42 0:00 grep fail
root@myserver ~ # cd /var/run/fail2ban/
root@myserver /var/run/fail2ban # ls
root@myserver /var/run/fail2ban # ls -al
total 0
drwxr-xr-x 2 root root 40 May 26 21:28 .
drwxr-xr-x 25 root root 1160 May 27 11:39 ..
root@myserver /var/run/fail2ban # touch fail2ban.pid
root@myserver /var/run/fail2ban # chmod 0600 fail2ban.pid
root@myserver /var/run/fail2ban # service fail2ban start
Job for fail2ban.service failed. See 'systemctl status fail2ban.service' and 'journalctl -xn' for details.

root@myserver /var/run/fail2ban # systemctl status fail2ban.service -l
● fail2ban.service - Fail2ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled)
Active: failed (Result: exit-code) since Fri 2016-05-27 15:36:15 CEST; 1min 34s ago
Process: 8213 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)

May 27 15:34:45 myserver.de fail2ban-client[8213]: 2016-05-27 15:34:45,295 fail2ban.server [8214]: INFO Starting Fail2ban v0.9.2
May 27 15:34:45 myserver.de fail2ban-client[8213]: 2016-05-27 15:34:45,295 fail2ban.server [8214]: INFO Starting in daemon mode
May 27 15:36:15 myserver.de systemd[1]: fail2ban.service start operation timed out. Terminating.
May 27 15:36:15 myserver.de fail2ban-client[8213]: WARNING Caught signal 15. Exiting
May 27 15:36:15 myserver.de systemd[1]: fail2ban.service: control process exited, code=exited status=255
May 27 15:36:15 myserver.de systemd[1]: Failed to start Fail2ban Service.
May 27 15:36:15 myserver.de systemd[1]: Unit fail2ban.service entered failed state.

root@myserver /var/run/fail2ban # tail -f /var/log/fail2ban.log
2016-05-27 15:36:11,868 fail2ban.filter [8216]: INFO Added logfile = /var/www/vhosts/system/website.com.com/logs/access_ssl_log
2016-05-27 15:36:12,592 fail2ban.filter [8216]: INFO Added logfile = /var/www/vhosts/system/website.com.com/logs/access_log
2016-05-27 15:36:13,619 fail2ban.filter [8216]: INFO Added logfile = /var/www/vhosts/system/website.com.com/logs/proxy_access_log
2016-05-27 15:36:14,335 fail2ban.filter [8216]: INFO Added logfile = /var/www/vhosts/system/website.com.com/logs/proxy_access_ssl_log
2016-05-27 15:36:15,044 fail2ban.filter [8216]: INFO Added logfile = /var/www/vhosts/system/website.com/logs/access_ssl_log
2016-05-27 15:36:15,352 fail2ban.server [8216]: INFO Stopping all jails
2016-05-27 15:36:15,353 fail2ban.server [8216]: ERROR Unable to remove PID file: [Errno 2] No such file or directory: '/var/run/fail2ban/fail2ban.pid'
2016-05-27 15:36:15,354 fail2ban.server [8216]: INFO Exiting Fail2ban
^C
root@myserver /var/run/fail2ban # dpkg --get-selections | grep fail
fail2ban install
plesk-fail2ban-configurator install
root@myserver /var/run/fail2ban # dpkg -l | grep fail
ii fail2ban 1:0.9.2-debian8.0.15093018 all ban hosts that cause multiple authentication errors
ii plesk-fail2ban-configurator 12.5.30-debian8.0.build1205150901.17 all plesk-specific jails and filters for fail2ban
root@myserver /var/run/fail2ban # ps aux | grep fail
root 13542 0.0 0.0 15416 2268 pts/0 S+ 15:42 0:00 grep fail
root@myserver /var/run/fail2ban #


by the way... I am using Debian 8.4 as i mentioned before.

 

[Jonas Imping]

?

 

[trialotto]

@Jonas Imping

The "?" in your last post can be answered with "Plesk Experts are essentially volunteers", so let´s proceed with the whole issue now I do have some time (a tiny bit).

The essence of your elaborate output is that Fail2Ban is shutting down itself when starting up.

This happens in some very rare occasions, some of which are:

- insufficient free memory (and in some cases CPU overusage),
- systemd related errors (not related to Fail2Ban itself),
- some other very unusual cases, like (for example) running Fail2Ban on a VPS on a main server with multiple VPS, with one or more of the (other) VPS using up (almost) all resources

First of all, make sure that you do have enough free memory when starting Fail2Ban.

Second, make sure that you have stopped Fail2Ban with the command "service fail2ban stop" and that it is actually stopped (no error notifications should be present).

Third, if your VPS is Virtuozzo based, make sure that the column "failcnt" from the command "cat /proc/user_beancounters" contains (only) zero´s and, if this is not the case, reboot.

Note that this third step is just to make sure, also note that this third step does not apply to dedicated servers or VPSes based on other hypervisors.

Afterwards, just remove the pid file manually and try to start Fail2Ban with the command "service fail2ban start" (while monitoring memory usage).

Anyway, if all steps are executed properly and there still is an issue with Fail2Ban, it can then be the case that the error is systemd related (and that is more complicated: it would be best to remove Fail2Ban completely and do some manual cleanup, before installing Fail2Ban again with Plesk autoinstaller).

A final remark, if you have fiddled with Fail2Ban config settings, revert them to default before trying any of the steps mentioned before.

Regards......