Resolved Fail2Ban doesn't start after upgrade

[Martin6969]

Can't get Fail2Ban back to work after upgrading packages on my server (Centos).

I get this message in Plesk panel :

f2bmng failed: ERROR NOK: ('ssh',)
ERROR NOK: ('database is locked',)
ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload']' returned non-zero exit status 255
Search for related Knowledge Base articles

Really need some help here. Allready googled around but can't find info

 

[UFHH01]

Hi Martin6969,

do you use "SELinux" on your server?

If "yes", pls. consider to follow: => Fail2ban jail activation error: ERROR NOK: (13, 'Permission denied')

 

[Martin6969]

Normally no SELinux :

getenforce
-> Disabled

bash: sestatus : commande introuvable

 

[UFHH01]

Hi Martin6969,

pls. make sure, that you don't use Fail2Ban - versions, which are not shipped by Plesk. Consider as well to remove Fail2Ban and re-install the package with the example command:

plesk installer --select-product-id plesk --select-release-current --install-component fail2ban​

yum info fail2ban

 

[Martin6969]

Hi UFHH01,

Seemes to be a fail2ban package shipped with plesk or am i wrong ? :

[r]# yum info fail2ban
Modules complémentaires chargés : fastestmirror
Loading mirror speeds from cached hostfile
 * epel: fedora.kiewel-online.ch
Paquets installés
Nom                 : fail2ban
Architecture        : noarch
Date                : 1
Version             : 0.9.2
Révision            : centos7.16102516
Taille              : 1.8 M
Dépôt               : installed
Depuis le dépôt     : PLESK_17_0_17-dist
Résumé              : ban hosts that cause multiple authentication errors
URL                 : http://www.fail2ban.org/
Licence             : GPL
Description         : Fail2ban monitors log files (e.g. /var/log/auth.log,
                    : /var/log/apache/access.log) and temporarily or
                    : persistently bans failure-prone addresses by updating
                    : existing firewall rules.  Fail2ban allows easy
                    : specification of different actions to be taken such as to
                    : ban an IP using iptables or hostsdeny rules, or simply to
                    : send a notification email.

 

[UFHH01]

Hi Martin6969,

yes, the information states, that you use the correct Plesk version on your server. Still, most issues/errors/problems can be solved by un- and re-installing a specific Plesk component.

You could as well use the command

service fail2ban stop / start / restart​

over the command line and inspect/investigate possible issues/errors/problems. Consider as well to inspect your fail2ban - log at "/var/log" for further investigations.

 

[Martin6969]

How to do a correct uninstall? Do i need to flush ip-tables etc.?

Following the entries in the /var/log fail2ban - log:

2017-04-02 03:44:50,419 fail2ban.server         [13173]: INFO    rollover performed on /var/log/fail2ban.log
2017-04-02 03:44:55,425 fail2ban.transmitter    [13173]: WARNING Command ['set', 'plesk-wordpress', 'addlogpath', '/var/www/vhosts/system/c....fr/logs/proxy_access_log', 'head'] has failed. Received OperationalError('database is locked',)
2017-04-02 03:45:00,334 fail2ban.server         [13173]: INFO    Stopping all jails
2017-04-02 03:45:00,334 fail2ban.transmitter    [13173]: WARNING Command ['set', 'plesk-wordpress', 'addlogpath', '/var/www/vhosts/system/c....fr/logs/access_ssl_log', 'head'] has failed. Received OperationalError('database is locked',)
2017-04-02 03:45:00,334 fail2ban.server         [13173]: ERROR   Unable to remove PID file: [Errno 2] No such file or directory: '/var/run/fail2ban/fail2ban.pid'
2017-04-02 03:45:00,334 fail2ban.server         [13173]: INFO    Exiting Fail2ban
2017-04-02 03:45:00,456 fail2ban.server         [13764]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.2
2017-04-02 03:45:00,457 fail2ban.database       [13764]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2017-04-02 03:45:05,468 fail2ban.transmitter    [13764]: WARNING Command ['set', 'dbfile', '/var/lib/fail2ban/fail2ban.sqlite3'] has failed. Received OperationalError('database is locked',)
2017-04-02 03:45:05,470 fail2ban.jail           [13764]: INFO    Creating new jail 'ssh'
2017-04-02 03:45:05,474 fail2ban.jail           [13764]: INFO    Jail 'ssh' uses Gamin
2017-04-02 03:45:05,494 fail2ban.filter         [13764]: INFO    Set jail log file encoding to UTF-8
2017-04-02 03:45:05,545 fail2ban.jail           [13764]: INFO    Initiated 'gamin' backend
2017-04-02 03:45:11,071 fail2ban.transmitter    [13764]: WARNING Command ['add', 'ssh', 'auto'] has failed. Received OperationalError('database is locked',)
2017-04-02 03:45:16,083 fail2ban.transmitter    [13764]: WARNING Command ['set', 'ssh', 'addlogpath', '/var/log/secure', 'head'] has failed. Received OperationalError('database is locked',)
2017-04-02 03:45:16,084 fail2ban.filter         [13764]: INFO    Set maxRetry = 5
2017-04-02 03:45:16,085 fail2ban.filter         [13764]: INFO    Set findtime = 600
2017-04-02 03:45:16,086 fail2ban.actions        [13764]: INFO    Set banTime = 600
2017-04-02 03:45:16,086 fail2ban.filter         [13764]: INFO    Set maxlines = 10
2017-04-02 03:45:16,148 fail2ban.server         [13764]: INFO    Jail ssh is not a JournalFilter instance
2017-04-02 03:45:16,156 fail2ban.jail           [13764]: INFO    Creating new jail 'recidive'
2017-04-02 03:45:16,157 fail2ban.jail           [13764]: INFO    Jail 'recidive' uses Gamin
2017-04-02 03:45:16,158 fail2ban.filter         [13764]: INFO    Set jail log file encoding to UTF-8
2017-04-02 03:45:16,158 fail2ban.jail           [13764]: INFO    Initiated 'gamin' backend
2017-04-02 03:45:21,170 fail2ban.transmitter    [13764]: WARNING Command ['add', 'recidive', 'auto'] has failed. Received OperationalError('database is locked',)
2017-04-02 03:45:26,181 fail2ban.transmitter    [13764]: WARNING Command ['set', 'recidive', 'addlogpath', '/var/log/fail2ban.log', 'head'] has failed. Received OperationalError('database is locked',)
2017-04-02 03:45:26,182 fail2ban.filter         [13764]: INFO    Set maxRetry = 5
2017-04-02 03:45:26,183 fail2ban.filter         [13764]: INFO    Set findtime = 86400
2017-04-02 03:45:26,184 fail2ban.actions        [13764]: INFO    Set banTime = 604800
2017-04-02 03:45:26,188 fail2ban.server         [13764]: INFO    Jail recidive is not a JournalFilter instance
2017-04-02 03:45:26,197 fail2ban.jail           [13764]: INFO    Creating new jail 'plesk-wordpress'
2017-04-02 03:45:26,198 fail2ban.jail           [13764]: INFO    Jail 'plesk-wordpress' uses Gamin
2017-04-02 03:45:26,199 fail2ban.filter         [13764]: INFO    Set jail log file encoding to UTF-8
2017-04-02 03:45:26,199 fail2ban.jail           [13764]: INFO    Initiated 'gamin' backend
2017-04-02 03:45:31,224 fail2ban.transmitter    [13764]: WARNING Command ['add', 'plesk-wordpress', 'auto'] has failed. Received OperationalError('database is locked',)
2017-04-02 03:45:36,234 fail2ban.transmitter    [13764]: WARNING Command ['set', 'plesk-wordpress', 'addlogpath', '/var/www/vhosts/system/ce....fr/logs/proxy_access_ssl_log', 'head'] has failed. Received OperationalError('database is locked',)
2017-04-02 03:45:41,245 fail2ban.transmitter    [13764]: WARNING Command ['set', 'plesk-wordpress', 'addlogpath', '/var/www/vhosts/system/ce....fr/logs/access_log', 'head'] has failed. Received OperationalError('database is locked',)
2017-04-02 03:45:46,254 fail2ban.transmitter    [13764]: WARNING Command ['set', 'plesk-wordpress', 'addlogpath', '/var/www/vhosts/system/ce....fr/logs/proxy_access_log', 'head'] has failed. Received OperationalError('database is locked',)

Looks like Plesk-Wordpress is messing up things ?

 

[UFHH01]

Hi Martin6969,

just like the "install" command, there is as well a "remove" command, when you use Plesk commands over the command line :

plesk installer --select-product-id plesk --select-release-current --remove-component fail2ban​

... or you might consider to use the Plesk Control Panel ( HOME > Tools & Settings > Updates and Upgrades )

Do i need to flush ip-tables etc.?

Well, you might flush it manually, but the remove process should remove as well fail2ban - related rules and bans.

 

[Martin6969]

I got this during re-install:

+ plesk-fail2ban-configurator
+ fail2ban

Packages en cours d'installation

**** Product prep-install started.

===> Checking for previous installation ... found.
 Trying to upgrade Fail2Ban configuration (bootstrapper-prep stage)... Removing old '/etc/fail2ban.previous'

WARNING!
Some problems are found during attempt to status service fail2ban - control script doesn't exist or isn't executable(see log file: /var/log/plesk/install/plesk_17.0.17_installation.log)

Continue...

 

[Martin6969]

And these warniings in install log:

Some problems are found during attempt to status service fail2ban - control script doesn't exist or isn't executable(see log file: /var/log/plesk/install/plesk_17.0.17_installation.log)

Trying to upgrade Fail2Ban configuration (bootstrapper-post stage)...  Trying to fix HTTPD_VHOSTS_D value in 'plesk-apache' Fail2Ban jail... WARNING:f2bmng:Fail2ban server is down. Configuration changes will be applied upon start.
done
Trying to fix HTTPD_VHOSTS_D value in 'plesk-apache-badbot' Fail2Ban jail... WARNING:f2bmng:Fail2ban server is down. Configuration changes will be applied upon start.

 

[UFHH01]

Hi Martin6969,

your de-installation process kept some configuration files and executables. Pls. consider to use "yum" to remove the existent fail2ban package:

yum remove failban plesk-fail2ban-configurator

Try to remove ( or backup ) folders, which are leftover:

mv /etc/fail2ban /etc/fail2ban.backup

or/and
rm -rf /etc/fail2ban[/INDENT]
rm -rf /etc/fail2ban.previous

Afterwards, use again the Plesk command:

plesk installer --select-product-id plesk --select-release-current --install-component fail2ban​

 

[Martin6969]

Strange,

When i do this the installer stops with a message that the latest version has allready been installed :

La dernière version du produit et de tous les composants sélectionnés est déjà
installée. L'installation va s'arrêter.

However in Plesk fail2ban is no longer installed...

 

[Martin6969]

And now :
systemctl status fail2ban.service

● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since dim. 2017-04-02 21:32:42 CEST; 10min ago
     Docs: man:fail2ban(1)
  Process: 5658 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=1/FAILURE)
  Process: 5655 ExecStartPre=/usr/bin/mkdir -p -m 755 /var/run/fail2ban (code=exited, status=0/SUCCESS)
 Main PID: 5091 (code=exited, status=0/SUCCESS)

avril 02 21:32:42 ns....net systemd[1]: Failed to start Fail2Ban Service.
avril 02 21:32:42 ns....net systemd[1]: Unit fail2ban.service entered failed state.
avril 02 21:32:42 ns....net systemd[1]: fail2ban.service failed.
avril 02 21:32:42 ns....net systemd[1]: fail2ban.service holdoff time over, scheduling restart.
avril 02 21:32:42 ns....net systemd[1]: start request repeated too quickly for fail2ban.service
avril 02 21:32:42 ns....net systemd[1]: Failed to start Fail2Ban Service.
avril 02 21:32:42 ns....net systemd[1]: Unit fail2ban.service entered failed state.
avril 02 21:32:42 ns....net systemd[1]: fail2ban.service failed.

 

[Martin6969]

No fail2ban installed in control panel, but when i do :

yum info fail2ban:

Modules complémentaires chargés : fastestmirror
Loading mirror speeds from cached hostfile
 * epel: fedora.kiewel-online.ch
Paquets installés
Nom                 : fail2ban
Architecture        : noarch
Date                : 1
Version             : 0.9.2
Révision            : centos7.16102516
Taille              : 1.8 M
Dépôt               : installed
Depuis le dépôt     : PLESK_17_0_17-dist
Résumé              : ban hosts that cause multiple authentication errors
URL                 : http://www.fail2ban.org/
Licence             : GPL
Description         : Fail2ban monitors log files (e.g. /var/log/auth.log,
                    : /var/log/apache/access.log) and temporarily or persistently bans
                    : failure-prone addresses by updating existing firewall rules.  Fail2ban allows
                    : easy specification of different actions to be taken such as to ban an
                    : IP using iptables or hostsdeny rules, or simply to send a
                    : notification email.

 

[Martin6969]

should

yum remove failban plesk-fail2ban-configurator

be

yum remove fail2ban plesk-fail2ban-configurator

 

[Martin6969]

Tried it and now fail2ban is active in Plesk control panel but seemes to 'hang' when activating jails

 

[Martin6969]

Hi UFHH01,

It seemes to work now. Thanks a lot !

 

[UFHH01]

Hi Martin6969,

but seemes to 'hang' when activating jails

You leave us alone with guessings again ( which is only time-consuming and possible suggestions might not at all solve any possible error/issue or problem. Next time, pls. consider to INSPECT again your log - files and pls. post relevant ( possible ) errors/issues/problems, so that people willing to help you have something to start with their investigations.

It seemes to work now. Thanks a lot !

You're welcome.

 

[Martin6969]

Oops, seems to hang again.

When i want to look ad the banned ip-adresses in the Plesk control panel home>banned ip-adresses

Sorry for my limited explainations. But when i say 'hang' i meant that plesk just doesn't refresh the page when updating a setting like activating a jail.

Because there arn't any error messages being shown in the panel, i don't know where to look for the relevant log-file explaining why things don't charge.

P. ex. It takes about 2 minutes showing the banned ip-adresses

 

[UFHH01]

Hi Martin6969,

Oops, seems to hang again.

When i want to look ad the banned ip-adresses in the Plesk control panel home>banned ip-adresses

Even that your ADDITIONAL "hanging issue" at the Plesk Control Panel is not related to your initial starting issue, you just might notice such behaviours in case of a current restarted Fail2Ban - service. Pls. be patient and return to the page a little bit later.
Sometimes, it helps as well to RESTART your Plesk Control Panel, if you experience such issues and pls. keep in mind, that updating/upgrading/patching your current Plesk version is always a very good idea.


Example commands to restart the Plesk Control Panel over the command line:

service psa restart

or

service sw-cp-server restart
service sw-engine restart