Resolved Fail2Ban doesn't start after upgrade

[Martin6969]

I've probably found the cause of things being slow. The number of banned ip-adresses seemes to be high. About 950 entries at this very moment...

I'll just watch how things will evolve.

Once again thanks a lot UFHH01 for your help !

 

[RaHa]

Hi Martin6969,

your de-installation process kept some configuration files and executables. Pls. consider to use "yum" to remove the existent fail2ban package:

yum remove failban plesk-fail2ban-configurator

plesk installer --select-product-id plesk --select-release-current --install-component fail2ban​

HI UFHH01,
I have no yum!?:

yum info fail2ban
-bash: yum: command not found

plesk installer --select-product-id plesk --select-release-current --remove-component fail2ban and
plesk installer --select-product-id plesk --select-release-current --install-component fail2ban not work

There are the errors after upgrade with fail2ban:

or


What can I do?
Thanks,
RaHa

 

[UFHH01]

Hi RaHa,

I have no yum!?

In this case ( Debian/Ubuntu - based systems ), you would use for example:

aptitude purge failban plesk-fail2ban-configurator

plesk installer --select-product-id plesk --select-release-current --remove-component fail2ban and
plesk installer --select-product-id plesk --select-release-current --install-component fail2ban not work

Could you pls. describe in detail, WHAT doesn't work? Could you pls. post the corresponding "installer.log" ( /var/log/plesk ) ?

 

[RaHa]

Hi RaHa,
Could you pls. describe in detail, WHAT doesn't work? Could you pls. post the corresponding "installer.log" ( /var/log/plesk ) ?

Hi UFHH01,
I tried remove-component fail2ban, del /etc/fail2ban and than install-component fail2ban, but there was no new directoy fail2ban. At second call of install-component fail2ban the dir with all content was build, but all jails are deactived. Open an save the jail via Ples will get this error:


I now installed the backup files jail.config and jail.local. file2ban works! (I thought, because there messages in fail2ban.log with new time. Now I see under tools services that file2ban is not running, also after a server restart.)

Logs.zip

 

[RaHa]

file2ban cannot start:

What is to do?
Thanks!

 

[RaHa]

I do all again, it works now!!
Thanks!

 

[Martin6969]

Hi again,

After a reboot of my server ip2ban stopt working.

Did the 'old' correction again:

yum remove fail2ban plesk-fail2ban-configurator
plesk installer --select-product-id plesk --select-release-current --install-component fail2ban

Now when i try to start it up i get this error in Onyx :

Error: Unable to save the settings: f2bmng failed: Created symlink from /etc/systemd/system/multi-user.target.wants/fail2ban.service to /usr/lib/systemd/system/fail2ban.service.
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
ERROR:f2bmng:Failed to start fail2ban service.

What's happening ?

 

[UFHH01]

Hi Martin6969,

and WHAT is the output of "systemctl status fail2ban.service" or/and "journalctl -xe", pls. ?

Pls. don't expect us to guess possible error messages - it will not help you, nor does it help people willing to help you. If you see notices like "See "systemctl status XXXXXXX.service" and "journalctl -xe" for details.", you should ALWAYS use these commands in order to investigate your issue/error/problem.

 

[Martin6969]

systemctl status fail2ban.service :

● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
   Active: activating (start) since mer. 2017-04-26 23:31:48 CEST; 40s ago
     Docs: man:fail2ban(1)
  Process: 16902 ExecStartPre=/usr/bin/mkdir -p -m 755 /var/run/fail2ban (code=exited, status=0/SUCCESS)
  Control: 16904 (fail2ban-client)
   CGroup: /system.slice/fail2ban.service
           ├─11663 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─12821 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─13165 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─13392 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─13651 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─13891 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─14225 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─14621 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─14939 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─15394 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─15782 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─16111 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─16539 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           ├─16904 /usr/bin/python /usr/bin/fail2ban-client -x start
           ├─16907 /usr/bin/python /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail...
           └─16910 /usr/libexec/gam_server

avril 26 23:31:48 ns0.xxxxx.net systemd[1]: Starting Fail2Ban Service...
avril 26 23:31:48 ns0.xxxxx.net fail2ban-client[16904]: 2017-04-26 23:31:48,130 fail2ban.server         [1690...9.2
avril 26 23:31:48 ns0.xxxxx.net fail2ban-client[16904]: 2017-04-26 23:31:48,130 fail2ban.server         [1690...ode
Hint: Some lines were ellipsized, use -l to show in full.

journalctl -xe :

avril 26 23:33:18 ns0.xxxxx.net fail2ban-client[17273]: 2017-04-26 23:33:18,582 fail2ban.server         [17274]: INFO    Starting Fail2ban v0.9.2
avril 26 23:33:18 ns0.xxxxx.net fail2ban-client[17273]: 2017-04-26 23:33:18,582 fail2ban.server         [17274]: INFO    Starting in daemon mode
avril 26 23:33:18 ns0.xxxxx.net sshd[17240]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Sorry for being incomplete before

 

[UFHH01]

Hi Martin6969,

Starting Fail2ban v0.9.2

As you can see here, you are not using the Plesk Fail2Ban version, which is currently "v0.9.6". You missed the previous suggestions here in the thread, to RE-install the Plesk version.

 

[Martin6969]

Used :

plesk installer --select-product-id plesk --select-release-current --remove-component fail2ban

and :

yum remove fail2ban plesk-fail2ban-configurator

still
yum info fail2ban output is :

# yum info fail2ban
Modules complémentaires chargés : fastestmirror
Loading mirror speeds from cached hostfile
 * epel: mirrors.ircam.fr
Paquets installés
Nom                 : fail2ban
Architecture        : noarch
Date                : 1
Version             : 0.9.2
Révision            : centos7.16102516
Taille              : 1.8 M
Dépôt               : installed
Depuis le dépôt     : PLESK_17_0_17-dist
Résumé              : ban hosts that cause multiple authentication errors
URL                 : http://www.fail2ban.org/
Licence             : GPL
Description         : Fail2ban monitors log files (e.g. /var/log/auth.log,
                    : /var/log/apache/access.log) and temporarily or persistently bans
                    : failure-prone addresses by updating existing firewall rules.  Fail2ban allows
                    : easy specification of different actions to be taken such as to ban an
                    : IP using iptables or hostsdeny rules, or simply to send a
                    : notification email.

 

[Martin6969]

It just doesn't want to update to v0.9.6...

 yum remove fail2ban plesk-fail2ban-configurator
Modules complémentaires chargés : fastestmirror
Aucune correspondance pour l'argument : fail2ban
Aucune correspondance pour l'argument : plesk-fail2ban-configurator
Aucun paquet marqué pour suppression

 

[Martin6969]

After a

plesk installer --select-product-id plesk --select-release-current --install-component fail2ban

and

service fail2ban start

fail2ban did start but still in ver 0.9.2

 

[UFHH01]

Hi Martin6969,

well, consider to UPGRADE to the most recent Plesk Onyx 17.5.3 version, to profit from the latest releases.
With Plesk Onyx 17.0.17, you will still have the Plesk Fail2Ban version 0.9.2 for CentOS 7 ( see: => Index of /PSA_17.0.17/dist-rpm-CentOS-7-x86_64/opt/fail2ban ), while with Plesk Onyx 17.5.3 , the Plesk Fail2Ban version 0.9.6 has been released. ( see: => Index of /PSA_17.5.3/dist-rpm-CentOS-7-x86_64/opt/fail2ban ).

 

[Martin6969]

got this during upgrade to 17.5.3 :

Running Transaction Check
Non-fatal POSTIN scriptlet failure in rpm package 1:fail2ban-0.9.6-centos7.17031414.noarch

 

[Martin6969]

Got these errors when starting within Onyx interface :

Error: Unable to save the settings: f2bmng failed: ERROR NOK: ('ssh',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('Action iptables already exists',)
ERROR NOK: ('plesk-horde',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('Action iptables-multiport already exists',)
ERROR NOK: ('plesk-apache',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
ERROR NOK: ('database is locked',)
Traceback (most recent call last):
File "/usr/bin/fail2ban-client", line 472, in <module>
if client.start(sys.argv):
File "/usr/bin/fail2ban-client", line 442, in start
return self.__processCommand(args)
File "/usr/bin/fail2ban-client", line 263, in __processCommand
return self.__processCmd(self.__stream, False)
File "/usr/bin/fail2ban-client", line 185, in __processCmd
client.close()
File "/usr/lib/python2.7/site-packages/fail2ban/client/csocket.py", line 55, in close
self.__csock.sendall(CSPROTO.CLOSE + CSPROTO.END)
File "/usr/lib64/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 32] Broken pipe
ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload']' returned non-zero exit status 1.

 

[UFHH01]

Hi Martin6969,

fail2ban doesn't like you at all... ^^

Same procedure, pls. Martin6969. DE-INSTALL as suggested and re-install with the Plesk installer, pls.

 

[Martin6969]

Can't uninstall :

BUSY: La mise à jour a été arrêtée par un autre processus de mise à jour.
exit status 1

 

[Martin6969]

fail2ban doesn't like you at all... ^^

Really looks like this...

 

[UFHH01]

Can't uninstall :

You upgraded over the Plesk Control Panel, I suppose and the automatic kill of the process wasn't yet initiated after the process finished. You either have to wait now 30 minutes, or you could kill the process over the command line, by searching for the process with for example:

ps -aux | grep installer

... where the output should display a current process with a unique PID - number. Now use this PID - number with your KILL - command:

kill -9 XXXX

... where XXXX has to be replaced with the unique PID - number you found before.


Afterwards, you are now able to use the new autoinstaller instance, which failed with your previous error message.