Fail2Ban error

[Willy_N]

Hello,

When I click on the "Change settings" button for any of my jails a page opens showing the following error message:

Message f2bmng failed: ERROR:f2bmng:File contains parsing errors: /etc/fail2ban/action.d/iptables-multiport-log.conf [line 24]: 'iptables -N fail2ban-<name>-log\n' [line 26]: 'iptables -A fail2ban-<name>-log -j DROP\n' [line 33]: 'iptables -F fail2ban-<name>\n' [line 34]: 'iptables -F fail2ban-<name>-log\n' [line 35]: 'iptables -X fail2ban-<name>\n' [line 36]: 'iptables -X fail2ban-<name>-log\n'
File Agent.php
Line 243
Type PleskUtilException

I tried to run dos2unix on /etc/fail2ban/action.d/iptables-multiport-log.conf to no avail.

I removed and reinstalled Fail2Ban but the problem persists.

However, Fail2Ban seems to run just fine, so far.

Any suggestions?

 

[IgorG]

Try to stop fail2ban with

# kill `ps afvvx | grep -v grep | grep fail2ban-server | awk '{print $1}' | xargs`

and iptables too.

After that start them again.

 

[Willy_N]

Hello Igor,

After doing what you suggest the same error occurs, did not make a difference.

 

[IgorG]

I haven't /etc/fail2ban/action.d/iptables-multiport-log.conf file on my test Plesk 12 server. I see only /etc/fail2ban/action.d/iptables-multiport.conf
Make sure that this config is not specified in /etc/fail2ban/jail.d/plesk.conf
Something wrong with your fail2ban configuration.

 

[Willy_N]

I do have /etc/fail2ban/action.d/iptables-multiport-log.conf present.

I have my Plesk 12 up to date and my Fail2Ban is the standard install as it comes with Plesk.

This is the content of /etc/fail2ban/jail.d/plesk.conf.

# Plesk-specific fail2ban base jail specification file.
#
# YOU SHOULD NOT MODIFY THIS FILE.
# It will probably be overwitten or improved in a distribution update.
#
# All jail names should be under 20 symbols to avoid warnings

[plesk-proftpd]

enabled = false
action = iptables-multiport[name="plesk-proftpd", port="ftp,ftp-data,ftps,ftps-data"]
filter = proftpd
logpath = /var/log/secure
maxretry = 5

[plesk-qmail]

enabled = false
action = iptables-multiport[name="plesk-qmail", port="smtp,smtps,submission"]
filter = plesk-qmail
logpath = /var/log/maillog
maxretry = 5

[plesk-postfix]

enabled = false
action = iptables-multiport[name="plesk-postfix", port="smtp,smtps,submission"]
filter = postfix-sasl
logpath = /var/log/maillog
maxretry = 5

[plesk-courierimap]

enabled = false
action = iptables-multiport[name="plesk-courierimap", port="imap,imap3,imaps,pop3,pop3s"]
filter = plesk-courierlogin
logpath = /var/log/maillog
maxretry = 5

[plesk-dovecot]

enabled = false
action = iptables-multiport[name="plesk-dovecot", port="imap,imap3,imaps,pop3,pop3s,4190"]
filter = plesk-dovecot
logpath = /var/log/maillog
maxretry = 5

[plesk-horde]

enabled = false
action = iptables-multiport[name="plesk-horde", port="http,https,7080,7081"]
filter = plesk-horde
logpath = /var/log/psa-horde/psa-horde.log
maxretry = 5

[plesk-roundcube]

enabled = false
action = iptables-multiport[name="plesk-roundcube", port="http,https,7080,7081"]
filter = plesk-roundcube
logpath = /var/log/plesk-roundcube/errors
maxretry = 5

# HTTP servers
[plesk-apache]

enabled = false
action = iptables-multiport[name=apache, port="http,https,7080,7081"]
filter = apache-auth
logpath = /var/www/vhosts/system/*/logs/error_log
/var/log/httpd/*error_log
maxretry = 6

# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
[plesk-apache-badbot]

enabled = false
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https,7080,7081"]
logpath = /var/www/vhosts/system/*/logs/*access*log
/var/log/httpd/*access_log
bantime = 172800
maxretry = 1

[plesk-panel]

enabled = false
action = iptables-multiport[name="plesk-login", port="8880,8443"]
filter = plesk-panel
logpath = /var/log/plesk/panel.log
maxretry = 5

 

[Willy_N]

Restarted Fail2Ban once more and issue disappeared.

Thank you for your attention.