Fail2Ban : impossible to active any jail

[regisg]

(Plesk 12.0.18)

All my jails are unactive, when i try to active all the jails at the same time or only one jail (the first one : 3proxy) i get these errors :

f2bmng failed: WARNING 'logpath' not defined in 'ssh'. Using default one: '/var/log/messages'
WARNING 'filter' not defined in 'ssh'. Using default one: ''
WARNING 'action' not defined in 'ssh'. Using default one: ''
ERROR No file(s) found for glob /var/log/3proxy.log
ERROR Failed during configuration: Have not found any log file for 3proxy jail
ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload']' returned non-zero exit status 255
ERROR:f2bmng:Failed to reload following jails due to errors in configuration

What's the matter ?

Thanks a lot.

 

[TomBoB]

Had a similar issue. Had to do with a missing (not created yet) log file.

Leave 3proxy off and try to enable all the other ones one by one. Should work. If it does it would confirm the missing log file as the culprit.
If so, check for the path of the log file and just create a blank log file using right name and permissions via FTP or domain file manager in Plesk.

Did the trick for me.

Cheers,
Tom

 

[UFHH01]

Hi regisg,

please have a closer look at your warnings and error messages:

f2bmng failed: WARNING 'logpath' not defined in 'ssh'. Using default one: '/var/log/messages'

Fail2Ban points you with a warning to the fact, that no jail specific logpath has been set. Even that there is a global setup for "/var/log/messages", please check the jail and configure a logpath which meets your current operating systems configuration, to avoid such warnings.

WARNING 'filter' not defined in 'ssh'. Using default one: ''

Fail2Ban points you with a warning to the fact, that no jail specific filter has been set. For a SSH - jail, you should for example have a jail - configuration like:

[ssh]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
logpath  = /var/log/messages    ; this logpath is the standard logpath for CentOS/RHEL - based operating systems
findtime = 8467200    ; 14 days
bantime = 604800    ; 1 week
maxretry = 5

( please note, that I added " ; this logpath is the standard logpath for CentOS/RHEL - based operating systems" , " ; 14 days" and " ; 1 week" for information purposes. These informations can be left out. )

WARNING 'action' not defined in 'ssh'. Using default one: ''

Please see above explanation, example and reasons.

ERROR No file(s) found for glob /var/log/3proxy.log

Fail2Ban points you with an error - message to the fact, that if you don't have such a log - file, then such a default/standart/pre-configured jail isn't really necessary and will not work, untill the specified log - file is created, is readable and is existent at the defined location. Please only use default/standart/pre-configured jails, where you are sure, that the paths meet the default/standart/pre-configured paths. Please control the paths if you experience issues/warnings/errors!
Jails which can't be started because of error messages, will result in an instant STOP - command to the Fail2Ban - server.

 

[regisg]

After upgrading to Plesk 12.5.30, it's OK now : i could activate all the jails in one time !
I hope this functionnality works better than few months ago : this feature curiously allways blocked our connection to our websites after few minutes and we understood that this "issue" came from this functionnality only after one week... :-(

 

[UFHH01]

Hi regisg,

just to clear this up:

I hope this functionnality works better than few months ago : this feature curiously allways blocked our connection to our websites after few minutes and we understood that this "issue" came from this functionnality only after one week... :-(

Sorry, but Fail2Ban works completely as expected, if you use the pre-configured jails.
Maybe you should have a closer look on the jails and filters, to understand, WHAT is being benned and WHY. I give you a short example:

Often enough, people used the ( old! ) pre-configured standart filter "apache-nohome" ( apache-nohome.conf )

...
failregex = failregex = [[]client <host>[]] File does not exist: *

ignoreregex =
...

... and were surprised, that they were constantly banned by Fail2Ban. If they would have had a closer look into their domain-specific log-files, then they might have noticed hundreds of errors, like for example:

"... [error] [client XX.XX.XXX.XXX] File does not exist: /favicon.ico"
or
"... [error] [client XX.XX.XXX.XXX] File does not exist: /robots.txt"​

... which directly point to the issue. These files were just missing on this webspace, but there was no "ignoreregex =" defined, which would have ignored requests to these two missing files. Often enough, people use CMS - systems ( or forum-software, or other pre-configured content ), were css - files define a standart "favicon.ico" ( or "fav.ico" ), but the webmaster decides, that he/she doesn't like the standart *.ico and just deletes it from the webspace ( instead of replacing it with a custom one, or instead of editing the css - file ). With each request to the server, the css - file might have been requested, but because there was no *.ico anymore, the webserver logged the above error constantly. If you now use the mentioned Fail2Ban filter, with the standart jail to ban at 5 times, then you certainly will be banned on each 5. request, for the defined bantime.​

Bad website coding and missing rewrite directives are the most common situations. Afterwards, there are often enough wrong settings or false modifications, which lead to errors. Please always investigate the cause of an error, instead of blaming the software and/or its standart configuration.