Fail2Ban Jail 'plesk-modsecurity' started - but ModSecurity not installed

[TimReeves]

Username:

TITLE

Fail2Ban Jail 'plesk-modsecurity' started - but ModSecurity not installed

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Debian 11.6, Plesk Obsidian 18.0.51, 64bit

PROBLEM DESCRIPTION

I was just monitoring the fail2ban log for other reasons, and I noticed an entry "Jail 'plesk-modsecurity' started".

That was an unpleasant surorise, as ModSecurity is not installed. Because of this, I have no option in the Ples GUI to turn off the jail.

Obviously the jail should not be started when ModSecurity is not installed, but it is.

STEPS TO REPRODUCE

Deinstall ModSecurity (or don't install it at all), start fail2ban and inspect its log.

ACTUAL RESULT

Jail 'plesk-modsecurity' is started

EXPECTED RESULT

Jail 'plesk-modsecurity' should not be started

ANY ADDITIONAL INFORMATION

(DID NOT ANSWER QUESTION)

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[Peter Debik]

It is an interesting combination, but not a bug, because the jail is just named after ModSecurity, because it scans ModSecurity log files. There no direct connection between jails and a service, only between jails and log files, yet these log files do not have to result from a specific service with the same name. Having such a jail "online" without ModSecurity does not cause any issues, because once the obviously still existant logs from a previous ModSecurity
installation are only parsed once. Further actions are not done if the log file does not change.

Enabling or disabling jail absolutely does not depend on the existance of a service. There is no reason why disabling the jail should not work, even if ModSecurity does not exist. If you cannot disable it through GUI (although I currently lack imagination why what could be and what you see instead) you can always edit /etc/fail2ban/jail.local an disable it there (set active state to "false").