Issue Fail2Ban never starts

[lepe]

Hi

I cant start Fail2Ban from Plesk or ssh. Before I received always error code 255 and i uninstalled and reinstalled like this plesk user but it dont start

I tried with this plesk post without luck

I attach ssh messages about fail2ban.pid not readable

thank you

 

[MarkM]

Try disabling SeLinux if it's not disabled...

 

[lepe]

i runned "sestatus" but it is disabled

 

[steven_h]

Your screenshot shows fail2ban.pid in a location where (as far as I'm aware) by default it isn't.

Check if my suspicion is correct:

dir /var/run/fail2ban/

It will probably show you that that's where fail2ban.pid is located. Open the service file with nano or vim:

nano /usr/lib/systemd/system/fail2ban.service

And check the line that says:

PIDFile=/var/run/fail2ban/fail2ban.pid

Make sure it matches your actual fail2ban.pid file location. If that doesn't work make sure you locate the file and that it's correctly set at fail2ban.service and check the rights. If the rights are incorrect chmod it to fix it.

 

[lepe]

Hi steven_h

Thank you for your info. I checked it but file location seem to be in right place as I attach in images

 

[steven_h]

np Lepe! To get a more clear idea of the possible cause, could you enlarge your console so we can see the entire message that's output by systemctl status fail2ban?

Usually there's some additional info behind the initial error that's visible in your screenshot. It's also advisable to check what error fail2ban shows in journalctl -xe. Personally I find it easier to work with that.

 

[lepe]

Hi

From Plesk I received this error: ERROR:f2bmng:Failed to start fail2ban service
From plesk log, the next message is repeated when I try enable it:

2018-04-19 15:29:45,800 fail2ban.server [7726]: INFO Stopping all jails
2018-04-19 15:29:45,800 fail2ban.server [7726]: INFO Exiting Fail2ban
2018-04-19 15:29:46,338 fail2ban.server [7761]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2018-04-19 15:29:46,340 fail2ban.database [7761]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'

I attach message requested

Thank you

 

[IgorG]

Check that /var/run directory have correct permissions. It should be like

# stat  /var/run
  File: ‘/var/run’ -> ‘../run’
  Size: 6               Blocks: 0          IO Block: 4096   symbolic link
Device: 1ah/26d Inode: 71979582    Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)

 

[lepe]

Hi IgorG

Permission are good (0777/lrwxrwxrwx)

Do you think my CSF/LFD firewall could be blocking fail2ban?
Any other idea?

 

[MarkM]

does the directory /var/run/fail2ban/ exist?

this is sounding like a really old bug. is fail2ban up to date?

 

[lepe]

Yes, in var/run/fail2ban is the file fail2ban.pid

 

[Bitpalast]

How many log files need to be processed and how big are they? It is possible that a fail2ban start is timing out when fail2ban has to process too many log files in a row or single log files are very large (while "very large" is a yet to be defined size).