• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Fail2ban - plesk says jail is enabled, but it isn't

finbarr69

finbarr69

Basic Pleskian
I was wondering why my plesk-dovecot jail was not having any effect (hackers locking up the webmail with excessive failed logins). Looking at Plesk in the admin interface for fail2ban, it showed as enabled (green tick), but when I look at /etc/fail2ban/jail.d/plesk.conf it shows as enabled=false (all the plesk "enabled" jails do).

I tried to turn it off and on and got these warnings in the Plesk admin page:
Error: Unable to switch off the jail: f2bmng failed: WARNING 'syslogsocket' not defined in 'Definition'. Using default one: 'auto'
WARNING 'dbfile' not defined in 'Definition'. Using default one: '/var/lib/fail2ban/fail2ban.sqlite3'
WARNING 'dbpurgeage' not defined in 'Definition'. Using default one: 86400
ERROR NOK: ('Invalid log level',)
ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload']' returned non-zero exit status 255
ERROR:f2bmng:Failed to reload following jails due to errors in configuration

Then I tried from the command line to restart fail2ban and got:
Starting fail2ban: WARNING 'syslogsocket' not defined in 'Definition'. Using default one: 'auto'
WARNING 'dbfile' not defined in 'Definition'. Using default one: '/var/lib/fail2ban/fail2ban.sqlite3'
WARNING 'dbpurgeage' not defined in 'Definition'. Using default one: 86400
ERROR NOK: ('Invalid log level',)

So, what's the best thing to get this all working again? I don't mind re-installing fail2ban if that's the easiest solution. I just want it to really work without it pretending it is working. ;-)

Thanks

Brian
 
Hi finbarr69,

actually, you already see the suggestions and resolutions in the warnings:

finbarr69 said:
WARNING 'syslogsocket' not defined in 'Definition'. Using default one: 'auto'
Click to expand...
You didn't define a "syslogsocket" in the specific jail - configuration and the standard setting from "fail2ban.conf" is used. Well, this WARNING is harmless, because it just tells you, that you should use a "syslogsocket" setting in every jail.

finbarr69 said:
WARNING 'dbfile' not defined in 'Definition'. Using default one: '/var/lib/fail2ban/fail2ban.sqlite3'
Click to expand...
You didn't define a "dbfile" in the specific jail - configuration and the standard setting from "fail2ban.conf" is used. Well, this WARNING is harmless, because it just tells you, that you should use a "dbfile" setting in every jail.

finbarr69 said:
WARNING 'dbpurgeage' not defined in 'Definition'. Using default one: 86400
Click to expand...
You didn't define a "dbpurgeage" in the specific jail - configuration and the standard setting from "fail2ban.conf" is used. Well, this WARNING is harmless, because it just tells you, that you should use a "dbpurgeage" setting in every jail.


BUT:
finbarr69 said:
ERROR NOK: ('Invalid log level',)
Click to expand...
... will result in a non-functional Fail2Ban and therefore the service will not start/restart or reload. Please see "fail2ban.conf" for possible log - level definitions and correct your misconfiguration.
Code: 
[Definition]

# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = ERROR
 
Thank you for your kind reply. However, I thought this was supposed to work out of the box and would have expected the fail2ban.conf to have already been set up appropriately by Plesk.

Can you advise how to simply remove fail2ban and install it again with all the default plesk rules? I'm happy to set things up again from there. :)
 
Hi finbarr69,

the fail2ban - extension does indeed work "out of box", but if your installation is corrupted, or if you modified jails or configuration files, then you have to "repair" that.

  • Make a backup:
mkdir /etc/fail2ban.backup && cp /etc/fail2ban /etc/fail2ban.backup
  • afterwards to remove Fail2Ban:
/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --reinstall-patch --remove-component fail2ban

... make sure, that the folder "/etc/fail2ban" was removed as well during the removing - process.
  • afterwards to re-install Fail2Ban:
/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --reinstall-patch --install-component fail2ban
 
Same problem here, even after your mentioned steps I'm still getting the this error messages...

Code: 
[[errorJailNotDisabled]]

Code: 
Die ausgewählten Jails können nicht eingeschaltet werden: f2bmng failed: WARNING 'syslogsocket' not defined in 'Definition'. Using default one: 'auto'
WARNING 'dbfile' not defined in 'Definition'. Using default one: '/var/lib/fail2ban/fail2ban.sqlite3'
WARNING 'dbpurgeage' not defined in 'Definition'. Using default one: 86400
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload']' returned non-zero exit status 255
ERROR:f2bmng:Failed to reload following jails due to errors in configuration

I've tried to activate the "plesk-panel" jail. I don't know what's wrong... :-(
 
Hi bergkuh,

bergkuh said:
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
Click to expand...
this states clear, that you used a setting, with no action, or set an option, which is not supported for your Fail2Ban - version.

If you wish further investigations, please post your current OS, your used Fail2Ban - version and include all configuration files, jails and actions.
 
Hi UFHH01,

UFHH01 said:
If you wish further investigations, please post your current OS, your used Fail2Ban - version and include all configuration files, jails and actions.
Click to expand...

I'm running Fail2ban v0.8.13 installed via Plesk 12.0.18 on CentOS 7...
 
Last edited by a moderator:
Hi bergkuh,

please have a look at your files on your own, i.e.: "jail.conf" or/and "jail.local". As you can see, your jails are set to "false" ( in both files ) and are not configured ( in "jail.local" ).

An example for a configured jail:
Code: 
[plesk-panel]
enabled = true
action = iptables-multiport[name="plesk-login", port="8880,8443"]
filter = plesk-panel
logpath = /var/log/plesk/panel.log
findtime = 43200
bantime = 86400
maxretry = 5

You are able to configure your jails over the Plesk Control Panel: Tools & Settings > IP Address Banning
 
I've activated the jails by hand in both files. But if I want to deactivate "recidive" via Plesk I get the following error:

Code: 
Die ausgewählten Jails können nicht ausgeschaltet werden: f2bmng failed: WARNING 'syslogsocket' not defined in 'Definition'. Using default one: 'auto'
WARNING 'dbfile' not defined in 'Definition'. Using default one: '/var/lib/fail2ban/fail2ban.sqlite3'
WARNING 'dbpurgeage' not defined in 'Definition'. Using default one: 86400
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: (2, 'No such file or directory')
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload']' returned non-zero exit status 255
ERROR:f2bmng:Failed to reload following jails due to errors in configuration

But the jail is deactivated correctly.
 
If I try to reanable the same jail via the Plesk interface:

Code: 
[[errorJailNotDisabled]]
Code: 
Die ausgewählten Jails können nicht eingeschaltet werden: f2bmng failed: WARNING 'syslogsocket' not defined in 'Definition'. Using default one: 'auto'
WARNING 'dbfile' not defined in 'Definition'. Using default one: '/var/lib/fail2ban/fail2ban.sqlite3'
WARNING 'dbpurgeage' not defined in 'Definition'. Using default one: 86400
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR NOK: ('Invalid command (no set action or not yet implemented)',)
ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload']' returned non-zero exit status 255
ERROR:f2bmng:Failed to reload following jails due to errors in configuration
.

The jail is still deactivated.
 
In my fail2ban.conf - GitHub - the options for syslogsocket, dbfile and dbpurgeage are missing:

Code: 
WARNING 'syslogsocket' not defined in 'Definition'. Using default one: 'auto'
WARNING 'dbfile' not defined in 'Definition'. Using default one: '/var/lib/fail2ban/fail2ban.sqlite3'
WARNING 'dbpurgeage' not defined in 'Definition'. Using default one: 86400

Maybe someone can send me a "correct" fail2ban.conf to check if something is missing in mine.

EDIT: Hmmm... Watchdog is saying that fail2ban isn't configured in Plesk but the jails are marked active...
 
Last edited by a moderator:
@UFHH01 many grateful thanks for your instructions. I tweaked the backup command as it didn't work. So I used:

cd /etc
cp -rp fail2ban fail2ban.backup

After un-installing, the fail2ban directory still had some remnants, so I did
rm -rf fail2ban

Then I did the re-install and it fixed everything with the exception of the log file which I had to add by hand by editing /etc/fail2ban/fail2ban.conf and making the following changes:

#logtarget = SYSLOG
logtarget = /var/log/fail2ban.log

(comment out logtarget=syslog and add the next line).

This makes the log file visible from the Plesk Fail2ban interface. Not quite sure why I had to add that, you'd expect Plesk to have configured that already - probably a wee bug, but there you are. :)

@bergkuh have a look at https://github.com/fail2ban/fail2ban/blob/master/config/fail2ban.conf

Warmest regards :) ,

Brian
 
I've no idea how but fail2ban is running... But my fail2ban.log is about 90MB because of different warnings... So how can I run the flushlogs command? Or should I just remove the log and another one will by created by fail2ban? Thanks for your help!!!
 
Hi bergkuh,

please consider to use logrotate for Fail2Ban as well. You might find it usefull to read: "http://www.fail2ban.org/wiki/index.php/MANUAL_0_8"

It is not recommended to delete the log, because you will loose informations about previous banned IPs, which makes the "recidive" - jail useless. Instead you would use logrotate and define a specific size, or rotate on a daily/weekly basis.
 
You must log in or register to reply here.

Similar threads

K
Resolved Ubuntu 24.04 - Fail2ban not working
Replies
2
Views
2K
Kaspar@Plesk
Kaspar@Plesk
A
Issue Problems with fail2ban
Replies
1
Views
732
Kaspar@Plesk
Kaspar@Plesk
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
1K
Bitpalast
Bitpalast
T
WEB UI - Fail2Ban version 0.11 supports incremental bantime, Plesk UI does not
Replies
9
Views
3K
trialotto
T
Oldiesmann
Issue Can't enable plesk-modsecurity jail for fail2ban
Replies
7
Views
2K
Maarten
M
Back
Top