Resolved fail2ban timeout when starting jails

[UnS3eN]

Hi guys,

Having trouble loading more that 2 jails - fail2ban times out when starting. There are just too many logs to read. I need to increase the TimeoutStartSec value, but I can't find where this should go.
As per Fail2Ban hangs on start: Action already exists or fail2ban.service start operation timed out, it should go under the [Service] section in the service file (/lib/systemd/system/fail2ban.service), but it doesn't exist on my system as I'm running CentOS 6.10 and I obviously can't add it to the /etc/rc.d/init.d/fail2ban script.

Googling turned up nothing useful.

Can anyone point me in the right direction?

# plesk version
Product version: Plesk Onyx 17.5.3 Update #83
    Update date: 2019/09/18 03:19
     Build date: 2018/12/14 14:00
     OS version: CentOS 6.10
       Revision: 55d1b49a272f44666e1920eca8b6e4da449a38cd
   Architecture: 64-bit
Wrapper version: 1.2

 

[Bitpalast]

systemd was introduced in RHEL (and CentOS) 7. In earlier versions, these files and structures don't exist. Previous versions store system init files in /etc/rc.d/init.d. You might also find a file in /etc/sysconfig. But unfortunately I am not able to provide the correct content, respectively explain where to tweak the timeout value :-(

What you might consider to do instead is to split jails that will read many log files into separate jails. Especially when you are running many domain names on a system, you should consider to create jails for each alphabet letter a domain is starting with. Instead of having an "apache" jail you'd then have an "apache-a", "apache-b", "apache-c" and so on. This is important not only for starting the service, but for ongoing operations, because there fail2ban has to read all the logs, too. And it can do it much better, faster and more reliable when the number of logs per jail is low.

 

[UnS3eN]

Previous versions store system init files in /etc/rc.d/init.d. You might also find a file in /etc/sysconfig.

looks like there's nothing related to fail2ban in /etc/sysconfig

# ls /etc/sysconfig | grep fail2ban
#

What you might consider to do instead is to split jails that will read many log files into separate jails...And it can do it much better, faster and more reliable when the number of logs per jail is low.

Wouldn't the total number of log it would need to load still be the same though and still take the same amount of time to load? Or is the timeout value per jail, not for the entire process?

 

[Bitpalast]

The total number of logs might still be the same, but the jails are started separately one after another. It should not time out when there is a higher number of jails, but less (and smaller logs) in a single jail.

 

[UnS3eN]

Thanks for the explanation. I might just try that.