• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Forwarded to devs Update to 18.0.63 #4 removed /etc/fail2ban/jail.local, crashed Fail2Ban

Bitpalast

Plesk addicted!
Plesk Guru
Username:

TITLE

Update to 18.0.63 #4 removed /etc/fail2ban/jail.local, crashed Fail2Ban

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Obsidian 18.0.63 #4
Alma 8.9

PROBLEM DESCRIPTION

In one case the automatic minor Plesk update to 18.0.63 #4 has removed the /etc/fail2ban/jail.local file. Fail2Ban became inoperable by the action.

Replacing the jail.local file with a backup && restarting Fail2Ban brought Fail2Ban back into operation.

STEPS TO REPRODUCE

Probably, not sure:
1) Have a custom filter file in /etc/fail2ban/filter.d that does not fully work with the latest Fail2Ban version.
2) Wait on the auto-upgrade done by Plesk.

ACTUAL RESULT

Upgrade stops, jail.local file removed but not replaced by a new version.

EXPECTED RESULT

Do upgrade regardless of potentially wrong filter files.

ANY ADDITIONAL INFORMATION

The cause is probably a customer filter file that Fail2Ban did not like. It seems that when it encounters this situation, the upgrade is not finished properly, leaving the configuration files in a partially undefined state:

From autoinstaller log:

Code:
[2024-09-04 11:07:22.223782]  Trying to upgrade Fail2ban (bootstrapper-post stage)...  Trying to overwrite fail2ban packaged file customizations at /etc/fail2ba
n... done
 Trying to remove local customization from '/etc/fail2ban' to prepare for upgrade... find: /etc/fail2ban/fail2ban.d: No such file or directory
done
 Trying to upgrade Fail2Ban configuration from version '1.0.2' to version '1.1.0'... Upgrade utility failed with following messages:
INFO:f2b_cfg_array:Merging 'fail2ban' configuration...
INFO:f2b_cfg_array:Merging 'jail' configuration...
WARNING:f2b_cfg_array:Following jails were discarded during configuration update as they were misconfigured: INCLUDES
INFO:f2b_cfg_array:Merging unprocessed 'filter.d/' configuration...
ERROR:__main__:While reading from '/etc/fail2ban.previous/filter.d/<custom filter file name>.conf' [line 24]: section 'Definition' already exists

Warning: upgrade Fail2Ban configuration from version '1.0.2' to version '1.1.0'

***** installation problem report *****
Warning: upgrade Fail2Ban configuration from version '1.0.2' to version '1.1.0'
***** installation problem report *****
Warning: upgrade Fail2Ban configuration from version '1.0.2' to version '1.1.0'
STOP plesk-fail2ban-configurator-18.0 installing AT Wed Sep  4 11:07:25 CEST 2024: PROBLEMS FOUND
Bootstrapper has finished action (exec time: 4 sec.): parent_name='fail2ban', sequence='post', stage='execute', sequence_order='0', operation='install', exec_cm
d='/usr/local/psa/bootstrapper/pp18.0.63-bootstrapper/bootstrapper.sh post-install fail2ban-configurator'', m_arch='', exit code: 0, output:  Trying to upgrade
Fail2ban (bootstrapper-post stage)...  Trying to overwrite fail2ban packaged file customizations at /etc/fail2ban... done
 Trying to remove local customization from '/etc/fail2ban' to prepare for upgrade... find: ‘/etc/fail2ban/fail2ban.d’: No such file or directory
done
 Trying to upgrade Fail2Ban configuration from version '1.0.2' to version '1.1.0'... Upgrade utility failed with following messages:
INFO:f2b_cfg_array:Merging 'fail2ban' configuration...
INFO:f2b_cfg_array:Merging 'jail' configuration...
WARNING:f2b_cfg_array:Following jails were discarded during configuration update as they were misconfigured: INCLUDES
INFO:f2b_cfg_array:Merging unprocessed 'filter.d/' configuration...
ERROR:__main__:While reading from '/etc/fail2ban.previous/filter.d/<custom filter file name>.conf' [line 24]: section 'Definition' already exists

Warning: upgrade Fail2Ban configuration from version '1.0.2' to version '1.1.0'

***** installation problem report *****
Warning: upgrade Fail2Ban configuration from version '1.0.2' to version '1.1.0'
***** installation problem report *****
Warning: upgrade Fail2Ban configuration from version '1.0.2' to version '1.1.0'
STOP plesk-fail2ban-configurator-18.0 installing AT Wed Sep  4 11:07:25 CEST 2024: PROBLEMS FOUND

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
In my case it was a jail that had the instructions at the beginning_
[INCLUDES]
# Read common prefixes. If any customizations available — read them from
# common.local
before = common.conf

If I remove this from the jail before the update, the update works normally.
 
Thank you for reporting the issue. Our team was able to reproduce it on a test environment and the behavior was identified with a bug ID PPPM-14611. An improved method for handling custom filters upon upgrade will be introduced in one of the upcoming releases. We appreciate you bringing our attention to this.
 
Back
Top