[BlueOnyx:23758] Re: Fail2ban cannot be restarted

Meaulnes Legler @ MailList bluelist at waveweb.ch
Thu Mar 19 11:47:16 -05 2020 

thank you Michael!

# systemctl status fail2ban
* fail2ban.service - Fail2Ban Service
    Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Thu 2020-03-19 17:30:02 CET; 11min ago
      Docs: man:fail2ban(1)
   Process: 26370 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=255)
   Process: 26348 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255)
   Process: 26341 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
  Main PID: 26348 (code=exited, status=255)

Mar 19 17:30:02 vs fail2ban-server[26348]: 2020-03-19 17:30:02,434 fail2ban.configreader   [26348]: ERROR   Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Mar 19 17:30:02 vs fail2ban-server[26348]: 2020-03-19 17:30:02,434 fail2ban.jailreader     [26348]: ERROR   Unable to read the filter 'sshd-ddos'
Mar 19 17:30:02 vs fail2ban-server[26348]: 2020-03-19 17:30:02,434 fail2ban.jailsreader    [26348]: ERROR   Errors in jail 'sshd-ddos'. Skipping...
Mar 19 17:30:02 vs fail2ban-server[26348]: 2020-03-19 17:30:02,439 fail2ban                [26348]: ERROR   There is no directory /var/run/fail2ban to contain the socket file /var/run/fail2ban/fail2ban.sock.
Mar 19 17:30:02 vs fail2ban-server[26348]: 2020-03-19 17:30:02,448 fail2ban                [26348]: ERROR   Async configuration of server failed
Mar 19 17:30:02 vs systemd[1]: fail2ban.service: main process exited, code=exited, status=255/n/a
Mar 19 17:30:02 vs fail2ban-client[26370]: 2020-03-19 17:30:02,534 fail2ban                [26370]: ERROR   Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
Mar 19 17:30:02 vs systemd[1]: fail2ban.service: control process exited, code=exited status=255
Mar 19 17:30:02 vs systemd[1]: Unit fail2ban.service entered failed state.
Mar 19 17:30:02 vs systemd[1]: fail2ban.service failed.

# tail -20 /var/log/fail2ban.log
2020-03-19 05:53:55,694 fail2ban.filter         [27646]: INFO [dovecot] Found 185.228.4.38
2020-03-19 05:53:56,413 fail2ban.filter         [27646]: INFO [dovecot] Found 185.228.4.38
2020-03-19 05:56:24,056 fail2ban.filter         [27646]: INFO [pam-generic] Found 218.64.57.12
2020-03-19 05:56:24,059 fail2ban.filter         [27646]: INFO [dovecot] Found 218.64.57.12
2020-03-19 05:56:28,649 fail2ban.filter         [27646]: INFO [dovecot] Found 218.64.57.12
2020-03-19 05:58:02,286 fail2ban.filter         [27646]: INFO [sshd] Found 112.78.1.247
2020-03-19 05:58:02,297 fail2ban.filter         [27646]: INFO [sshd] Found 112.78.1.247
2020-03-19 05:58:02,303 fail2ban.filter         [27646]: INFO [pam-generic] Found 112.78.1.247
2020-03-19 05:58:04,279 fail2ban.filter         [27646]: INFO [sshd] Found 112.78.1.247
2020-03-19 06:00:58,077 fail2ban.actions        [27646]: NOTICE [pam-generic] Unban 185.228.4.38
2020-03-19 06:04:10,324 fail2ban.server         [27646]: INFO Stopping all jails
2020-03-19 06:04:11,262 fail2ban.jail           [27646]: INFO Jail 'sshd' stopped
2020-03-19 06:04:11,598 fail2ban.jail           [27646]: INFO Jail 'pam-generic' stopped
2020-03-19 06:04:12,264 fail2ban.jail           [27646]: INFO Jail 'sendmail-auth' stopped
2020-03-19 06:04:13,266 fail2ban.jail           [27646]: INFO Jail 'proftpd' stopped
2020-03-19 06:04:14,267 fail2ban.jail           [27646]: INFO Jail 'dovecot' stopped
2020-03-19 06:04:15,267 fail2ban.jail           [27646]: INFO Jail 'sshd-ddos' stopped
2020-03-19 06:04:16,268 fail2ban.jail           [27646]: INFO Jail 'sendmail-reject' stopped
2020-03-19 06:04:16,401 fail2ban.server         [27646]: INFO Exiting Fail2ban
2020-03-19 06:04:16,513 fail2ban.server         [27646]: INFO Stopping all jails


On 19.03.20 17:18, Michael Stauber wrote:
> Hi Meaulnes,
>
>> «Fail2ban is not running and could not be restarted. Please try to
>> restart the service fail2ban manually.»
>>
>> does anyone encounter this, too?
>>
>> restarting fail2ban over the GUI doesn't change anything and I don't
>> know to do it from the command line.
>
> The command for that is "systemctl restart fail2ban" and you can also
> check its status with "systemctl status fail2ban".
>
> An updated Fail2ban hit the YUM repositories for 5209R yesterday, so
> this is certainly related to that. Let me know what "systemctl status
> fail2ban" reports and also maybe the last couple of lines from
> /var/log/fail2ban.log.
>

More information about the Blueonyx mailing list