Solved

Linux fail2ban not starting up after yum update on CentOS 5

Posted on 2012-03-19
25
1,464 Views
Last Modified: 2012-04-05
Say,

This is the current issue:

[root@messaging ~]# service fail2ban status
Fail2ban (pid 30613) is running...

________
It just hangs there - have to hit Cntl-C to proceed.

How can I tell yum to downgrade fail2ban? I upgraded wth yum update fail2ban
How can I remove fail2ban and re-install?
Also how can I debug why its not starting up. It did fine before the yum update.
Tx

Some more info:

[root@messaging ~]# service fail2ban start
Starting fail2ban:      
____
Have to hit Cntl-C to continue and shows an OK.
______

[root@messaging ~]# ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
 4348 pts/6    S+     0:00 grep fail2ban
30613 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
[root@messaging ~]#
_________
[root@messaging ~]# fail2ban-client -V
Fail2Ban v0.8.4

Copyright (c) 2004-2008 Cyril Jaquier
Copyright of modifications held by their respective authors.
Licensed under the GNU General Public License v2 (GPL).

Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
[root@messaging ~]#
0
Comment
Question by:shaunwingin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
25 Comments
 
LVL 2

Expert Comment

by:n4th4nr1ch
ID: 37736652
1. ps aux
not ps -ax
for most modern linux systems.


2. yum downgrade packagename
this is how you downgrade to any other versions in your repository
You can also manually downgrade by using rpm.


3. It may also be helpful to install strace
yum install -y strace

then, instead of just using service you can try:
strace -e file /etc/init.d/fail2ban start

That will give you better debugging output.
0
 

Author Comment

by:shaunwingin
ID: 37736682
Below is yum update of fal2ban
I have edited /etc/fail2ban/jail.conf.rpmnew
=====================================================================================================================================================================================================
 Package                                             Arch                                        Version                                             Repository                                 Size
=====================================================================================================================================================================================================
Updating:
 fail2ban                                            noarch                                      0.8.4-29.el5                                        epel                                      136 k
Installing for dependencies:
 python-ctypes                                       x86_64                                      1.0.2-3.el5                                         base                                      210 k
 python-inotify                                      noarch                                      0.9.1-1.el5                                         epel                                       86 k

Transaction Summary
=====================================================================================================================================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)

Total download size: 432 k
Is this ok [y/N]: y
Downloading Packages:
(1/3): python-inotify-0.9.1-1.el5.noarch.rpm                                                                                                                                  |  86 kB     00:00
(2/3): fail2ban-0.8.4-29.el5.noarch.rpm                                                                                                                                       | 136 kB     00:02
(3/3): python-ctypes-1.0.2-3.el5.x86_64.rpm                                                                                                                                   | 210 kB     00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                 71 kB/s | 432 kB     00:06
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : python-ctypes                                                                                                                                                                 1/4
  Installing     : python-inotify                                                                                                                                                                2/4
  Updating       : fail2ban                                                                                                                                                                      3/4
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew
  Cleanup        : fail2ban                                                                                                                                                                      4/4

Dependency Installed:
  python-ctypes.x86_64 0:1.0.2-3.el5                                                               python-inotify.noarch 0:0.9.1-1.el5

Updated:
  fail2ban.noarch 0:0.8.4-29.el5
0
 
LVL 5

Expert Comment

by:1ly4me
ID: 37736865
Seems like error in conf file, check fail2ban log file.
Also check your jail.conf file, If you have done any changes remove it and start fail2ban with default settings.
The new version also supports TCP wrappers, check you hosts.allow and deny files.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:shaunwingin
ID: 37736879
tx.
see

[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/touch", 0x7fffc9650980)     = -1 ENOENT (No such file or directory)
stat("/usr/sbin/touch", 0x7fffc9650980) = -1 ENOENT (No such file or directory)
stat("/bin/touch", {st_mode=S_IFREG|0755, st_size=42696, ...}) = 0
access("/bin/touch", X_OK)              = 0
access("/bin/touch", R_OK)              = 0
stat("/bin/touch", {st_mode=S_IFREG|0755, st_size=42696, ...}) = 0
access("/bin/touch", X_OK)              = 0
access("/bin/touch", R_OK)              = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
                                                           [  OK  ]
[root@messaging filter.d]# ps aux | grep fail2ban
root      4658  0.0  0.0 134908  4736 ?        S    10:43   0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
root      5896  0.0  0.0  61216   752 pts/6    S+   11:28   0:00 grep fail2ban
[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban stop
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "stop"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Stopping fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 

Author Comment

by:shaunwingin
ID: 37736911
This is hosts.allow

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
0
 

Author Comment

by:shaunwingin
ID: 37736938
and hosts.deny

#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
0
 

Author Comment

by:shaunwingin
ID: 37736940
fail2ban log file not being updated - as last entry for yesterday.
0
 

Author Comment

by:shaunwingin
ID: 37736942
This is perhaps more usefull. Did a kill - 9 pid for fail2ban

then


[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 

Author Comment

by:shaunwingin
ID: 37736952
Even with yum downgrade still get error:


[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/rm", 0x7fff91ce5170)        = -1 ENOENT (No such file or directory)
stat("/usr/sbin/rm", 0x7fff91ce5170)    = -1 ENOENT (No such file or directory)
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK)                 = 0
access("/bin/rm", R_OK)                 = 0
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK)                 = 0
access("/bin/rm", R_OK)                 = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
0
 

Author Comment

by:shaunwingin
ID: 37736956
This was downgrade:

[root@messaging filter.d]# yum downgrade fail2ban
Loaded plugins: fastestmirror, priorities
Setting up Downgrade Process
Loading mirror speeds from cached hostfile
 * base: ftp.wa.co.za
 * epel: ftp.rediris.es
 * extras: ftp.wa.co.za
 * rpmforge: apt.sw.be
 * updates: ftp.wa.co.za
addons                                                                                                                                                                        | 1.9 kB     00:00
base                                                                                                                                                                          | 1.1 kB     00:00
epel                                                                                                                                                                          | 3.4 kB     00:00
extras                                                                                                                                                                        | 2.1 kB     00:00
pgdg90                                                                                                                                                                        | 2.8 kB     00:00
rpmforge                                                                                                                                                                      | 1.1 kB     00:00
updates                                                                                                                                                                       | 1.9 kB     00:00
Excluding Packages from CentOS-5 - Base
Finished
Excluding Packages from CentOS-5 - Updates
Finished
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.noarch 0:0.8.2-3.el5.rf set to be updated
---> Package fail2ban.noarch 0:0.8.4-29.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================================================
 Package                                       Arch                                        Version                                               Repository                                     Size
=====================================================================================================================================================================================================
Downgrading:
 fail2ban                                      noarch                                      0.8.2-3.el5.rf                                        rpmforge                                      125 k

Transaction Summary
=====================================================================================================================================================================================================
Remove        0 Package(s)
Reinstall     0 Package(s)
Downgrade     1 Package(s)

Total download size: 125 k
Is this ok [y/N]: y
Downloading Packages:
fail2ban-0.8.2-3.el5.rf.noarch.rpm                                                                                                                                            | 125 kB     00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : fail2ban                                                                                                                                                                      1/2
warning: /etc/fail2ban/fail2ban.conf created as /etc/fail2ban/fail2ban.conf.rpmnew
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew
  Cleanup        : fail2ban                                                                                                                                                                      2/2

Removed:
  fail2ban.noarch 0:0.8.4-29.el5

Installed:
  fail2ban.noarch 0:0.8.2-3.el5.rf

Complete!
0
 

Author Comment

by:shaunwingin
ID: 37736975
tail of fail2ban.log (but not updating)
See the errors pls.


Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2012-03-18 15:03:27,872 fail2ban.actions.action: INFO   Set actionUnban =
2012-03-18 15:03:27,872 fail2ban.actions.action: INFO   Set actionCheck =
2012-03-18 15:03:27,875 fail2ban.jail   : INFO   Using Gamin
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Created Filter
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Created FilterGamin
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-03-18 15:03:27,876 fail2ban.filter : INFO   Set maxRetry = 3
2012-03-18 15:03:27,877 fail2ban.filter : INFO   Set findtime = 600
2012-03-18 15:03:27,877 fail2ban.actions: INFO   Set banTime = 31536000
2012-03-18 15:03:27,880 fail2ban.actions.action: INFO   Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2012-03-18 15:03:27,880 fail2ban.actions.action: INFO   Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2012-03-18 15:03:27,881 fail2ban.actions.action: INFO   Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2012-03-18 15:03:27,881 fail2ban.actions.action: INFO   Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2012-03-18 15:03:27,882 fail2ban.actions.action: INFO   Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2012-03-18 15:03:27,895 fail2ban.actions.action: ERROR  iptables -N fail2ban-ASTERISK
iptables -A fail2ban-ASTERISK -j RETURN
iptables -I INPUT -p all -j fail2ban-ASTERISK returned 100
2012-03-18 15:03:27,938 fail2ban.actions.action: ERROR  iptables -N fail2ban-SSH
iptables -A fail2ban-SSH -j RETURN
iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 37737113
Hi,

According to yum output there are 3 files modified by you:

warning: /etc/fail2ban/fail2ban.conf created as /etc/fail2ban/fail2ban.conf.rpmnew
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew

So try to save the current version of these files and restart with rpmnew. versions and restore all three files from them and try to modify. I believe there's something wrong about your config. Otherwise it should be quite a straightforward process..

Cheers,
K.
0
 

Author Comment

by:shaunwingin
ID: 37737614
I've tried what you say KeremE but this is the startup error. Perhaps I'm missing somethng important in the files. Log file doesn't get written.


[root@messaging fail2ban]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 167 total points
ID: 37740655
Forget about dtrace for a moment.

what is the result of starting fail2ban by hand?

i.e.
/etc/init.d/fail2ban start

or better yet, the command:
/usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x

if there is an issue it will be printed to screen.

Also you have posted about fail2ban, but not about the rules in iptables making it work.
0
 

Author Comment

by:shaunwingin
ID: 37740856
Tx!
See below. The fail2ban logfile is still not being updated!

[root@messaging fail2ban]# /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
2012-03-20 08:09:41,409 fail2ban.server : INFO   Starting Fail2ban v0.8.4
2012-03-20 08:09:41,410 fail2ban.server : INFO   Starting in daemon mode
[root@messaging fail2ban]# !ps
ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
 9343 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
16599 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
16616 pts/5    S+     0:00 grep fail2ban
[root@messaging fail2ban]#
0
 

Author Comment

by:shaunwingin
ID: 37740859
[root@messaging fail2ban]# /etc/init.d/fail2ban status
Fail2ban (pid 9343) is running...
Status
|- Number of jail:      0
`- Jail list:
[root@messaging fail2ban]#
0
 

Author Comment

by:shaunwingin
ID: 37740942
Pls also send links explaining how to configure the conf files for the version we upgraded to. Tx
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 37741063
It seems that it is where it hangs. Will you please remove fail2ban altogeter and reinstall ?? You can remove it with:

yum remove fail2ban

Open in new window


or

rpm -qa fail2ban | xargs rpm -ev 

Open in new window


and reinstall again after removing all files about it especially in /etc

Cheers,
K.
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 333 total points
ID: 37741175
Hi,

ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ

This is about the dash before ax in ps : )
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 37742013
Tx!
See below. The fail2ban logfile is still not being updated!

Yeah it is not becasue the daemon dies before it tries to touch the files. This is why I am suggesting to remove all files and retry.
0
 

Author Comment

by:shaunwingin
ID: 37749555
Tried uninstalling and deleting /etc/fail2ban but still same issues!
0
 

Author Comment

by:shaunwingin
ID: 37749564
Also yum not installing latest version.
Its CentOS 64 bit system.

Please give details for EPL update. see below.
http://fedoraproject.org/wiki/EPEL#What_packages_and_versions_are_available_in_EPEL.3F
[21:50:57] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.

NOTE: You need to also enable the 'optional' repository to use EPEL packages as they depend on packages in that repository. This can be done by enabling the RHEL optional subchannel for example. (Related profile is located at:/etc/yum.repos.d/epel-testing.repo)
[21:52:24] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.

NOTE: You need to also enable the 'optional' repository to use EPEL packages as they depend on packages in that repository. This can be done by enabling the RHEL optional subchannel for example. (Related profile is located at:/etc/yum.repos.d/epel-testing.repo)
[21:52:37] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.
http://www.fail2ban.org/wiki/index.php/Main_Page
0
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 333 total points
ID: 37750032
Will you start fail2ban client? This way may be it will be printing out more information:
fail2ban-client start

Open in new window


Please post the information here.

Cheers,
K
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question