?
Solved

Linux fail2ban not starting up after yum update on CentOS 5

Posted on 2012-03-19
25
Medium Priority
?
1,498 Views
Last Modified: 2012-04-05
Say,

This is the current issue:

[root@messaging ~]# service fail2ban status
Fail2ban (pid 30613) is running...

________
It just hangs there - have to hit Cntl-C to proceed.

How can I tell yum to downgrade fail2ban? I upgraded wth yum update fail2ban
How can I remove fail2ban and re-install?
Also how can I debug why its not starting up. It did fine before the yum update.
Tx

Some more info:

[root@messaging ~]# service fail2ban start
Starting fail2ban:      
____
Have to hit Cntl-C to continue and shows an OK.
______

[root@messaging ~]# ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
 4348 pts/6    S+     0:00 grep fail2ban
30613 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
[root@messaging ~]#
_________
[root@messaging ~]# fail2ban-client -V
Fail2Ban v0.8.4

Copyright (c) 2004-2008 Cyril Jaquier
Copyright of modifications held by their respective authors.
Licensed under the GNU General Public License v2 (GPL).

Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
[root@messaging ~]#
0
Comment
Question by:shaunwingin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
25 Comments
 
LVL 2

Expert Comment

by:n4th4nr1ch
ID: 37736652
1. ps aux
not ps -ax
for most modern linux systems.


2. yum downgrade packagename
this is how you downgrade to any other versions in your repository
You can also manually downgrade by using rpm.


3. It may also be helpful to install strace
yum install -y strace

then, instead of just using service you can try:
strace -e file /etc/init.d/fail2ban start

That will give you better debugging output.
0
 

Author Comment

by:shaunwingin
ID: 37736682
Below is yum update of fal2ban
I have edited /etc/fail2ban/jail.conf.rpmnew
=====================================================================================================================================================================================================
 Package                                             Arch                                        Version                                             Repository                                 Size
=====================================================================================================================================================================================================
Updating:
 fail2ban                                            noarch                                      0.8.4-29.el5                                        epel                                      136 k
Installing for dependencies:
 python-ctypes                                       x86_64                                      1.0.2-3.el5                                         base                                      210 k
 python-inotify                                      noarch                                      0.9.1-1.el5                                         epel                                       86 k

Transaction Summary
=====================================================================================================================================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)

Total download size: 432 k
Is this ok [y/N]: y
Downloading Packages:
(1/3): python-inotify-0.9.1-1.el5.noarch.rpm                                                                                                                                  |  86 kB     00:00
(2/3): fail2ban-0.8.4-29.el5.noarch.rpm                                                                                                                                       | 136 kB     00:02
(3/3): python-ctypes-1.0.2-3.el5.x86_64.rpm                                                                                                                                   | 210 kB     00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                 71 kB/s | 432 kB     00:06
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : python-ctypes                                                                                                                                                                 1/4
  Installing     : python-inotify                                                                                                                                                                2/4
  Updating       : fail2ban                                                                                                                                                                      3/4
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew
  Cleanup        : fail2ban                                                                                                                                                                      4/4

Dependency Installed:
  python-ctypes.x86_64 0:1.0.2-3.el5                                                               python-inotify.noarch 0:0.9.1-1.el5

Updated:
  fail2ban.noarch 0:0.8.4-29.el5
0
 
LVL 5

Expert Comment

by:1ly4me
ID: 37736865
Seems like error in conf file, check fail2ban log file.
Also check your jail.conf file, If you have done any changes remove it and start fail2ban with default settings.
The new version also supports TCP wrappers, check you hosts.allow and deny files.
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 

Author Comment

by:shaunwingin
ID: 37736879
tx.
see

[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/touch", 0x7fffc9650980)     = -1 ENOENT (No such file or directory)
stat("/usr/sbin/touch", 0x7fffc9650980) = -1 ENOENT (No such file or directory)
stat("/bin/touch", {st_mode=S_IFREG|0755, st_size=42696, ...}) = 0
access("/bin/touch", X_OK)              = 0
access("/bin/touch", R_OK)              = 0
stat("/bin/touch", {st_mode=S_IFREG|0755, st_size=42696, ...}) = 0
access("/bin/touch", X_OK)              = 0
access("/bin/touch", R_OK)              = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
                                                           [  OK  ]
[root@messaging filter.d]# ps aux | grep fail2ban
root      4658  0.0  0.0 134908  4736 ?        S    10:43   0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
root      5896  0.0  0.0  61216   752 pts/6    S+   11:28   0:00 grep fail2ban
[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban stop
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "stop"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Stopping fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 

Author Comment

by:shaunwingin
ID: 37736911
This is hosts.allow

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
0
 

Author Comment

by:shaunwingin
ID: 37736938
and hosts.deny

#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
0
 

Author Comment

by:shaunwingin
ID: 37736940
fail2ban log file not being updated - as last entry for yesterday.
0
 

Author Comment

by:shaunwingin
ID: 37736942
This is perhaps more usefull. Did a kill - 9 pid for fail2ban

then


[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 

Author Comment

by:shaunwingin
ID: 37736952
Even with yum downgrade still get error:


[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/rm", 0x7fff91ce5170)        = -1 ENOENT (No such file or directory)
stat("/usr/sbin/rm", 0x7fff91ce5170)    = -1 ENOENT (No such file or directory)
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK)                 = 0
access("/bin/rm", R_OK)                 = 0
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK)                 = 0
access("/bin/rm", R_OK)                 = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
0
 

Author Comment

by:shaunwingin
ID: 37736956
This was downgrade:

[root@messaging filter.d]# yum downgrade fail2ban
Loaded plugins: fastestmirror, priorities
Setting up Downgrade Process
Loading mirror speeds from cached hostfile
 * base: ftp.wa.co.za
 * epel: ftp.rediris.es
 * extras: ftp.wa.co.za
 * rpmforge: apt.sw.be
 * updates: ftp.wa.co.za
addons                                                                                                                                                                        | 1.9 kB     00:00
base                                                                                                                                                                          | 1.1 kB     00:00
epel                                                                                                                                                                          | 3.4 kB     00:00
extras                                                                                                                                                                        | 2.1 kB     00:00
pgdg90                                                                                                                                                                        | 2.8 kB     00:00
rpmforge                                                                                                                                                                      | 1.1 kB     00:00
updates                                                                                                                                                                       | 1.9 kB     00:00
Excluding Packages from CentOS-5 - Base
Finished
Excluding Packages from CentOS-5 - Updates
Finished
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.noarch 0:0.8.2-3.el5.rf set to be updated
---> Package fail2ban.noarch 0:0.8.4-29.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================================================
 Package                                       Arch                                        Version                                               Repository                                     Size
=====================================================================================================================================================================================================
Downgrading:
 fail2ban                                      noarch                                      0.8.2-3.el5.rf                                        rpmforge                                      125 k

Transaction Summary
=====================================================================================================================================================================================================
Remove        0 Package(s)
Reinstall     0 Package(s)
Downgrade     1 Package(s)

Total download size: 125 k
Is this ok [y/N]: y
Downloading Packages:
fail2ban-0.8.2-3.el5.rf.noarch.rpm                                                                                                                                            | 125 kB     00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : fail2ban                                                                                                                                                                      1/2
warning: /etc/fail2ban/fail2ban.conf created as /etc/fail2ban/fail2ban.conf.rpmnew
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew
  Cleanup        : fail2ban                                                                                                                                                                      2/2

Removed:
  fail2ban.noarch 0:0.8.4-29.el5

Installed:
  fail2ban.noarch 0:0.8.2-3.el5.rf

Complete!
0
 

Author Comment

by:shaunwingin
ID: 37736975
tail of fail2ban.log (but not updating)
See the errors pls.


Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2012-03-18 15:03:27,872 fail2ban.actions.action: INFO   Set actionUnban =
2012-03-18 15:03:27,872 fail2ban.actions.action: INFO   Set actionCheck =
2012-03-18 15:03:27,875 fail2ban.jail   : INFO   Using Gamin
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Created Filter
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Created FilterGamin
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-03-18 15:03:27,876 fail2ban.filter : INFO   Set maxRetry = 3
2012-03-18 15:03:27,877 fail2ban.filter : INFO   Set findtime = 600
2012-03-18 15:03:27,877 fail2ban.actions: INFO   Set banTime = 31536000
2012-03-18 15:03:27,880 fail2ban.actions.action: INFO   Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2012-03-18 15:03:27,880 fail2ban.actions.action: INFO   Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2012-03-18 15:03:27,881 fail2ban.actions.action: INFO   Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2012-03-18 15:03:27,881 fail2ban.actions.action: INFO   Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2012-03-18 15:03:27,882 fail2ban.actions.action: INFO   Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2012-03-18 15:03:27,895 fail2ban.actions.action: ERROR  iptables -N fail2ban-ASTERISK
iptables -A fail2ban-ASTERISK -j RETURN
iptables -I INPUT -p all -j fail2ban-ASTERISK returned 100
2012-03-18 15:03:27,938 fail2ban.actions.action: ERROR  iptables -N fail2ban-SSH
iptables -A fail2ban-SSH -j RETURN
iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 37737113
Hi,

According to yum output there are 3 files modified by you:

warning: /etc/fail2ban/fail2ban.conf created as /etc/fail2ban/fail2ban.conf.rpmnew
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew

So try to save the current version of these files and restart with rpmnew. versions and restore all three files from them and try to modify. I believe there's something wrong about your config. Otherwise it should be quite a straightforward process..

Cheers,
K.
0
 

Author Comment

by:shaunwingin
ID: 37737614
I've tried what you say KeremE but this is the startup error. Perhaps I'm missing somethng important in the files. Log file doesn't get written.


[root@messaging fail2ban]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 501 total points
ID: 37740655
Forget about dtrace for a moment.

what is the result of starting fail2ban by hand?

i.e.
/etc/init.d/fail2ban start

or better yet, the command:
/usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x

if there is an issue it will be printed to screen.

Also you have posted about fail2ban, but not about the rules in iptables making it work.
0
 

Author Comment

by:shaunwingin
ID: 37740856
Tx!
See below. The fail2ban logfile is still not being updated!

[root@messaging fail2ban]# /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
2012-03-20 08:09:41,409 fail2ban.server : INFO   Starting Fail2ban v0.8.4
2012-03-20 08:09:41,410 fail2ban.server : INFO   Starting in daemon mode
[root@messaging fail2ban]# !ps
ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
 9343 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
16599 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
16616 pts/5    S+     0:00 grep fail2ban
[root@messaging fail2ban]#
0
 

Author Comment

by:shaunwingin
ID: 37740859
[root@messaging fail2ban]# /etc/init.d/fail2ban status
Fail2ban (pid 9343) is running...
Status
|- Number of jail:      0
`- Jail list:
[root@messaging fail2ban]#
0
 

Author Comment

by:shaunwingin
ID: 37740942
Pls also send links explaining how to configure the conf files for the version we upgraded to. Tx
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 37741063
It seems that it is where it hangs. Will you please remove fail2ban altogeter and reinstall ?? You can remove it with:

yum remove fail2ban

Open in new window


or

rpm -qa fail2ban | xargs rpm -ev 

Open in new window


and reinstall again after removing all files about it especially in /etc

Cheers,
K.
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 999 total points
ID: 37741175
Hi,

ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ

This is about the dash before ax in ps : )
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 37742013
Tx!
See below. The fail2ban logfile is still not being updated!

Yeah it is not becasue the daemon dies before it tries to touch the files. This is why I am suggesting to remove all files and retry.
0
 

Author Comment

by:shaunwingin
ID: 37749555
Tried uninstalling and deleting /etc/fail2ban but still same issues!
0
 

Author Comment

by:shaunwingin
ID: 37749564
Also yum not installing latest version.
Its CentOS 64 bit system.

Please give details for EPL update. see below.
http://fedoraproject.org/wiki/EPEL#What_packages_and_versions_are_available_in_EPEL.3F
[21:50:57] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.

NOTE: You need to also enable the 'optional' repository to use EPEL packages as they depend on packages in that repository. This can be done by enabling the RHEL optional subchannel for example. (Related profile is located at:/etc/yum.repos.d/epel-testing.repo)
[21:52:24] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.

NOTE: You need to also enable the 'optional' repository to use EPEL packages as they depend on packages in that repository. This can be done by enabling the RHEL optional subchannel for example. (Related profile is located at:/etc/yum.repos.d/epel-testing.repo)
[21:52:37] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.
http://www.fail2ban.org/wiki/index.php/Main_Page
0
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 999 total points
ID: 37750032
Will you start fail2ban client? This way may be it will be printing out more information:
fail2ban-client start

Open in new window


Please post the information here.

Cheers,
K
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month8 days, 1 hour left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question