Solved

Linux fail2ban not starting up after yum update on CentOS 5

Posted on 2012-03-19
25
1,445 Views
Last Modified: 2012-04-05
Say,

This is the current issue:

[root@messaging ~]# service fail2ban status
Fail2ban (pid 30613) is running...

________
It just hangs there - have to hit Cntl-C to proceed.

How can I tell yum to downgrade fail2ban? I upgraded wth yum update fail2ban
How can I remove fail2ban and re-install?
Also how can I debug why its not starting up. It did fine before the yum update.
Tx

Some more info:

[root@messaging ~]# service fail2ban start
Starting fail2ban:      
____
Have to hit Cntl-C to continue and shows an OK.
______

[root@messaging ~]# ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
 4348 pts/6    S+     0:00 grep fail2ban
30613 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
[root@messaging ~]#
_________
[root@messaging ~]# fail2ban-client -V
Fail2Ban v0.8.4

Copyright (c) 2004-2008 Cyril Jaquier
Copyright of modifications held by their respective authors.
Licensed under the GNU General Public License v2 (GPL).

Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
[root@messaging ~]#
0
Comment
Question by:shaunwingin
25 Comments
 
LVL 2

Expert Comment

by:n4th4nr1ch
ID: 37736652
1. ps aux
not ps -ax
for most modern linux systems.


2. yum downgrade packagename
this is how you downgrade to any other versions in your repository
You can also manually downgrade by using rpm.


3. It may also be helpful to install strace
yum install -y strace

then, instead of just using service you can try:
strace -e file /etc/init.d/fail2ban start

That will give you better debugging output.
0
 

Author Comment

by:shaunwingin
ID: 37736682
Below is yum update of fal2ban
I have edited /etc/fail2ban/jail.conf.rpmnew
=====================================================================================================================================================================================================
 Package                                             Arch                                        Version                                             Repository                                 Size
=====================================================================================================================================================================================================
Updating:
 fail2ban                                            noarch                                      0.8.4-29.el5                                        epel                                      136 k
Installing for dependencies:
 python-ctypes                                       x86_64                                      1.0.2-3.el5                                         base                                      210 k
 python-inotify                                      noarch                                      0.9.1-1.el5                                         epel                                       86 k

Transaction Summary
=====================================================================================================================================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)

Total download size: 432 k
Is this ok [y/N]: y
Downloading Packages:
(1/3): python-inotify-0.9.1-1.el5.noarch.rpm                                                                                                                                  |  86 kB     00:00
(2/3): fail2ban-0.8.4-29.el5.noarch.rpm                                                                                                                                       | 136 kB     00:02
(3/3): python-ctypes-1.0.2-3.el5.x86_64.rpm                                                                                                                                   | 210 kB     00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                 71 kB/s | 432 kB     00:06
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : python-ctypes                                                                                                                                                                 1/4
  Installing     : python-inotify                                                                                                                                                                2/4
  Updating       : fail2ban                                                                                                                                                                      3/4
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew
  Cleanup        : fail2ban                                                                                                                                                                      4/4

Dependency Installed:
  python-ctypes.x86_64 0:1.0.2-3.el5                                                               python-inotify.noarch 0:0.9.1-1.el5

Updated:
  fail2ban.noarch 0:0.8.4-29.el5
0
 
LVL 5

Expert Comment

by:1ly4me
ID: 37736865
Seems like error in conf file, check fail2ban log file.
Also check your jail.conf file, If you have done any changes remove it and start fail2ban with default settings.
The new version also supports TCP wrappers, check you hosts.allow and deny files.
0
 

Author Comment

by:shaunwingin
ID: 37736879
tx.
see

[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/touch", 0x7fffc9650980)     = -1 ENOENT (No such file or directory)
stat("/usr/sbin/touch", 0x7fffc9650980) = -1 ENOENT (No such file or directory)
stat("/bin/touch", {st_mode=S_IFREG|0755, st_size=42696, ...}) = 0
access("/bin/touch", X_OK)              = 0
access("/bin/touch", R_OK)              = 0
stat("/bin/touch", {st_mode=S_IFREG|0755, st_size=42696, ...}) = 0
access("/bin/touch", X_OK)              = 0
access("/bin/touch", R_OK)              = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
                                                           [  OK  ]
[root@messaging filter.d]# ps aux | grep fail2ban
root      4658  0.0  0.0 134908  4736 ?        S    10:43   0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
root      5896  0.0  0.0  61216   752 pts/6    S+   11:28   0:00 grep fail2ban
[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban stop
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "stop"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Stopping fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 

Author Comment

by:shaunwingin
ID: 37736911
This is hosts.allow

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
0
 

Author Comment

by:shaunwingin
ID: 37736938
and hosts.deny

#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
0
 

Author Comment

by:shaunwingin
ID: 37736940
fail2ban log file not being updated - as last entry for yesterday.
0
 

Author Comment

by:shaunwingin
ID: 37736942
This is perhaps more usefull. Did a kill - 9 pid for fail2ban

then


[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 

Author Comment

by:shaunwingin
ID: 37736952
Even with yum downgrade still get error:


[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/rm", 0x7fff91ce5170)        = -1 ENOENT (No such file or directory)
stat("/usr/sbin/rm", 0x7fff91ce5170)    = -1 ENOENT (No such file or directory)
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK)                 = 0
access("/bin/rm", R_OK)                 = 0
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK)                 = 0
access("/bin/rm", R_OK)                 = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
0
 

Author Comment

by:shaunwingin
ID: 37736956
This was downgrade:

[root@messaging filter.d]# yum downgrade fail2ban
Loaded plugins: fastestmirror, priorities
Setting up Downgrade Process
Loading mirror speeds from cached hostfile
 * base: ftp.wa.co.za
 * epel: ftp.rediris.es
 * extras: ftp.wa.co.za
 * rpmforge: apt.sw.be
 * updates: ftp.wa.co.za
addons                                                                                                                                                                        | 1.9 kB     00:00
base                                                                                                                                                                          | 1.1 kB     00:00
epel                                                                                                                                                                          | 3.4 kB     00:00
extras                                                                                                                                                                        | 2.1 kB     00:00
pgdg90                                                                                                                                                                        | 2.8 kB     00:00
rpmforge                                                                                                                                                                      | 1.1 kB     00:00
updates                                                                                                                                                                       | 1.9 kB     00:00
Excluding Packages from CentOS-5 - Base
Finished
Excluding Packages from CentOS-5 - Updates
Finished
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.noarch 0:0.8.2-3.el5.rf set to be updated
---> Package fail2ban.noarch 0:0.8.4-29.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================================================
 Package                                       Arch                                        Version                                               Repository                                     Size
=====================================================================================================================================================================================================
Downgrading:
 fail2ban                                      noarch                                      0.8.2-3.el5.rf                                        rpmforge                                      125 k

Transaction Summary
=====================================================================================================================================================================================================
Remove        0 Package(s)
Reinstall     0 Package(s)
Downgrade     1 Package(s)

Total download size: 125 k
Is this ok [y/N]: y
Downloading Packages:
fail2ban-0.8.2-3.el5.rf.noarch.rpm                                                                                                                                            | 125 kB     00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : fail2ban                                                                                                                                                                      1/2
warning: /etc/fail2ban/fail2ban.conf created as /etc/fail2ban/fail2ban.conf.rpmnew
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew
  Cleanup        : fail2ban                                                                                                                                                                      2/2

Removed:
  fail2ban.noarch 0:0.8.4-29.el5

Installed:
  fail2ban.noarch 0:0.8.2-3.el5.rf

Complete!
0
 

Author Comment

by:shaunwingin
ID: 37736975
tail of fail2ban.log (but not updating)
See the errors pls.


Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2012-03-18 15:03:27,872 fail2ban.actions.action: INFO   Set actionUnban =
2012-03-18 15:03:27,872 fail2ban.actions.action: INFO   Set actionCheck =
2012-03-18 15:03:27,875 fail2ban.jail   : INFO   Using Gamin
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Created Filter
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Created FilterGamin
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-03-18 15:03:27,876 fail2ban.filter : INFO   Set maxRetry = 3
2012-03-18 15:03:27,877 fail2ban.filter : INFO   Set findtime = 600
2012-03-18 15:03:27,877 fail2ban.actions: INFO   Set banTime = 31536000
2012-03-18 15:03:27,880 fail2ban.actions.action: INFO   Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2012-03-18 15:03:27,880 fail2ban.actions.action: INFO   Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2012-03-18 15:03:27,881 fail2ban.actions.action: INFO   Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2012-03-18 15:03:27,881 fail2ban.actions.action: INFO   Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2012-03-18 15:03:27,882 fail2ban.actions.action: INFO   Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2012-03-18 15:03:27,895 fail2ban.actions.action: ERROR  iptables -N fail2ban-ASTERISK
iptables -A fail2ban-ASTERISK -j RETURN
iptables -I INPUT -p all -j fail2ban-ASTERISK returned 100
2012-03-18 15:03:27,938 fail2ban.actions.action: ERROR  iptables -N fail2ban-SSH
iptables -A fail2ban-SSH -j RETURN
iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 37737113
Hi,

According to yum output there are 3 files modified by you:

warning: /etc/fail2ban/fail2ban.conf created as /etc/fail2ban/fail2ban.conf.rpmnew
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew

So try to save the current version of these files and restart with rpmnew. versions and restore all three files from them and try to modify. I believe there's something wrong about your config. Otherwise it should be quite a straightforward process..

Cheers,
K.
0
 

Author Comment

by:shaunwingin
ID: 37737614
I've tried what you say KeremE but this is the startup error. Perhaps I'm missing somethng important in the files. Log file doesn't get written.


[root@messaging fail2ban]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 
LVL 19

Assisted Solution

by:Redimido
Redimido earned 167 total points
ID: 37740655
Forget about dtrace for a moment.

what is the result of starting fail2ban by hand?

i.e.
/etc/init.d/fail2ban start

or better yet, the command:
/usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x

if there is an issue it will be printed to screen.

Also you have posted about fail2ban, but not about the rules in iptables making it work.
0
 

Author Comment

by:shaunwingin
ID: 37740856
Tx!
See below. The fail2ban logfile is still not being updated!

[root@messaging fail2ban]# /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
2012-03-20 08:09:41,409 fail2ban.server : INFO   Starting Fail2ban v0.8.4
2012-03-20 08:09:41,410 fail2ban.server : INFO   Starting in daemon mode
[root@messaging fail2ban]# !ps
ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
 9343 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
16599 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
16616 pts/5    S+     0:00 grep fail2ban
[root@messaging fail2ban]#
0
 

Author Comment

by:shaunwingin
ID: 37740859
[root@messaging fail2ban]# /etc/init.d/fail2ban status
Fail2ban (pid 9343) is running...
Status
|- Number of jail:      0
`- Jail list:
[root@messaging fail2ban]#
0
 

Author Comment

by:shaunwingin
ID: 37740942
Pls also send links explaining how to configure the conf files for the version we upgraded to. Tx
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 37741063
It seems that it is where it hangs. Will you please remove fail2ban altogeter and reinstall ?? You can remove it with:

yum remove fail2ban

Open in new window


or

rpm -qa fail2ban | xargs rpm -ev 

Open in new window


and reinstall again after removing all files about it especially in /etc

Cheers,
K.
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 333 total points
ID: 37741175
Hi,

ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ

This is about the dash before ax in ps : )
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 37742013
Tx!
See below. The fail2ban logfile is still not being updated!

Yeah it is not becasue the daemon dies before it tries to touch the files. This is why I am suggesting to remove all files and retry.
0
 

Author Comment

by:shaunwingin
ID: 37749555
Tried uninstalling and deleting /etc/fail2ban but still same issues!
0
 

Author Comment

by:shaunwingin
ID: 37749564
Also yum not installing latest version.
Its CentOS 64 bit system.

Please give details for EPL update. see below.
http://fedoraproject.org/wiki/EPEL#What_packages_and_versions_are_available_in_EPEL.3F
[21:50:57] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.

NOTE: You need to also enable the 'optional' repository to use EPEL packages as they depend on packages in that repository. This can be done by enabling the RHEL optional subchannel for example. (Related profile is located at:/etc/yum.repos.d/epel-testing.repo)
[21:52:24] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.

NOTE: You need to also enable the 'optional' repository to use EPEL packages as they depend on packages in that repository. This can be done by enabling the RHEL optional subchannel for example. (Related profile is located at:/etc/yum.repos.d/epel-testing.repo)
[21:52:37] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.
http://www.fail2ban.org/wiki/index.php/Main_Page
0
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 333 total points
ID: 37750032
Will you start fail2ban client? This way may be it will be printing out more information:
fail2ban-client start

Open in new window


Please post the information here.

Cheers,
K
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now