• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1516
  • Last Modified:

Linux fail2ban not starting up after yum update on CentOS 5

Say,

This is the current issue:

[root@messaging ~]# service fail2ban status
Fail2ban (pid 30613) is running...

________
It just hangs there - have to hit Cntl-C to proceed.

How can I tell yum to downgrade fail2ban? I upgraded wth yum update fail2ban
How can I remove fail2ban and re-install?
Also how can I debug why its not starting up. It did fine before the yum update.
Tx

Some more info:

[root@messaging ~]# service fail2ban start
Starting fail2ban:      
____
Have to hit Cntl-C to continue and shows an OK.
______

[root@messaging ~]# ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
 4348 pts/6    S+     0:00 grep fail2ban
30613 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
[root@messaging ~]#
_________
[root@messaging ~]# fail2ban-client -V
Fail2Ban v0.8.4

Copyright (c) 2004-2008 Cyril Jaquier
Copyright of modifications held by their respective authors.
Licensed under the GNU General Public License v2 (GPL).

Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
[root@messaging ~]#
0
shaunwingin
Asked:
shaunwingin
3 Solutions
 
n4th4nr1chCommented:
1. ps aux
not ps -ax
for most modern linux systems.


2. yum downgrade packagename
this is how you downgrade to any other versions in your repository
You can also manually downgrade by using rpm.


3. It may also be helpful to install strace
yum install -y strace

then, instead of just using service you can try:
strace -e file /etc/init.d/fail2ban start

That will give you better debugging output.
0
 
shaunwinginAuthor Commented:
Below is yum update of fal2ban
I have edited /etc/fail2ban/jail.conf.rpmnew
=====================================================================================================================================================================================================
 Package                                             Arch                                        Version                                             Repository                                 Size
=====================================================================================================================================================================================================
Updating:
 fail2ban                                            noarch                                      0.8.4-29.el5                                        epel                                      136 k
Installing for dependencies:
 python-ctypes                                       x86_64                                      1.0.2-3.el5                                         base                                      210 k
 python-inotify                                      noarch                                      0.9.1-1.el5                                         epel                                       86 k

Transaction Summary
=====================================================================================================================================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)

Total download size: 432 k
Is this ok [y/N]: y
Downloading Packages:
(1/3): python-inotify-0.9.1-1.el5.noarch.rpm                                                                                                                                  |  86 kB     00:00
(2/3): fail2ban-0.8.4-29.el5.noarch.rpm                                                                                                                                       | 136 kB     00:02
(3/3): python-ctypes-1.0.2-3.el5.x86_64.rpm                                                                                                                                   | 210 kB     00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                 71 kB/s | 432 kB     00:06
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : python-ctypes                                                                                                                                                                 1/4
  Installing     : python-inotify                                                                                                                                                                2/4
  Updating       : fail2ban                                                                                                                                                                      3/4
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew
  Cleanup        : fail2ban                                                                                                                                                                      4/4

Dependency Installed:
  python-ctypes.x86_64 0:1.0.2-3.el5                                                               python-inotify.noarch 0:0.9.1-1.el5

Updated:
  fail2ban.noarch 0:0.8.4-29.el5
0
 
1ly4meCommented:
Seems like error in conf file, check fail2ban log file.
Also check your jail.conf file, If you have done any changes remove it and start fail2ban with default settings.
The new version also supports TCP wrappers, check you hosts.allow and deny files.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
shaunwinginAuthor Commented:
tx.
see

[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/touch", 0x7fffc9650980)     = -1 ENOENT (No such file or directory)
stat("/usr/sbin/touch", 0x7fffc9650980) = -1 ENOENT (No such file or directory)
stat("/bin/touch", {st_mode=S_IFREG|0755, st_size=42696, ...}) = 0
access("/bin/touch", X_OK)              = 0
access("/bin/touch", R_OK)              = 0
stat("/bin/touch", {st_mode=S_IFREG|0755, st_size=42696, ...}) = 0
access("/bin/touch", X_OK)              = 0
access("/bin/touch", R_OK)              = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
                                                           [  OK  ]
[root@messaging filter.d]# ps aux | grep fail2ban
root      4658  0.0  0.0 134908  4736 ?        S    10:43   0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
root      5896  0.0  0.0  61216   752 pts/6    S+   11:28   0:00 grep fail2ban
[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban stop
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "stop"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Stopping fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 
shaunwinginAuthor Commented:
This is hosts.allow

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
0
 
shaunwinginAuthor Commented:
and hosts.deny

#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
0
 
shaunwinginAuthor Commented:
fail2ban log file not being updated - as last entry for yesterday.
0
 
shaunwinginAuthor Commented:
This is perhaps more usefull. Did a kill - 9 pid for fail2ban

then


[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 
shaunwinginAuthor Commented:
Even with yum downgrade still get error:


[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/rm", 0x7fff91ce5170)        = -1 ENOENT (No such file or directory)
stat("/usr/sbin/rm", 0x7fff91ce5170)    = -1 ENOENT (No such file or directory)
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK)                 = 0
access("/bin/rm", R_OK)                 = 0
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK)                 = 0
access("/bin/rm", R_OK)                 = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
0
 
shaunwinginAuthor Commented:
This was downgrade:

[root@messaging filter.d]# yum downgrade fail2ban
Loaded plugins: fastestmirror, priorities
Setting up Downgrade Process
Loading mirror speeds from cached hostfile
 * base: ftp.wa.co.za
 * epel: ftp.rediris.es
 * extras: ftp.wa.co.za
 * rpmforge: apt.sw.be
 * updates: ftp.wa.co.za
addons                                                                                                                                                                        | 1.9 kB     00:00
base                                                                                                                                                                          | 1.1 kB     00:00
epel                                                                                                                                                                          | 3.4 kB     00:00
extras                                                                                                                                                                        | 2.1 kB     00:00
pgdg90                                                                                                                                                                        | 2.8 kB     00:00
rpmforge                                                                                                                                                                      | 1.1 kB     00:00
updates                                                                                                                                                                       | 1.9 kB     00:00
Excluding Packages from CentOS-5 - Base
Finished
Excluding Packages from CentOS-5 - Updates
Finished
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.noarch 0:0.8.2-3.el5.rf set to be updated
---> Package fail2ban.noarch 0:0.8.4-29.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================================================
 Package                                       Arch                                        Version                                               Repository                                     Size
=====================================================================================================================================================================================================
Downgrading:
 fail2ban                                      noarch                                      0.8.2-3.el5.rf                                        rpmforge                                      125 k

Transaction Summary
=====================================================================================================================================================================================================
Remove        0 Package(s)
Reinstall     0 Package(s)
Downgrade     1 Package(s)

Total download size: 125 k
Is this ok [y/N]: y
Downloading Packages:
fail2ban-0.8.2-3.el5.rf.noarch.rpm                                                                                                                                            | 125 kB     00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : fail2ban                                                                                                                                                                      1/2
warning: /etc/fail2ban/fail2ban.conf created as /etc/fail2ban/fail2ban.conf.rpmnew
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew
  Cleanup        : fail2ban                                                                                                                                                                      2/2

Removed:
  fail2ban.noarch 0:0.8.4-29.el5

Installed:
  fail2ban.noarch 0:0.8.2-3.el5.rf

Complete!
0
 
shaunwinginAuthor Commented:
tail of fail2ban.log (but not updating)
See the errors pls.


Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2012-03-18 15:03:27,872 fail2ban.actions.action: INFO   Set actionUnban =
2012-03-18 15:03:27,872 fail2ban.actions.action: INFO   Set actionCheck =
2012-03-18 15:03:27,875 fail2ban.jail   : INFO   Using Gamin
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Created Filter
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Created FilterGamin
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-03-18 15:03:27,876 fail2ban.filter : INFO   Set maxRetry = 3
2012-03-18 15:03:27,877 fail2ban.filter : INFO   Set findtime = 600
2012-03-18 15:03:27,877 fail2ban.actions: INFO   Set banTime = 31536000
2012-03-18 15:03:27,880 fail2ban.actions.action: INFO   Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2012-03-18 15:03:27,880 fail2ban.actions.action: INFO   Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2012-03-18 15:03:27,881 fail2ban.actions.action: INFO   Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2012-03-18 15:03:27,881 fail2ban.actions.action: INFO   Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2012-03-18 15:03:27,882 fail2ban.actions.action: INFO   Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2012-03-18 15:03:27,895 fail2ban.actions.action: ERROR  iptables -N fail2ban-ASTERISK
iptables -A fail2ban-ASTERISK -j RETURN
iptables -I INPUT -p all -j fail2ban-ASTERISK returned 100
2012-03-18 15:03:27,938 fail2ban.actions.action: ERROR  iptables -N fail2ban-SSH
iptables -A fail2ban-SSH -j RETURN
iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
0
 
Kerem ERSOYPresidentCommented:
Hi,

According to yum output there are 3 files modified by you:

warning: /etc/fail2ban/fail2ban.conf created as /etc/fail2ban/fail2ban.conf.rpmnew
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew

So try to save the current version of these files and restart with rpmnew. versions and restore all three files from them and try to modify. I believe there's something wrong about your config. Otherwise it should be quite a straightforward process..

Cheers,
K.
0
 
shaunwinginAuthor Commented:
I've tried what you say KeremE but this is the startup error. Perhaps I'm missing somethng important in the files. Log file doesn't get written.


[root@messaging fail2ban]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
0
 
Gabriel OrozcoSolution ArchitectCommented:
Forget about dtrace for a moment.

what is the result of starting fail2ban by hand?

i.e.
/etc/init.d/fail2ban start

or better yet, the command:
/usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x

if there is an issue it will be printed to screen.

Also you have posted about fail2ban, but not about the rules in iptables making it work.
0
 
shaunwinginAuthor Commented:
Tx!
See below. The fail2ban logfile is still not being updated!

[root@messaging fail2ban]# /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
2012-03-20 08:09:41,409 fail2ban.server : INFO   Starting Fail2ban v0.8.4
2012-03-20 08:09:41,410 fail2ban.server : INFO   Starting in daemon mode
[root@messaging fail2ban]# !ps
ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
 9343 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
16599 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
16616 pts/5    S+     0:00 grep fail2ban
[root@messaging fail2ban]#
0
 
shaunwinginAuthor Commented:
[root@messaging fail2ban]# /etc/init.d/fail2ban status
Fail2ban (pid 9343) is running...
Status
|- Number of jail:      0
`- Jail list:
[root@messaging fail2ban]#
0
 
shaunwinginAuthor Commented:
Pls also send links explaining how to configure the conf files for the version we upgraded to. Tx
0
 
Kerem ERSOYPresidentCommented:
It seems that it is where it hangs. Will you please remove fail2ban altogeter and reinstall ?? You can remove it with:

yum remove fail2ban

Open in new window


or

rpm -qa fail2ban | xargs rpm -ev 

Open in new window


and reinstall again after removing all files about it especially in /etc

Cheers,
K.
0
 
Kerem ERSOYPresidentCommented:
Hi,

ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ

This is about the dash before ax in ps : )
0
 
Kerem ERSOYPresidentCommented:
Tx!
See below. The fail2ban logfile is still not being updated!

Yeah it is not becasue the daemon dies before it tries to touch the files. This is why I am suggesting to remove all files and retry.
0
 
shaunwinginAuthor Commented:
Tried uninstalling and deleting /etc/fail2ban but still same issues!
0
 
shaunwinginAuthor Commented:
Also yum not installing latest version.
Its CentOS 64 bit system.

Please give details for EPL update. see below.
http://fedoraproject.org/wiki/EPEL#What_packages_and_versions_are_available_in_EPEL.3F
[21:50:57] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.

NOTE: You need to also enable the 'optional' repository to use EPEL packages as they depend on packages in that repository. This can be done by enabling the RHEL optional subchannel for example. (Related profile is located at:/etc/yum.repos.d/epel-testing.repo)
[21:52:24] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.

NOTE: You need to also enable the 'optional' repository to use EPEL packages as they depend on packages in that repository. This can be done by enabling the RHEL optional subchannel for example. (Related profile is located at:/etc/yum.repos.d/epel-testing.repo)
[21:52:37] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.
http://www.fail2ban.org/wiki/index.php/Main_Page
0
 
Kerem ERSOYPresidentCommented:
Will you start fail2ban client? This way may be it will be printing out more information:
fail2ban-client start

Open in new window


Please post the information here.

Cheers,
K
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now