Avatar of Shaun Wingrin
Shaun Wingrin
Flag for South Africa asked on

Linux fail2ban not starting up after yum update on CentOS 5

Say,

This is the current issue:

[root@messaging ~]# service fail2ban status
Fail2ban (pid 30613) is running...

________
It just hangs there - have to hit Cntl-C to proceed.

How can I tell yum to downgrade fail2ban? I upgraded wth yum update fail2ban
How can I remove fail2ban and re-install?
Also how can I debug why its not starting up. It did fine before the yum update.
Tx

Some more info:

[root@messaging ~]# service fail2ban start
Starting fail2ban:      
____
Have to hit Cntl-C to continue and shows an OK.
______

[root@messaging ~]# ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
 4348 pts/6    S+     0:00 grep fail2ban
30613 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
[root@messaging ~]#
_________
[root@messaging ~]# fail2ban-client -V
Fail2Ban v0.8.4

Copyright (c) 2004-2008 Cyril Jaquier
Copyright of modifications held by their respective authors.
Licensed under the GNU General Public License v2 (GPL).

Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
[root@messaging ~]#
LinuxLinux OS DevLinux DistributionsLinux Networking

Avatar of undefined
Last Comment
Kerem ERSOY

8/22/2022 - Mon
n4th4nr1ch

1. ps aux
not ps -ax
for most modern linux systems.


2. yum downgrade packagename
this is how you downgrade to any other versions in your repository
You can also manually downgrade by using rpm.


3. It may also be helpful to install strace
yum install -y strace

then, instead of just using service you can try:
strace -e file /etc/init.d/fail2ban start

That will give you better debugging output.
Shaun Wingrin

ASKER
Below is yum update of fal2ban
I have edited /etc/fail2ban/jail.conf.rpmnew
=====================================================================================================================================================================================================
 Package                                             Arch                                        Version                                             Repository                                 Size
=====================================================================================================================================================================================================
Updating:
 fail2ban                                            noarch                                      0.8.4-29.el5                                        epel                                      136 k
Installing for dependencies:
 python-ctypes                                       x86_64                                      1.0.2-3.el5                                         base                                      210 k
 python-inotify                                      noarch                                      0.9.1-1.el5                                         epel                                       86 k

Transaction Summary
=====================================================================================================================================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)

Total download size: 432 k
Is this ok [y/N]: y
Downloading Packages:
(1/3): python-inotify-0.9.1-1.el5.noarch.rpm                                                                                                                                  |  86 kB     00:00
(2/3): fail2ban-0.8.4-29.el5.noarch.rpm                                                                                                                                       | 136 kB     00:02
(3/3): python-ctypes-1.0.2-3.el5.x86_64.rpm                                                                                                                                   | 210 kB     00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                 71 kB/s | 432 kB     00:06
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : python-ctypes                                                                                                                                                                 1/4
  Installing     : python-inotify                                                                                                                                                                2/4
  Updating       : fail2ban                                                                                                                                                                      3/4
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew
  Cleanup        : fail2ban                                                                                                                                                                      4/4

Dependency Installed:
  python-ctypes.x86_64 0:1.0.2-3.el5                                                               python-inotify.noarch 0:0.9.1-1.el5

Updated:
  fail2ban.noarch 0:0.8.4-29.el5
1ly4me

Seems like error in conf file, check fail2ban log file.
Also check your jail.conf file, If you have done any changes remove it and start fail2ban with default settings.
The new version also supports TCP wrappers, check you hosts.allow and deny files.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Shaun Wingrin

ASKER
tx.
see

[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/touch", 0x7fffc9650980)     = -1 ENOENT (No such file or directory)
stat("/usr/sbin/touch", 0x7fffc9650980) = -1 ENOENT (No such file or directory)
stat("/bin/touch", {st_mode=S_IFREG|0755, st_size=42696, ...}) = 0
access("/bin/touch", X_OK)              = 0
access("/bin/touch", R_OK)              = 0
stat("/bin/touch", {st_mode=S_IFREG|0755, st_size=42696, ...}) = 0
access("/bin/touch", X_OK)              = 0
access("/bin/touch", R_OK)              = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
                                                           [  OK  ]
[root@messaging filter.d]# ps aux | grep fail2ban
root      4658  0.0  0.0 134908  4736 ?        S    10:43   0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
root      5896  0.0  0.0  61216   752 pts/6    S+   11:28   0:00 grep fail2ban
[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban stop
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "stop"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Stopping fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
Shaun Wingrin

ASKER
This is hosts.allow

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
Shaun Wingrin

ASKER
and hosts.deny

#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Shaun Wingrin

ASKER
fail2ban log file not being updated - as last entry for yesterday.
Shaun Wingrin

ASKER
This is perhaps more usefull. Did a kill - 9 pid for fail2ban

then


[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
Shaun Wingrin

ASKER
Even with yum downgrade still get error:


[root@messaging filter.d]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban/filter.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/rm", 0x7fff91ce5170)        = -1 ENOENT (No such file or directory)
stat("/usr/sbin/rm", 0x7fff91ce5170)    = -1 ENOENT (No such file or directory)
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK)                 = 0
access("/bin/rm", R_OK)                 = 0
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK)                 = 0
access("/bin/rm", R_OK)                 = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Shaun Wingrin

ASKER
This was downgrade:

[root@messaging filter.d]# yum downgrade fail2ban
Loaded plugins: fastestmirror, priorities
Setting up Downgrade Process
Loading mirror speeds from cached hostfile
 * base: ftp.wa.co.za
 * epel: ftp.rediris.es
 * extras: ftp.wa.co.za
 * rpmforge: apt.sw.be
 * updates: ftp.wa.co.za
addons                                                                                                                                                                        | 1.9 kB     00:00
base                                                                                                                                                                          | 1.1 kB     00:00
epel                                                                                                                                                                          | 3.4 kB     00:00
extras                                                                                                                                                                        | 2.1 kB     00:00
pgdg90                                                                                                                                                                        | 2.8 kB     00:00
rpmforge                                                                                                                                                                      | 1.1 kB     00:00
updates                                                                                                                                                                       | 1.9 kB     00:00
Excluding Packages from CentOS-5 - Base
Finished
Excluding Packages from CentOS-5 - Updates
Finished
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.noarch 0:0.8.2-3.el5.rf set to be updated
---> Package fail2ban.noarch 0:0.8.4-29.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================================================
 Package                                       Arch                                        Version                                               Repository                                     Size
=====================================================================================================================================================================================================
Downgrading:
 fail2ban                                      noarch                                      0.8.2-3.el5.rf                                        rpmforge                                      125 k

Transaction Summary
=====================================================================================================================================================================================================
Remove        0 Package(s)
Reinstall     0 Package(s)
Downgrade     1 Package(s)

Total download size: 125 k
Is this ok [y/N]: y
Downloading Packages:
fail2ban-0.8.2-3.el5.rf.noarch.rpm                                                                                                                                            | 125 kB     00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : fail2ban                                                                                                                                                                      1/2
warning: /etc/fail2ban/fail2ban.conf created as /etc/fail2ban/fail2ban.conf.rpmnew
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew
  Cleanup        : fail2ban                                                                                                                                                                      2/2

Removed:
  fail2ban.noarch 0:0.8.4-29.el5

Installed:
  fail2ban.noarch 0:0.8.2-3.el5.rf

Complete!
Shaun Wingrin

ASKER
tail of fail2ban.log (but not updating)
See the errors pls.


Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2012-03-18 15:03:27,872 fail2ban.actions.action: INFO   Set actionUnban =
2012-03-18 15:03:27,872 fail2ban.actions.action: INFO   Set actionCheck =
2012-03-18 15:03:27,875 fail2ban.jail   : INFO   Using Gamin
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Created Filter
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Created FilterGamin
2012-03-18 15:03:27,875 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-03-18 15:03:27,876 fail2ban.filter : INFO   Set maxRetry = 3
2012-03-18 15:03:27,877 fail2ban.filter : INFO   Set findtime = 600
2012-03-18 15:03:27,877 fail2ban.actions: INFO   Set banTime = 31536000
2012-03-18 15:03:27,880 fail2ban.actions.action: INFO   Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2012-03-18 15:03:27,880 fail2ban.actions.action: INFO   Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2012-03-18 15:03:27,881 fail2ban.actions.action: INFO   Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2012-03-18 15:03:27,881 fail2ban.actions.action: INFO   Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2012-03-18 15:03:27,882 fail2ban.actions.action: INFO   Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2012-03-18 15:03:27,895 fail2ban.actions.action: ERROR  iptables -N fail2ban-ASTERISK
iptables -A fail2ban-ASTERISK -j RETURN
iptables -I INPUT -p all -j fail2ban-ASTERISK returned 100
2012-03-18 15:03:27,938 fail2ban.actions.action: ERROR  iptables -N fail2ban-SSH
iptables -A fail2ban-SSH -j RETURN
iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
Kerem ERSOY

Hi,

According to yum output there are 3 files modified by you:

warning: /etc/fail2ban/fail2ban.conf created as /etc/fail2ban/fail2ban.conf.rpmnew
warning: /etc/fail2ban/filter.d/vsftpd.conf created as /etc/fail2ban/filter.d/vsftpd.conf.rpmnew
warning: /etc/fail2ban/jail.conf created as /etc/fail2ban/jail.conf.rpmnew

So try to save the current version of these files and restart with rpmnew. versions and restore all three files from them and try to modify. I believe there's something wrong about your config. Otherwise it should be quite a straightforward process..

Cheers,
K.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Shaun Wingrin

ASKER
I've tried what you say KeremE but this is the startup error. Perhaps I'm missing somethng important in the files. Log file doesn't get written.


[root@messaging fail2ban]# strace -e file /etc/init.d/fail2ban start
execve("/etc/init.d/fail2ban", ["/etc/init.d/fail2ban", "start"], [/* 27 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libtermcap.so.2", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY)     = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/dev/tty", O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY)         = 3
stat("/etc/fail2ban", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 3
open("/etc/init.d/fail2ban", O_RDONLY)  = 3
stat("/etc/init.d/functions", {st_mode=S_IFREG|0755, st_size=14291, ...}) = 0
access("/etc/init.d/functions", X_OK)   = 0
access("/etc/init.d/functions", R_OK)   = 0
open("/etc/init.d/functions", O_RDONLY) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
stat("/etc/sysconfig/i18n", {st_mode=S_IFREG|0644, st_size=47, ...}) = 0
stat("/etc/profile.d/lang.sh", {st_mode=S_IFREG|0755, st_size=3466, ...}) = 0
access("/etc/profile.d/lang.sh", X_OK)  = 0
access("/etc/profile.d/lang.sh", R_OK)  = 0
open("/etc/profile.d/lang.sh", O_RDONLY) = 3
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
stat("/etc/sysconfig/init", {st_mode=S_IFREG|0644, st_size=1068, ...}) = 0
access("/etc/sysconfig/init", X_OK)     = -1 EACCES (Permission denied)
access("/etc/sysconfig/init", R_OK)     = 0
open("/etc/sysconfig/init", O_RDONLY)   = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/fail2ban/fail2ban.conf", {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
Starting fail2ban: --- SIGCHLD (Child exited) @ 0 (0) ---
SOLUTION
Gabriel Orozco

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Shaun Wingrin

ASKER
Tx!
See below. The fail2ban logfile is still not being updated!

[root@messaging fail2ban]# /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
2012-03-20 08:09:41,409 fail2ban.server : INFO   Starting Fail2ban v0.8.4
2012-03-20 08:09:41,410 fail2ban.server : INFO   Starting in daemon mode
[root@messaging fail2ban]# !ps
ps -ax | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
 9343 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
16599 ?        S      0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
16616 pts/5    S+     0:00 grep fail2ban
[root@messaging fail2ban]#
Shaun Wingrin

ASKER
[root@messaging fail2ban]# /etc/init.d/fail2ban status
Fail2ban (pid 9343) is running...
Status
|- Number of jail:      0
`- Jail list:
[root@messaging fail2ban]#
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Shaun Wingrin

ASKER
Pls also send links explaining how to configure the conf files for the version we upgraded to. Tx
Kerem ERSOY

It seems that it is where it hangs. Will you please remove fail2ban altogeter and reinstall ?? You can remove it with:

yum remove fail2ban

Open in new window


or

rpm -qa fail2ban | xargs rpm -ev 

Open in new window


and reinstall again after removing all files about it especially in /etc

Cheers,
K.
SOLUTION
Kerem ERSOY

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Kerem ERSOY

Tx!
See below. The fail2ban logfile is still not being updated!

Yeah it is not becasue the daemon dies before it tries to touch the files. This is why I am suggesting to remove all files and retry.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Shaun Wingrin

ASKER
Tried uninstalling and deleting /etc/fail2ban but still same issues!
Shaun Wingrin

ASKER
Also yum not installing latest version.
Its CentOS 64 bit system.

Please give details for EPL update. see below.
http://fedoraproject.org/wiki/EPEL#What_packages_and_versions_are_available_in_EPEL.3F
[21:50:57] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.

NOTE: You need to also enable the 'optional' repository to use EPEL packages as they depend on packages in that repository. This can be done by enabling the RHEL optional subchannel for example. (Related profile is located at:/etc/yum.repos.d/epel-testing.repo)
[21:52:24] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.

NOTE: You need to also enable the 'optional' repository to use EPEL packages as they depend on packages in that repository. This can be done by enabling the RHEL optional subchannel for example. (Related profile is located at:/etc/yum.repos.d/epel-testing.repo)
[21:52:37] Hillel: EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled, there is also a 'epel-testing' repository that contains packages that are not yet deemed stable.
http://www.fail2ban.org/wiki/index.php/Main_Page
ASKER CERTIFIED SOLUTION
Kerem ERSOY

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.