Fail2ban Not Starting After Tried All (Fresh Server Ubuntu 18.04)

12 posts / 0 new
Topic locked
Last post
#1 Sat, 10/12/2019 - 13:13
digitalwordings

Fail2ban Not Starting After Tried All (Fresh Server Ubuntu 18.04)

Fail2ban not starting on fresh ubuntu server 18.04 but when tried same with vultr it's working when now in scaleway it's not working

fail2ban.service - Fail2Ban Service Loaded: loaded (/etc/systemd/system/fail2ban.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sat 2019-10-12 18:03:52 UTC; 1min 8s ago Docs: man:fail2ban(1) Process: 1214 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255) Process: 1147 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS) Main PID: 1214 (code=exited, status=255)

Oct 12 18:03:51 ###### systemd[1]: Starting Fail2Ban Service... Oct 12 18:03:51 ###### systemd[1]: Started Fail2Ban Service. Oct 12 18:03:52 ###### fail2ban-server[1214]: Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban Oct 12 18:03:52 ###### fail2ban-server[1214]: Unable to read the filter 'sshd-ddos' Oct 12 18:03:52 ###### fail2ban-server[1214]: Errors in jail 'ssh-ddos'. Skipping... Oct 12 18:03:52 ###### fail2ban-server[1214]: No file(s) found for glob /var/log/auth.log Oct 12 18:03:52 ###### fail2ban-server[1214]: Failed during configuration: Have not found any log file for sshd jail Oct 12 18:03:52 ###### fail2ban-server[1214]: Async configuration of server failed Oct 12 18:03:52 ###### systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/n/a Oct 12 18:03:52 ###### systemd[1]: fail2ban.service: Failed with result 'exit-code'.

Sat, 10/12/2019 - 13:42
Dibs

Of the log file snippet you posted, the following seem to suggest where your issue\s lie,

Oct 12 18:03:52 ###### fail2ban-server[1214]: Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban

Oct 12 18:03:52 ###### fail2ban-server[1214]: Unable to read the filter 'sshd-ddos'

Oct 12 18:03:52 ###### fail2ban-server[1214]: Errors in jail 'ssh-ddos'.

I would suggest you follow an online guide to set up fail2ban in a basic form and once that is working add additional services to monitor. Something like - https://www.techrepublic.com/article/how-to-install-fail2ban-on-ubuntu-s...

Post up the contents of you /etc/fail2ban/jail.local file.

Sat, 10/12/2019 - 13:55
digitalwordings

I followed the article but i want to stick with default vitualmin fail2ban configuration, this everything was added automatically by this following command

virtualmin config-system --include Fail2banFirewalld

[sshd]

enabled = true port = ssh

[ssh-ddos]

enabled = true port = ssh,sftp filter = sshd-ddos

[webmin-auth]

enabled = true port = 10000

[proftpd]

enabled = true port = ftp,ftp-data,ftps,ftps-data

[postfix]

enabled = true port = smtp,465,submission

[dovecot]

enabled = true port = pop3,pop3s,imap,imaps,submission,465,sieve

[postfix-sasl]

enabled = true port = smtp,465,submission,imap3,imaps,pop3,pop3s

Sat, 10/12/2019 - 14:38
Dibs

Do you have the following file /etc/fail2ban/filter.d/sshd-ddos.conf ? The log snippet you posted,

Oct 12 18:03:52 ###### fail2ban-server[1214]: Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban

suggests you don't. You can look for the file and it's contents thru Webmin if you'd prefer that: "Webmin - Networking - Fail2Ban Intrusion Detector - Edit Config File" Pull the drop down to look for the file and Click OK to see the contents.

It should be in the drop down - perhaps your's isn't which might explain the log file error about not finding a .conf file. You can also find the /etc/fail2ban/jail.local file thru the drop down in Edit Files.

Sat, 10/12/2019 - 15:05
digitalwordings

Yes your right i couldn't find the file, but when i checked the same in vultr server there also file not exists but in vultr server fail2ban running properly

Sat, 10/12/2019 - 15:14
Dibs

Get the contents of https://github.com/mikechau/fail2ban-configs/blob/master/filter.d/sshd-d... and create a file with the name sshd-ddos.conf in /etc/fail2ban/filter.d with the same permissions as the other files and see if that makes a difference.

Sat, 10/12/2019 - 15:19 (Reply to #6)
digitalwordings

i have that file but it's name is /etc/fail2ban/filter.d/sshd.conf not /etc/fail2ban/filter.d/sshd-ddos.conf

Sat, 10/12/2019 - 15:41 (Reply to #7)
Dibs

What version of fail2ban are you running? Use

fail2ban-client -V

to tell you. Sorry - should have asked that 1st as there are differences in the later versions.

Sat, 10/12/2019 - 15:09
digitalwordings

i think this file does not exist is a problem

No file(s) found for glob /var/log/auth.log

In my vultr server i have this file but in scaleway server i don't have

is there any problem in server?

Sat, 10/12/2019 - 15:22
Dibs

[sshd] [proftpd] [postfix] [dovecot]

Do you have the above installed and running?

What's the contents of your jail.local file?

Sat, 10/12/2019 - 15:31
digitalwordings

everything running normal, i already posted jail.local file

Also noted,

service rsyslog restart Failed to restart rsyslog.service: Unit rsyslog.service not found.

is this important?

Sat, 10/12/2019 - 15:43
digitalwordings

I solved the issue by following this article

https://kifarunix.com/how-to-configure-remote-logging-with-rsyslog-on-ub...

Thank you

Topic locked