Fail2ban does not work

mikayil · November 10, 2023, 2:10pm

root@mcro07:/var/log# systemctl status fail2ban.service
x fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Fri 2023-11-10 14:46:15 CET; 17min ago
Duration: 150ms
Docs: man:fail2ban(1)
Process: 192 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
Main PID: 192 (code=exited, status=255/EXCEPTION)
CPU: 142ms

Nov 10 14:46:15 mcro07 systemd[1]: Started fail2ban.service - Fail2Ban Service.
Nov 10 14:46:15 mcro07 fail2ban-server[192]: 2023-11-10 14:46:15,793 fail2ban.configreader [192]: WARNING ‘allowipv6’ not defined in ‘Definition’. Using default one: ‘auto’
Nov 10 14:46:15 mcro07 fail2ban-server[192]: 2023-11-10 14:46:15,823 fail2ban [192]: ERROR Failed during configuration: Have not found any log file for exim-iptables jail
Nov 10 14:46:15 mcro07 fail2ban-server[192]: 2023-11-10 14:46:15,825 fail2ban [192]: ERROR Async configuration of server failed
Nov 10 14:46:15 mcro07 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Nov 10 14:46:15 mcro07 systemd[1]: fail2ban.service: Failed with result ‘exit-code’.

sahsanu · November 10, 2023, 2:53pm

Did you install exim?

Show the output of these commands:

ls -l /var/log/exim4/mainlog
grep -A4 exim-iptables /etc/fail2ban/jail.local

mikayil · November 10, 2023, 3:13pm

root@mcro07:/etc/fail2ban# ls -l /var/log/exim4/mainlog
grep -A4 exim-iptables /etc/fail2ban/jail.local
-rw-r----- 1 Debian-exim adm 2886 Nov 10 15:46 /var/log/exim4/mainlog
[exim-iptables]
enabled = true
filter = exim
action = hestia[name=MAIL]
logpath = /var/log/exim4/mainlog

sahsanu · November 10, 2023, 3:26pm

That looks fine.

Just to test, edit /etc/fail2ban/jail.local and replace enabled = true to enabled = false

Save the file and restart fail2ban.

systemctl restart fail2ban

mikayil · November 10, 2023, 3:33pm

Unfortunately it did not work out

root@mcro07:/etc/fail2ban# ls -l /var/log/exim4/mainlog
grep -A4 exim-iptables /etc/fail2ban/jail.local
-rw-r----- 1 Debian-exim adm 3856 Nov 10 16:26 /var/log/exim4/mainlog
[exim-iptables]
enabled = false
filter = exim
action = hestia[name=MAIL]
logpath = /var/log/exim4/mainlo

root@mcro07:/etc/fail2ban# systemctl restart fail2ban.service
root@mcro07:/etc/fail2ban# systemctl status fail2ban.service
x fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Fri 2023-11-10 16:31:41 CET; 7s ago
Duration: 112ms
Docs: man:fail2ban(1)
Process: 18771 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
Main PID: 18771 (code=exited, status=255/EXCEPTION)
CPU: 112ms

Nov 10 16:31:41 mcro07.metacortex.at systemd[1]: Started fail2ban.service - Fail2Ban Service.
Nov 10 16:31:41 mcro07.metacortex.at fail2ban-server[18771]: 2023-11-10 16:31:41,425 fail2ban.configreader [18771]: WARNING ‘allowipv6’ not defined in '>
Nov 10 16:31:41 mcro07.metacortex.at fail2ban-server[18771]: 2023-11-10 16:31:41,445 fail2ban [18771]: ERROR Failed during configuration:>
Nov 10 16:31:41 mcro07.metacortex.at fail2ban-server[18771]: 2023-11-10 16:31:41,446 fail2ban [18771]: ERROR Async configuration of serve>
Nov 10 16:31:41 mcro07.metacortex.at systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Nov 10 16:31:41 mcro07.metacortex.at systemd[1]: fail2ban.service: Failed with result ‘exit-code’.

sahsanu · November 10, 2023, 3:43pm

Did you modify in some way /etc/fail2ban/jail.conf and/or /etc/fail2ban/jail.local?

mikayil · November 12, 2023, 9:18pm

how was error log in roundcube deleted now it works again after i created the log file again