Restart /Start not working for some services: iptables and fail2ban

Top · December 14, 2020, 10:25am

hello!

I have installed fresh Hestiacp with this data:
Hestiacp version: v1.3.1
VPS: Oraclecloud free tier with Ubuntu 20.04 Minimal.

After fresh install I review service status and iptables and fail2ban are OFF by default
When clicking the Start or Restart icon they simply don’t restart. Restart or Start button refreshes the page but without the service restarting or start.

I am very amateur with this. This is the code that I have inserted to perform the installation:

sudo apt-get update && apt-get upgrade && apt-get dist-upgrade

Then add 1GB Swap Space

wget https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh

sudo bash hst-install.sh --apache yes --nginx yes --phpfpm yes --multiphp no --vsftpd yes --proftpd no --named yes --mysql yes --postgresql no --exim yes --dovecot yes --clamav no --spamassassin no --iptables yes --fail2ban yes --quota no --api yes --force no --interactive yes --port 8083 --hostname panel.mydomain.com --email [email protected] --password 123456 --lang en

eris · December 14, 2020, 10:38am

Please run from command line:

iptables -L

To check if ip tables is running

systemctl status fail2ban

Then run:

v-start-service iptables
v-start-service fail2ban

Top · December 14, 2020, 10:41am

Thanks for quicky response!

When iptables -L in command line the system said:

ubuntu@panel:~$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all – vpsdomi-472343.sub123456.dominetwork.oraclevcn.com anywhere
ACCEPT all – localhost anywhere
ACCEPT tcp – anywhere anywhere tcp dpt:ssh
ACCEPT tcp – anywhere anywhere multiport dports http,https
ACCEPT tcp – anywhere anywhere multiport dports ftp,12000:12100
ACCEPT udp – anywhere anywhere udp dpt:domain
ACCEPT tcp – anywhere anywhere tcp dpt:domain
ACCEPT tcp – anywhere anywhere multiport dports smtp,submissions,submission
ACCEPT tcp – anywhere anywhere multiport dports pop3,pop3s
ACCEPT tcp – anywhere anywhere multiport dports imap2,imaps
ACCEPT tcp – anywhere anywhere tcp dpt:8083
ACCEPT icmp – anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all – anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
InstanceServices all – anywhere link-local/16
and more…

Then with: > systemctl status fail2ban

ubuntu@panel:~$ systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2020-12-14 10:10:10 UTC; 34min ago
       Docs: man:fail2ban(1)
    Process: 631 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
    Process: 688 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
   Main PID: 688 (code=exited, status=255/EXCEPTION)

eris · December 14, 2020, 11:32am

Ip tables is in deed not loading what happens when you run:

v-start-service iptables
v-start-service fail2ban

(Or use the full path)
/usr/local/hestia/bin/v-start-service iptables
/usr/local/hestia/bin/v-start-service fail2ban

Top · December 14, 2020, 11:53am

Hi eris!
Sorry in am big amateur with this…

when go with: v-start-service iptables

ubuntu@panel:~$ v-start-service iptables
/usr/local/hestia/bin/v-update-firewall: line 24: /usr/local/hestia/conf/hestia.conf: Permission denied
Error: FIREWALL_SYSTEM is not enabled
/usr/local/hestia/func/main.sh: line 92: /usr/local/hestia/log/error.log: Permission denied
Error: ERROR: iptables start failed
/usr/local/hestia/func/main.sh: line 92: /usr/local/hestia/log/error.log: Permission denied

when go with: v-start-service fail2ban

ubuntu@panel:~$ v-start-service fail2ban
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start ‘fail2ban.service’.
Authenticating as: Ubuntu (ubuntu)
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Error: ERROR: fail2ban start failed
/usr/local/hestia/func/main.sh: line 92: /usr/local/hestia/log/error.log: Permission denied
ubuntu@panel:~$

The password in my ubuntu is only ENTER KEY. But it´s strange

eris · December 14, 2020, 12:37pm

sudo -s to become root and then try again

Top · December 14, 2020, 12:52pm

Thanks but with sudo -s not found

ubuntu@panel:~$ sudo -s

root@panel:/home/ubuntu# v-start-service iptables
bash: v-start-service: command not found
root@panel:/home/ubuntu# v-start-service fail2ban
bash: v-start-service: command not found

I think go to new fresh install… maybe I have some data wrong.

eris · December 14, 2020, 1:18pm

/usr/local/hestia/bin/v-start-service iptables
/usr/local/hestia/bin/v-start-service fail2ban

Top · December 14, 2020, 3:35pm

ubuntu@panel:~$ sudo -s
root@panel:/home/ubuntu# /usr/local/hestia/bin/v-start-service iptables
root@panel:/home/ubuntu# /usr/local/hestia/bin/v-start-service fail2ban
root@panel:/home/ubuntu#

Sorry, not view any change in the system:
In panel the two service are off.

Top · December 15, 2020, 11:43am

Format VPS and install Ubuntu 20.04. All working perfect, iptables and fail2ban.
The problem stay with Ubuntu 20.04 minimal.

Sandeep · December 15, 2020, 2:03pm

always try to use debian if you want stability,

Top · December 15, 2020, 4:02pm

Thanks for advice but in oraclecloud no have Debian repro direct to install.

Raphael · December 15, 2020, 4:37pm

Using Ubuntu since 12.04 LTS, never had stability issues to be honest .

Sandeep · December 15, 2020, 5:13pm

using ubuntu 20.04 LTS, update messed up many thing over time like in my previous topic ipv6 is not connecting because networking service have some issues need to restart it after each server reboot (although service is running) to get it fixed.

moved to debian and problems are gone.

Raphael · December 15, 2020, 5:26pm

Using netplan? Never had issues with it, doesnt matter if lxc under proxmox, kvm or physical hosts. All is working as it should.

Sandeep · December 15, 2020, 5:34pm

SolusVM is creating the network script, as networking override is always defaulted after some updates.

Raphael · December 15, 2020, 5:49pm

Well, then it can’t work - Ubuntu 20.04 sticks on netplan, so I suggest to use it. This also would explain your issues you got.

Just to show up that there is no stability problem, if you configure it “properly”.

Sandeep · December 15, 2020, 6:09pm

I know u r ubuntu fan :D, but configs should retain as no one wants to do the same configs after updates, and ubuntu also enable apache2 after some updates which is not needed. And it was disabled previously. What you say about it?

Raphael · December 15, 2020, 6:25pm

Usualy, config stays the same - with that amount of informations, I can’t analyze or say anything about your issues. Just noted, that 20.04 uses netplan.

Also if ubuntu enables apache2, you probaly got a package that added it as dependency. A os, doesnt matter if centos, debian or ubuntu, does not install an apache2 webserver during upgrades without any reason… Just my thoughts and completly not interested in Debian vs. Ubuntu discussion. There was just no reason to declare ubuntu as instable .

Sandeep · December 15, 2020, 7:11pm

Yeahhh for most users they dont able to notice such issues… And yes ubuntu is great and stable, but debian is one step more stable in my opinion.