Fail2ban not starting after update to 5.2

Status
Not open for further replies.
H

Herbert Whistlefjord

New Member
Feb 1, 2017
28
1
3
107
I think this started happening after 5.1->5.2 update yesterday, as I still have a banned IP listed so definitely was working:

Code: 
Chain sip-auth-ip (1 references)
target     prot opt source               destination         
DROP       0    --  193.107.216.241      0.0.0.0/0

but today I am unable to start the fail2ban service.

Code: 
Feb 20 17:23:53 ukwpbx systemd[1]: Started fail2ban.service - Fail2Ban Service.
Feb 20 17:23:53 ukwpbx fail2ban-server[52545]: 2024-02-20 17:23:53,954 fail2ban.configreader   [52545]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Feb 20 17:23:53 ukwpbx fail2ban-server[52545]: 2024-02-20 17:23:53,966 fail2ban                [52545]: ERROR   Failed during configuration: Have not found any log file for fusionpbx jail
Feb 20 17:23:53 ukwpbx fail2ban-server[52545]: 2024-02-20 17:23:53,971 fail2ban                [52545]: ERROR   Async configuration of server failed
Feb 20 17:23:53 ukwpbx systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 20 17:23:53 ukwpbx systemd[1]: fail2ban.service: Failed with result 'exit-code'.

The relevant section is:
Code: 
[fusionpbx]
enabled  = true
port     = 80,443
protocol = tcp
filter   = fusionpbx
logpath  = /var/log/auth.log
action   = iptables-allports[name=fusionpbx, protocol=all]
#          sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
maxretry = 20
findtime = 60
bantime  = 3600

This won't work because /var/log/auth.log isn't there on Debian 12.

It matches https://github.com/fusionpbx/fusionpbx-install.sh/blob/master/debian/resources/fail2ban/jail.local so my question is where does "fusionpbx" [whatever that is] actually log to? systemd?
 
H

Herbert Whistlefjord

New Member
Feb 1, 2017
28
1
3
107
Something else, I can't see how sip-auth-ip relates to fail2ban? Maybe it doesn't!

Code: 
root@ukwpbx:/etc/fail2ban# grep  sip-auth-ip `find -type f`
root@ukwpbx:/etc/fail2ban#
 
H

Herbert Whistlefjord

New Member
Feb 1, 2017
28
1
3
107
allowipv6 is 'warning' not 'error'. 'error'-level events prevent the service from starting, 'warning' does not.
I "fixed" the fusionpbx jail by commenting out the logfile and setting backend=systemd just to get fail2ban running BUT I don't know if this is the correct thing to do. If fusionpbx events are not logged to systemd then fail2ban will never see them and I will just a have a "false sense of security".
 
H

Herbert Whistlefjord

New Member
Feb 1, 2017
28
1
3
107
Jimbob said:
I have mentioned this in another post. If you install rsyslog you will get the log files back.
Click to expand...
[From the other post that I can't reply to Because Reasons]:
Jimbob said:
I think your issue may have been that some cloud providers use a minimal version of Debian 12. I am fairly sure I've had a similar issue with fail2ban and installing rsyslog solved the problem.
Click to expand...

This was with an install of Debian 12 with just the SSH "task" chosen, using the stock 12.5 ISO downloaded from the Debian project - doesn't pull in rsyslog, so it's not just a cloudy thing.
If FusionPBX depends on rsyslog then it should install it.
 
Status
Not open for further replies.
Top Bottom