Fail2Ban doesn't start

Hello, in my Ubuntu 16.04 LTS unfortunately if I go in the Webmin --> Networking --> Fail2Bain Intrusion Detector --> Start Fail2Ban Server the result is: Error

Failed to start server : Starting fail2ban (via systemctl): fail2ban.serviceJob for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details. failed!

If I launch in the command line systemctl status fail2ban.service the result is:

● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: inactive (dead) (Result: exit-code) since Mon 2017-09-11 15:50:29 UTC; 3min 45s ago
     Docs: man:fail2ban(1)
  Process: 18516 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)

Sep 11 15:50:29 cloud1.wpfast.eu systemd[1]: fail2ban.service: Control process exited, code=exited status=255
Sep 11 15:50:29 cloud1.wpfast.eu systemd[1]: Failed to start Fail2Ban Service.
Sep 11 15:50:29 cloud1.wpfast.eu systemd[1]: fail2ban.service: Unit entered failed state.
Sep 11 15:50:29 cloud1.wpfast.eu systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Sep 11 15:50:29 cloud1.wpfast.eu systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart.
Sep 11 15:50:29 cloud1.wpfast.eu systemd[1]: Stopped Fail2Ban Service.
Sep 11 15:50:29 cloud1.wpfast.eu systemd[1]: fail2ban.service: Start request repeated too quickly.
Sep 11 15:50:29 cloud1.wpfast.eu systemd[1]: Failed to start Fail2Ban Service.

Please could anyone help me to resolve this problem? Thank you in advance for your help. Best Mike

Status: 
Active

Comments

Howdy -- it looks like that's a fairly generic error that it's giving you there.

If you look in /var/log/fail2ban.log just after trying to start it, do you see a more descriptive error there?

Hi Andrey, thanks for your help. The file /var/log/fail2ban.log is empty, but the file /var/log/fail2ban.log.1 returns me:

2017-09-07 07:52:51,328 fail2ban.server         [9923]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.3
2017-09-07 07:52:51,334 fail2ban.database       [9923]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2017-09-07 07:52:51,435 fail2ban.database       [9923]: WARNING New database created. Version '2'
2017-09-07 07:52:51,436 fail2ban.jail           [9923]: INFO    Creating new jail 'sshd'
2017-09-07 07:52:51,483 fail2ban.jail           [9923]: INFO    Jail 'sshd' uses pyinotify
2017-09-07 07:52:51,494 fail2ban.filter         [9923]: INFO    Set jail log file encoding to UTF-8
2017-09-07 07:52:51,498 fail2ban.jail           [9923]: INFO    Initiated 'pyinotify' backend
2017-09-07 07:52:51,502 fail2ban.filter         [9923]: INFO    Set maxRetry = 5
2017-09-07 07:52:51,502 fail2ban.filter         [9923]: INFO    Set jail log file encoding to UTF-8
2017-09-07 07:52:51,503 fail2ban.actions        [9923]: INFO    Set banTime = 600
2017-09-07 07:52:51,505 fail2ban.filter         [9923]: INFO    Set findtime = 600
2017-09-07 07:52:51,507 fail2ban.filter         [9923]: INFO    Added logfile = /var/log/auth.log
2017-09-07 07:52:51,510 fail2ban.filter         [9923]: INFO    Set maxlines = 10
2017-09-07 07:52:51,567 fail2ban.server         [9923]: INFO    Jail sshd is not a JournalFilter instance
2017-09-07 07:52:51,573 fail2ban.jail           [9923]: INFO    Jail 'sshd' started
2017-09-07 07:52:52,955 fail2ban.server         [9923]: INFO    Stopping all jails
2017-09-07 07:52:53,795 fail2ban.jail           [9923]: INFO    Jail 'sshd' stopped
2017-09-07 07:52:53,813 fail2ban.server         [9923]: INFO    Exiting Fail2ban

Thanks Mike

Hmm, I'm not seeing any helpful errors there either.

Did Fail2ban work in the past? Or is now the first time you've tried to get it working?

Also, are you by chance running OpenVZ?

And what is the output of this command:

dmesg | tail -30

I've 2 vps. 1 with Ubuntu 14.04 with Virtualmin Pro works fine, Fail2Bain never had a problem. The other, new fresh install, with Ubuntu 16.04 have problems with Fail2Ban and ProFTPD. But never until this new Ubuntu 16.04 take me so much headache. :-( No the datacenter that I use has switched to KVM 2 years ago. The result of dmesg | tail -30 is

[    4.371882] md: If you don't use raid, use raid=noautodetect
[    4.373332] md: Autodetecting RAID arrays.
[    4.374075] md: Scanned 0 and added 0 devices.
[    4.375028] md: autorun ...
[    4.375754] md: ... autorun DONE.
[    4.377634] EXT4-fs (sda): couldn't mount as ext3 due to feature incompatibilities
[    4.388219] EXT4-fs (sda): mounted filesystem with ordered data mode. Opts: (null)
[    4.389726] VFS: Mounted root (ext4 filesystem) readonly on device 8:0.
[    4.392435] devtmpfs: mounted
[    4.394937] Freeing unused kernel memory: 1616K (ffffffff82380000 - ffffffff82514000)
[    4.396310] Write protecting the kernel read-only data: 18432k
[    4.397571] Freeing unused kernel memory: 268K (ffff880001bbd000 - ffff880001c00000)
[    4.404327] Freeing unused kernel memory: 1992K (ffff88000200e000 - ffff880002200000)
[    4.414151] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[    4.481480] systemd[1]: systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN)
[    4.485084] systemd[1]: Detected virtualization qemu.
[    4.485914] systemd[1]: Detected architecture x86-64.
[    4.488356] systemd[1]: Set hostname to <cloud1.wpfast.eu>.
[    4.628398] systemd[1]: Created slice User and Session Slice.
[    4.630595] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point.
[    4.633650] systemd[1]: Listening on /dev/initctl Compatibility Named Pipe.
[    4.635809] systemd[1]: Listening on Journal Socket.
[    4.637572] systemd[1]: Reached target Encrypted Volumes.
[    4.639252] systemd[1]: Listening on Journal Socket (/dev/log).
[    4.928453] EXT4-fs (sda): re-mounted. Opts: usrquota,errors=remount-ro,grpquota,quota,data=ordered
[    4.976100] systemd-journald[2055]: Received request to flush runtime journal from PID 1
[    5.892562] Adding 524284k swap on /dev/sdb.  Priority:-1 extents:1 across:524284k FS
[    5.923986] 8021q: adding VLAN 0 to HW filter on device eth0
[    6.223032] random: crng init done
[  395.375000] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.

Thanks. Mike

That all looks good so far, I'm not seeing any issues there either.

Could you paste in the contents of your /etc/fail2ban/jail.local file?

here the contents of /etc/fail2ban/jail.local

[sshd]

enabled = true
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

[ssh-ddos]

enabled = true
port    = ssh,sftp
filter  = sshd-ddos
log_path = %{sshd_log}s

[webmin-auth]

enabled = true
port    = 10000
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s

[proftpd]

enabled  = true
port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(proftpd_log)s
backend  = %(proftpd_backend)s

[postfix]

enabled  = true
port     = smtp,465,submission
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s

[dovecot]

enabled = true
port    = pop3,pop3s,imap,imaps,submission,465,sieve
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s

[postfix-sasl]

enabled  = true
port     = smtp,465,submission,imap3,imaps,pop3,pop3s
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s

Okay, nothing there jumps out on me.

Joe is looking into this issue on another system now to try and sort out what's going on there, as we have seen that same issue on other Ubuntu servers.