1 Topic by gabriel.negreiros

  • gabriel.negreiros
  • Member
  • Offline
  • Registered: 2017-10-07
  • Posts: 6

Topic: Fail2ban doesn't work!

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
======== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

My fail2ban is not working. It does not register the logs correctly, and has been installed with the scripts provided by IRedMail. Can someone help me?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Fail2ban doesn't work!

Any log in Fail2ban log file or /var/log/message while you restart Fail2ban service?

3 Reply by gabriel.negreiros

  • gabriel.negreiros
  • Member
  • Offline
  • Registered: 2017-10-07
  • Posts: 6

Re: Fail2ban doesn't work!

There is no registers on  /var/log/fail2ban.log

My /var/log/messages is:

Oct  9 11:38:07 ip-172-31-34-16 systemd: Starting Fail2Ban Service...
Oct  9 11:38:07 ip-172-31-34-16 fail2ban-client: 2017-10-09 11:38:07,618 fail2ban.server         [8774]: INFO    Starting Fail2ban v0.9.6
Oct  9 11:38:07 ip-172-31-34-16 fail2ban-client: 2017-10-09 11:38:07,618 fail2ban.server         [8774]: INFO    Starting in daemon mode
Oct  9 11:38:07 ip-172-31-34-16 systemd: Started Fail2Ban Service.
Oct  9 11:38:11 ip-172-31-34-16 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=172.31.34.16 DST=66.228.42.59 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=16714 DF PROTO=UDP SPT=40712 DPT=123 LEN=56 UID=998 GID=996
Oct  9 11:38:11 ip-172-31-34-16 systemd: Starting Clean amavisd tmp folder...
Oct  9 11:38:11 ip-172-31-34-16 systemd: Starting Clean amavisd quarantine folder...
Oct  9 11:38:11 ip-172-31-34-16 systemd: Started Clean amavisd tmp folder.
Oct  9 11:38:11 ip-172-31-34-16 systemd: Started Clean amavisd quarantine folder.
Oct  9 11:38:19 ip-172-31-34-16 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=172.31.34.16 DST=96.244.96.19 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=49907 DF PROTO=UDP SPT=58606 DPT=123 LEN=56 UID=998 GID=996

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Fail2ban doesn't work!

Please try this:

- Stop fail2ban service first.
- Run fail2ban manually:

fail2ban-client -x start

Any error on console and log files under /var/log/?

5 Reply by gabriel.negreiros

  • gabriel.negreiros
  • Member
  • Offline
  • Registered: 2017-10-07
  • Posts: 6

Re: Fail2ban doesn't work!

No, in the console the outputs seems correct, after the stopping of the service and the command "fail2ban-client -x start":
[root@ip-xxxxxxx ~]# fail2ban-client -x start
2017-10-10 13:56:05,709 fail2ban.server         [13830]: INFO    Starting Fail2ban v0.9.6
2017-10-10 13:56:05,709 fail2ban.server         [13830]: INFO    Starting in daemon mode

There is still no logging in the logs, and the /var/log/fail2ban.log file remains empty.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Fail2ban doesn't work!

Try to increase log level in Fail2ban, restart it and monitor its log file again. There should be more details.

7 Reply by gabriel.negreiros

  • gabriel.negreiros
  • Member
  • Offline
  • Registered: 2017-10-07
  • Posts: 6

Re: Fail2ban doesn't work!

Ok, done. Now i got this fro the "systemctl restart fail2ban":

● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Qua 2017-10-11 13:44:10 -03; 3s ago
     Docs: man:fail2ban(1)
  Process: 8833 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
  Process: 28246 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
Main PID: 8776 (code=killed, signal=TERM)

Out 11 13:44:10 ip-172-31-34-16.vpcdefault.interno systemd[1]: fail2ban.service: control process exited, code=exited status=255
Out 11 13:44:10 ip-172-31-34-16.vpcdefault.interno systemd[1]: Failed to start Fail2Ban Service.
Out 11 13:44:10 ip-172-31-34-16.vpcdefault.interno systemd[1]: Unit fail2ban.service entered failed state.
Out 11 13:44:10 ip-172-31-34-16.vpcdefault.interno systemd[1]: fail2ban.service failed.
Out 11 13:44:10 ip-172-31-34-16.vpcdefault.interno systemd[1]: fail2ban.service holdoff time over, scheduling restart.
Out 11 13:44:10 ip-172-31-34-16.vpcdefault.interno systemd[1]: start request repeated too quickly for fail2ban.service
Out 11 13:44:10 ip-172-31-34-16.vpcdefault.interno systemd[1]: Failed to start Fail2Ban Service.
Out 11 13:44:10 ip-172-31-34-16.vpcdefault.interno systemd[1]: Unit fail2ban.service entered failed state.
Out 11 13:44:10 ip-172-31-34-16.vpcdefault.interno systemd[1]: fail2ban.service failed.

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Fail2ban doesn't work!

If you run command "/usr/bin/fail2ban-client -x start" manually, any error on console?

9 Reply by zcl

  • zcl
  • Member
  • Offline
  • Registered: 2016-10-18
  • Posts: 4

Re: Fail2ban doesn't work!

gabriel.negreiros wrote:

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
======== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

My fail2ban is not working. It does not register the logs correctly, and has been installed with the scripts provided by IRedMail. Can someone help me?

---
1. check service run status
2. if service start failed,  check fail2ban log (maybe in /var/log/fail2*.log), or directly use  fail2ban command start ( find it in fail2ban.service file) ,than check stdout message.

10 Reply by gabriel.negreiros

  • gabriel.negreiros
  • Member
  • Offline
  • Registered: 2017-10-07
  • Posts: 6

Re: Fail2ban doesn't work!

This is the output:

[root@ip-172-31-34-16 ~]# /usr/bin/fail2ban-client -x start
2017-10-13 10:25:30,859 fail2ban.server         [14300]: INFO    Starting Fail2ban v0.9.6
2017-10-13 10:25:30,859 fail2ban.server         [14300]: INFO    Starting in daemon mode

There is no errors. I think it's some error from the scripts of fail2ban provided by IRedMail