Fail2Ban cannot start due to logs
Hi there,
I am following all the Linode's tutorials in order to put my server online and secure it.
But as the guide I am following does not mentions this error, I would like to know if someone could help me on this matter, please.
Now I am stuck while configuring Fail2Ban.
I can´t start the service both via sudo systemctl start fail2ban
and sudo fail2ban-client start
.
Here an error happens:
2023-02-08 14:31:39,279 fail2ban [1495]: ERROR Failed during >configuration: Have not found any log file for selinux-ssh jail
I can see some lines regarding selinux in my jail.local file, but even commenting them does not resolves the issue.
The systemctl status fail2ban
command returns the below output:
× fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2023-02-08 14:33:51 >-03; 2min 37s ago
Docs: man:fail2ban(1)
Process: 1537 ExecStart=/usr/bin/fail2ban-server -xf start >(code=exited, status=255/EXCEPTION)
Main PID: 1537 (code=exited, status=255/EXCEPTION)
CPU: 313ms
Thanks in advance for any help.
Obs: the section regarding Selinux in my jail.local file is as below:
[selinux-ssh]
port = ssh
logpath = %(auditd_log)s
3 Replies
It appears as though the resolution to this issue is still in development. However, you can find the current workarounds in this comment on the GitHub issue:
- either disable such jail;
- or switch to systemd-journal;
- or create such log-file (before fail2ban starting and in logrotate script);
- or create empty file and add its name as last name in logpath like ?> - below (so at least one path can be valid):
[jail]
logpath = %(known/logpath)s
/etc/fail2ban/emptylog
- But note that at the moment newly created files are not picked up by fail2ban unless it (or the jail) is restarted.
[selinux-ssh]
port = ssh
logpath = %(auditd_log)s
fail2ban
is probably looking for file in the logpath you've defined there. The big idea is that that suite of python code monitors log files and reacts to ban users after some number of authentication errors have been generated.
The location which you have there defined is going to depend on both your auditd(8) service well as your ssh_selinux(8) policy being configured correctly. These things are not exactly trivial to do.
There are some easier answers in reach. You could change the location, or change how the program handles missing locations. One idea would be to change your backend to so that fail2ban
handles missing files a bit more gracefully. This is outlined in our guide on setting the thing up in the section on configuring the backend. In your jail.local
backend = systemd
could be all you need. Another option would be to disable that jail in particular, removing that one section of your jail.local
, or dumping all of your jail.local modifications and running its defaults. You could even extend the value of the logpath configuration option to include
logpath = %(auditd_log)s
/etc/fail2ban/emptylog
with that emptylog
file being something you create. be sure to restart your fail2ban
service after any of these changes. Good luck!
resources:
Thanks for the link, I will try to resolve it. I also would like to help you by sharing the https://caknowledge.com/best-essay-writing-service-review/ website link with you where you can find reviews for an essay writing service. If you are not so good at choosing the best essay writer then you can visit over there where you can find the best essay writing service easily.