Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 14th May 2008, 04:50
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default

But now I have problems again LOL =(

I just had to reboot my server and realized that fail2ban wasn't running. So I tried to manually start it and check its status and here is what i get:

Code:
admin@myserver:/$ sudo /etc/init.d/fail2ban start
admin@myserver:/$ sudo /etc/init.d/fail2ban status
 * Status of authentication failure monitor
 *  fail2ban is not runni
No errors in the logs or anything
Reply With Quote
Sponsored Links
  #12  
Old 14th May 2008, 07:00
CavalierDeVache CavalierDeVache is offline
Junior Member
 
Join Date: Aug 2007
Location: Yellowstone Valley
Posts: 4
Thanks: 0
Thanked 1 Time in 1 Post
Default

If you look in the /etc/init.d/fail2ban script near the top of the file you will see that it is looking for the PID file in /tmp/. That has changed and the new location should be /var/run/fail2ban/
Reply With Quote
  #13  
Old 14th May 2008, 14:03
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default

Is this what you are referring to?

Code:
# Ad-hoc way to parse out socket file name
SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.loca$
          | tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
[ -z "$SOCKFILE" ] && SOCKFILE='/tmp/fail2ban.sock'
Reply With Quote
  #14  
Old 14th May 2008, 14:06
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default

I changed it to this:

Code:
# Ad-hoc way to parse out socket file name
SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.loca$
          | tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
[ -z "$SOCKFILE" ] && SOCKFILE='/var/run/fail2ban/fail2ban.sock'
And it still doesn't run. There is no directory /var/run/fail2ban

Code:
admin@myserver:/$ ls -s -h /var/run/fail2ban
ls: cannot access /var/run/fail2ban: No such file or directory
Reply With Quote
  #15  
Old 14th May 2008, 14:09
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default

Okay!

I found this bug

And created /var/run/fail2ban and it was resolved!

Fail2ban now works.

(For now).
Reply With Quote
  #16  
Old 14th May 2008, 21:17
CavalierDeVache CavalierDeVache is offline
Junior Member
 
Join Date: Aug 2007
Location: Yellowstone Valley
Posts: 4
Thanks: 0
Thanked 1 Time in 1 Post
Default

I'm sorry I wasn't more verbose, I was in the middle of sorting 3 or 4 things myself with 8.04.

But there is 1 more problem you will have to deal with, the /var/run directory structure is wiped on every reboot so you will need to create /ver/run/fail2ban from within the init script with a check to see if it already exists.

Here is a snippet of the script where you can see the changes I made to get it to work.
Code:
PATH=/usr/sbin:/usr/bin:/sbin:/bin
DESC="authentication failure monitor"
NAME=fail2ban

# /var/run is emptied on reboot, need to create run directory on startup
FAIL2BANRUNDIR=/var/run/fail2ban
if [ -d $FAIL2BANRUNDIR ]; then
        #do nothing
        echo "Directory '$FAIL2BANRUNDIR' already exists."
else
        mkdir -p $FAIL2BANRUNDIR
fi

# fail2ban-client is not a daemon itself but starts a daemon and
# loads its with configuration
DAEMON=/usr/bin/$NAME-client
SCRIPTNAME=/etc/init.d/$NAME

# Ad-hoc way to parse out socket file name
SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \
          | tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
[ -z "$SOCKFILE" ] && SOCKFILE='/var/run/fail2ban/fail2ban.sock'
Reply With Quote
The Following User Says Thank You to CavalierDeVache For This Useful Post:
bswinnerton (15th May 2008)
  #17  
Old 16th May 2008, 19:04
wheelsofsteel wheelsofsteel is offline
Junior Member
 
Join Date: May 2008
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Strangely, I have found that when I log out and log back in the /var/run/fail2ban dir has gone.

Consequently, I can't start to process. Re-creating the dir seems to do the trick though and the .sock file gets created as expected. Bit strange and never happened on pre 8.04 Ubuntu.
Reply With Quote
  #18  
Old 16th May 2008, 20:12
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
 
Default

Yes its very odd. But I can confirm that CavalierDeVache's way does work. I think that its a bug in fail2ban and they haven't updated the repositories yet.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fail2ban question joelee HOWTO-Related Questions 1 3rd April 2008 20:16
DNS stop working MZH General 3 22nd February 2008 11:10
Finally a working postfix server. But need a easy dns configuration mnewbegin Server Operation 5 17th October 2007 22:35
spamassassin stop working after woody to sarge update shark_tico Server Operation 1 19th October 2006 14:01
ftp not working pesja Installation/Configuration 3 17th July 2006 12:37


All times are GMT +2. The time now is 13:53.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.