Fail2ban no longer detected and will not start

simon1066 · October 17, 2023, 9:07am

SYSTEM INFORMATION
OS type and version	AlmaLinux 8.8
Webmin version	2.101
Usermin version	2.001
Virtualmin version	7.8.2
Theme version	21.09
Package updates	All installed packages are up to date

I noticed that my fail2ban.log stopped rotating 6 months ago, the log size is now over 3GB (I believe this was related to my CentOS 7 to Alma 8 upgrade using Alma Elevate). I then set up a new log rotate with:

/var/log/fail2ban.log {
	missingok
	weekly
	rotate 4
	compress
	postrotate
	systemctl restart fail2ban.service 1>/dev/null
	endscript
}

‘Rotate Now’ failed with

Failed to restart fail2ban.service: Unit fail2ban.service not found.
error: error running non-shared postrotate script for /var/log/fail2ban.log of '/var/log/fail2ban.log ’

Webmin > Networking > Fail2Ban Intrusion Detector gives

An error occurred detecting Fail2Ban on this system : The configuration file fail2ban.conf in /etc/fail2ban does not exist. Either it is not installed, or the module configuration is incorrect.
The Fail2Ban package can be automatically installed by Webmin using YUM.
Install Now

A 2nd VPS, updated to Alma in the same way, gives this same error when accessing Webmin > Networking > Fail2Ban Intrusion Detector - without me fiddling with logrotate.

The Fail2ban files I have are:

[root@server1 /]# find . -name "fail2ban*"
./var/lib/fail2ban
./var/lib/fail2ban/fail2ban.sqlite3.20200803-161403
./var/lib/fail2ban/fail2ban.sqlite3
./var/lib/selinux/targeted/active/modules/100/fail2ban
./var/log/fail2ban.log-20231016
./var/log/fail2ban.log
./var/log/fail2ban.log-20231017
./var/webmin/modules/fail2ban
./etc/fail2ban
./etc/webmin/fail2ban
./etc/logrotate.d/fail2ban.log.conf
./usr/libexec/webmin/fail2ban
./usr/libexec/webmin/fail2ban/fail2ban-lib.pl
./usr/libexec/webmin/status/fail2ban-monitor.pl
./usr/share/selinux/targeted/default/active/modules/100/fail2ban

(the above /etc/logrotate.d/fail2ban.log.conf is my new logrotate file)

and my Fail2ban module config is:

fail

I was able to restart Fail2ban with a reboot, but feel I still need to setup a logrotate for fail2ban.log. The log file emptied but is now gathering data. My 2nd VPS, in the same position and which I haven’t touched, still has its >3GB log file.

Is it best to reinstall Fail2ban and if so how would I do that?

ADDISON74 · October 17, 2023, 9:41am

You can check if the fail2ban package is installed, there is a command for that. As the listing shows, I immediately noticed the lack of important directories such as

/usr/bin
/sur/share/doc
/usr/share/man

is clearly incomplete. You have no executable files. My opinion that something happened in this car and the fail2ban installation was affected. You can check in the logs what installations/uninstallations have been done.

As a tip, use VirtualBox, VMware, to create a virtual machine with the same configuration as the one in production. When problems arise you check them immediately in this test environment.

simon1066 · October 17, 2023, 12:18pm

Thanks. I ran dnf install fail2ban fail2ban-firewalld which added/installed the missing files and all now seems well.

I’ll also look in to the VM option, it would be good to have a dev environment to test things on.

system · December 16, 2023, 12:19pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.