Fail2ban Not Starting After Tried All (Fresh Server Ubuntu 18.04)

Fail2ban not starting on fresh ubuntu server 18.04 but when tried same with vultr it’s working when now in scaleway it’s not working

fail2ban.service - Fail2Ban Service
Loaded: loaded (/etc/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2019-10-12 18:03:52 UTC; 1min 8s ago
Docs: man:fail2ban(1)
Process: 1214 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255)
Process: 1147 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 1214 (code=exited, status=255)

Oct 12 18:03:51 ###### systemd[1]: Starting Fail2Ban Service…
Oct 12 18:03:51 ###### systemd[1]: Started Fail2Ban Service.
Oct 12 18:03:52 ###### fail2ban-server[1214]: Found no accessible config files for ‘filter.d/sshd-ddos’ under /etc/fail2ban
Oct 12 18:03:52 ###### fail2ban-server[1214]: Unable to read the filter ‘sshd-ddos’
Oct 12 18:03:52 ###### fail2ban-server[1214]: Errors in jail ‘ssh-ddos’. Skipping…
Oct 12 18:03:52 ###### fail2ban-server[1214]: No file(s) found for glob /var/log/auth.log
Oct 12 18:03:52 ###### fail2ban-server[1214]: Failed during configuration: Have not found any log file for sshd jail
Oct 12 18:03:52 ###### fail2ban-server[1214]: Async configuration of server failed
Oct 12 18:03:52 ###### systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/n/a
Oct 12 18:03:52 ###### systemd[1]: fail2ban.service: Failed with result ‘exit-code’.

Of the log file snippet you posted, the following seem to suggest where your issue\s lie,

Oct 12 18:03:52 ###### fail2ban-server[1214]: Found no accessible config files for ‘filter.d/sshd-ddos’ under /etc/fail2ban

Oct 12 18:03:52 ###### fail2ban-server[1214]: Unable to read the filter ‘sshd-ddos’

Oct 12 18:03:52 ###### fail2ban-server[1214]: Errors in jail ‘ssh-ddos’.

I would suggest you follow an online guide to set up fail2ban in a basic form and once that is working add additional services to monitor. Something like - https://www.techrepublic.com/article/how-to-install-fail2ban-on-ubuntu-server-18-04/

Post up the contents of you /etc/fail2ban/jail.local file.

I followed the article but i want to stick with default vitualmin fail2ban configuration, this everything was added automatically by this following command

virtualmin config-system --include Fail2banFirewalld

[sshd]

enabled = true
port = ssh

[ssh-ddos]

enabled = true
port = ssh,sftp
filter = sshd-ddos

[webmin-auth]

enabled = true
port = 10000

[proftpd]

enabled = true
port = ftp,ftp-data,ftps,ftps-data

[postfix]

enabled = true
port = smtp,465,submission

[dovecot]

enabled = true
port = pop3,pop3s,imap,imaps,submission,465,sieve

[postfix-sasl]

enabled = true
port = smtp,465,submission,imap3,imaps,pop3,pop3s

Do you have the following file /etc/fail2ban/filter.d/sshd-ddos.conf ? The log snippet you posted,

Oct 12 18:03:52 ###### fail2ban-server[1214]: Found no accessible config files for ‘filter.d/sshd-ddos’ under /etc/fail2ban

suggests you don’t. You can look for the file and it’s contents thru Webmin if you’d prefer that: “Webmin - Networking - Fail2Ban Intrusion Detector - Edit Config File” Pull the drop down to look for the file and Click OK to see the contents.

It should be in the drop down - perhaps your’s isn’t which might explain the log file error about not finding a .conf file. You can also find the /etc/fail2ban/jail.local file thru the drop down in Edit Files.

Yes your right i couldn’t find the file, but when i checked the same in vultr server there also file not exists but in vultr server fail2ban running properly

i think this file does not exist is a problem

##No file(s) found for glob /var/log/auth.log

In my vultr server i have this file but in scaleway server i don’t have

is there any problem in server?

Get the contents of https://github.com/mikechau/fail2ban-configs/blob/master/filter.d/sshd-ddos.conf and create a file with the name sshd-ddos.conf in /etc/fail2ban/filter.d with the same permissions as the other files and see if that makes a difference.

i have that file but it’s name is /etc/fail2ban/filter.d/sshd.conf not /etc/fail2ban/filter.d/sshd-ddos.conf

[sshd]
[proftpd]
[postfix]
[dovecot]

Do you have the above installed and running?

What’s the contents of your jail.local file?

everything running normal, i already posted jail.local file

Also noted,

service rsyslog restart
Failed to restart rsyslog.service: Unit rsyslog.service not found.

is this important?

What version of fail2ban are you running? Use

fail2ban-client -V

to tell you. Sorry - should have asked that 1st as there are differences in the later versions.

I solved the issue by following this article

https://kifarunix.com/how-to-configure-remote-logging-with-rsyslog-on-ubuntu-18-04/

Thank you