Virtualmin reporting Fail2ban service diferently on 22.0.4 vs 20.04.5?

rexdog1 · December 8, 2022, 5:57pm

I have two seperate servers running Virtualmin, one on 20.04.05, and the other on 22.04.1 (details below). I monitor both with Zabbix which shows the 22.04.01 F2b as Down when in fact it is not.

After looking in to it I see that both F2b services are up and running, but 22.04.1 reports it as “1” and 20.04.05 reports it as “0”. This causes Zabbix to alert an error on one of the servers and not the other.

I noticed that one shows the PID as “f2b/server” and the other as “fail2ban-server”.

Any ideas why they report differently?

.

20.04.5:

root@redacted:~# ps -x | grep fail2ban
  51552 ?        Ssl   65:28 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
1337921 pts/0    S+     0:00 grep --color=auto fail2ban

22.04.1:

root@redacted:~# ps -x | grep fail2ban
  40373 ?        Ssl    6:33 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
 131491 pts/1    R+     0:00 grep --color=auto fail2ban

Both services are up and are activly banning attacking IPs:
(The output is a bit different, guessing due to one being “Pro” version and one not?)

22.04.1:

root@redacted:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2022-12-07 18:10:00 PST; 15h ago
       Docs: man:fail2ban(1)
   Main PID: 40373 (fail2ban-server)
      Tasks: 19 (limit: 19118)
     Memory: 17.3M
        CPU: 6min 44.754s
     CGroup: /system.slice/fail2ban.service
             └─40373 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Dec 07 18:10:00 redacted.com systemd[1]: Started Fail2Ban Service.
Dec 07 18:10:01 redacted.com fail2ban-server[40373]: Server ready

20.04.5:

root@redacted:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/etc/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/fail2ban.service.d
             └─override.conf
     Active: active (running) since Thu 2022-12-08 09:33:13 PST; 49s ago
       Docs: man:fail2ban(1)
    Process: 1345685 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
    Process: 1345694 ExecStartPost=/bin/sh -c while ! [ -S /run/fail2ban/fail2ban.sock ]; do sleep 1; done (code=exited, status=0/SUCCESS)
    Process: 1345849 ExecStartPost=/bin/chgrp fail2ban /run/fail2ban/fail2ban.sock (code=exited, status=0/SUCCESS)
    Process: 1345850 ExecStartPost=/bin/chmod g+w /run/fail2ban/fail2ban.sock (code=exited, status=0/SUCCESS)
   Main PID: 1345693 (f2b/server)
      Tasks: 19 (limit: 19140)
     Memory: 18.2M
     CGroup: /system.slice/fail2ban.service
             └─1345693 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Dec 08 09:33:12 redacted.com fail2ban-server[1345693]: Server ready
Dec 08 09:33:13 redacted.com systemd[1]: Started Fail2Ban Service.

Systems Details:

20.04.5 Server:

|  SYSTEM INFORMATION||
|----------------------|---------------------------|
|  OS type and version |     Ubuntu Linux 20.04.5     |
|  Webmin version      |     2.001      |
|  Usermin version     |     1.860     |
|  Virtualmin version  |     7.3-1  Pro       |
|  Theme version       |     20.02      |
|  Package updates     |     All installed packages are up to date   |

22.04.1:

|  SYSTEM INFORMATION||
|----------------------|---------------------------|
|  OS type and version |     Ubuntu Linux 22.04.1     |
|  Webmin version      |     2.001      |
|  Usermin version     |     1.860     |
|  Virtualmin version  |     7.3-1       |
|  Theme version       |     20.01.1:5      |
|  Package updates     |     All installed packages are up to date   |

Joe · December 8, 2022, 6:23pm

What does Virtualmin have to do with this question? I mean, you’re welcome to ask it here, but if I’m reading your question right, Virtualmin isn’t involved in it at all…it’s between Zabbix and Fail2ban, neither of which are packages we provide (fail2ban in a Virtualmin installation comes from your OS vendor repos).

rexdog1 · December 8, 2022, 7:03pm

Understood, but actually its more to do with 22.04 vs 20.04 and the way Virtualmin installs / configures Fail2ban. I only mentioned Zabbix beacuse thats how I discovered this.

I thought maybe there is / was an obvious difference or change to the way Virtualmin or Ubuntu installs / configures F2b in the newer version. Was hoping there is a simple fix that is well known, but maybe not.

Its possible that this is all expected behavior, I dont know hence the question. If so the fix would be with the Zabbix Template(s).

Maybe the 0 vs 1 reporting is configurabe in Virtualmin? I dont know…

Joe · December 8, 2022, 7:31pm

Virtualmin has nothing to do with it. Not our package. Our configuration doesn’t alter the systemd unit file, which is where statuses come from. And, what fail2ban configuration we do is pretty much identical across all supported distros and versions, we just install it, enable it, and turn on some jails.

Really, this has nothing to do with Virtualmin. I promise.

dimitrist · December 8, 2022, 8:53pm

so, 22.04.1 runs default service file as it should :

/lib/systemd/system/fail2ban.service

while 20.04.5 uses some (modified?) override.conf for fail2ban service/unit file. maybe that’s where you should look…

as i can see from latest debian and as @Joe points out, webmin doesn’t mess with fail2ban service file provided by OS… uses defaults just like your 22.04.1 details.

rexdog1 · December 9, 2022, 1:26am

Understood, you can close this

system · February 7, 2023, 1:27am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.