Want to subscribe to topics you're interested in?
Become a Member

Security Fail2ban Randomly Stopping without any error

Discussion in 'System Administration' started by Fernando, Aug 16, 2017.

Tags:
  1. Fernando

    Fernando New Member

    17
    4
    3
    Jul 21, 2017
    Ratings:
    +5
    Local Time:
    12:16 AM
    1.13.3
    10.1.25
    • CentOS Version: CentOS 7
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.13.4
    • PHP Version Installed: PHP 7.0.21
    • MariaDB MySQL Version Installed: mysql Ver 15.1 Distrib 10.1.26-MariaDB
    • When was last time updated Centmin Mod code base ? : 1 day ago
    • Persistent Config:

      Code:
      LETSENCRYPT_DETECT='y'
      ACMEDEBUG='y'
    Hi, I followed all the instructions from GitHub - centminmod/centminmod-fail2ban: fail2ban setup for centminmod.com LEMP stack with CSF Firewall

    Everything appears to work properly, IP's are getting BAN and Unban however, randomly fail2ban stops working without any error.

    Fail2Ban v0.10.1dev1
    These are the last entries of the last shutdown:

    Code:
    2017-08-12 23:46:57,951 fail2ban.filter         [8730]: INFO    [nginx-get-f5] Found 186.96.84.184 - 2017-08-12 23:46:57
    2017-08-12 23:51:42,579 fail2ban.filter         [8730]: INFO    [nginx-get-f5] Found 66.249.64.85 - 2017-08-12 23:51:42
    2017-08-13 00:21:27,767 fail2ban.filter         [8730]: INFO    [nginx-get-f5] Found 66.249.65.130 - 2017-08-13 00:21:27
    2017-08-13 00:48:06,667 fail2ban.server         [8730]: INFO    Stopping all jails
    2017-08-13 00:48:07,084 fail2ban.actions        [8730]: NOTICE  [nginx-badrequests] Unban 89.145.95.78
    2017-08-13 00:48:07,113 fail2ban.actions        [8730]: NOTICE  [ssh-iptables] Flush ticket(s) with iptables
    2017-08-13 00:48:07,117 fail2ban.jail           [8730]: INFO    Jail 'nginx-auth-main' stopped
    2017-08-13 00:48:07,220 fail2ban.jail           [8730]: INFO    Jail 'wordpress-comment' stopped
    2017-08-13 00:48:07,221 fail2ban.jail           [8730]: INFO    Jail 'wordpress-pingback-repeat' stopped
    2017-08-13 00:48:07,221 fail2ban.jail           [8730]: INFO    Jail 'nginx-req-limit-repeat' stopped
    2017-08-13 00:48:07,221 fail2ban.jail           [8730]: INFO    Jail 'ssh-iptables' stopped
    2017-08-13 00:48:07,221 fail2ban.jail           [8730]: INFO    Jail 'shells' stopped
    2017-08-13 00:48:07,221 fail2ban.jail           [8730]: INFO    Jail 'nginx-common' stopped
    2017-08-13 00:48:07,222 fail2ban.jail           [8730]: INFO    Jail 'nginx-botsearch' stopped
    2017-08-13 00:48:07,222 fail2ban.jail           [8730]: INFO    Jail 'wordpress-pingback' stopped
    2017-08-13 00:48:07,222 fail2ban.jail           [8730]: INFO    Jail 'nginx-req-limit-main' stopped
    2017-08-13 00:48:07,222 fail2ban.jail           [8730]: INFO    Jail 'wordpress-auth' stopped
    2017-08-13 00:48:07,222 fail2ban.jail           [8730]: INFO    Jail 'wordpress-fail2ban-plugin' stopped
    2017-08-13 00:48:07,222 fail2ban.jail           [8730]: INFO    Jail 'nginx-auth' stopped
    2017-08-13 00:48:07,222 fail2ban.jail           [8730]: INFO    Jail 'nginx-conn-limit' stopped
    2017-08-13 00:48:07,223 fail2ban.jail           [8730]: INFO    Jail 'vbulletin' stopped
    2017-08-13 00:48:07,651 fail2ban.jail           [8730]: INFO    Jail 'nginx-badrequests' stopped
    2017-08-13 00:48:07,652 fail2ban.jail           [8730]: INFO    Jail 'nginx-req-limit' stopped
    2017-08-13 00:48:07,652 fail2ban.jail           [8730]: INFO    Jail 'nginx-get-f5' stopped
    2017-08-13 00:48:07,652 fail2ban.jail           [8730]: INFO    Jail 'nginx-xmlrpc' stopped
    2017-08-13 00:48:07,652 fail2ban.database       [8730]: INFO    Connection to database closed.
    2017-08-13 00:48:07,653 fail2ban.server         [8730]: INFO    Exiting Fail2ban
    
    I'm not sure how to determine why this is failing or how to debug the issue as there are no errors.

    Do you have any suggestion about this issue or how I can debug it?
    Thank you,
    Best Regards
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,579
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,275
    Local Time:
    4:16 PM
    Nginx 1.13.x
    MariaDB 5.5
    strange indeed wouldn't know off the top of my head. First thing would be to check fail2ban github issue tracker to see if there are similarly reported bugs here.

    Also check fail2ban via systemd logging
    Code (Text):
    journalctl -ru fail2ban --no-pager
    
     
    Last edited: Aug 16, 2017
  3. Fernando

    Fernando New Member

    17
    4
    3
    Jul 21, 2017
    Ratings:
    +5
    Local Time:
    12:16 AM
    1.13.3
    10.1.25
    Hi,

    Thank you! :) I will check and see what the problem might be.

    Best Regards