LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Fail2ban showing error Unable to contact server. Is it running? (http://www.linuxquestions.org/questions/linux-security-4/fail2ban-showing-error-unable-to-contact-server-is-it-running-4175443451/)

newbie14 12-30-2012 04:45 AM

Fail2ban showing error Unable to contact server. Is it running?
 
We start fail2ban in centos using this command service fail2ban start but when we run service fail2ban status we get as below? What could be the mistake ya? Fail2ban (pid 2810 2813) is running... ERROR Unable to contact server. Is it running? We installed is from the epel source.

bathory 12-30-2012 09:22 AM

Quote:

Fail2ban (pid 2810 2813) is running... ERROR Unable to contact server. Is it running?
Is it running? What gives
Code:

ps -ef|grep fail2ban
If it's running, most likely fail2ban-client cannot find the socket created by the server. Find the socket location from the command above and edit /etc/fail2ban/fail2ban.conf to specify the correct socket location.

newbie14 12-30-2012 09:43 AM

Dear Bathory,
Below is what I get when I run the command.

root 1912 1891 0 07:42 pts/0 00:00:00 grep fail2ban

bathory 12-30-2012 11:30 AM

Quote:

Originally Posted by newbie14 (Post 4859523)
Dear Bathory,
Below is what I get when I run the command.

root 1912 1891 0 07:42 pts/0 00:00:00 grep fail2ban

So fail2ban is not running. Check the logs under /var/log to see if you get the reason for this.

Regards

newbie14 12-30-2012 11:50 AM

Dear Bathory,
Under which file should I look for clue because I tried search most of the file for fail2ban I cant find much. I have tried /var/log/message but just tells me when it was installed only.

bathory 12-30-2012 12:45 PM

Quote:

Originally Posted by newbie14 (Post 4859591)
Dear Bathory,
Under which file should I look for clue because I tried search most of the file for fail2ban I cant find much. I have tried /var/log/message but just tells me when it was installed only.

I'm not running Centos, but from what I've read you should look at /var/log/messages and /var/log/fail2ban.log for logs.
You may also try to start the server in the foreground and see if you get any errors
Code:

fail2ban-server -f -s /var/run/fail2ban/fail2ban.sock

newbie14 12-30-2012 12:54 PM

Dear Bathory,
I tried this fail2ban-server -f -s /var/run/fail2ban/fail2ban.sock
2012-12-31 10:51:34,239 fail2ban.server : INFO Starting Fail2ban v0.8.4 and I just stuck here. I cant find any folder /var/log/fail2ban.log and /var/log/message have no information only for the installation of fail2ban.

bathory 12-30-2012 04:06 PM

Quote:

2012-12-31 10:51:34,239 fail2ban.server : INFO Starting Fail2ban v0.8.4 and I just stuck here.
That means that fail2ban is running. You can verify it again with
Code:

ps -ef|grep fail2ban
Or use
Code:

fail2ban-client status
Regarding logs dunno what's wrong, but you may review your installation using this howto as a reference

Regards

newbie14 12-30-2012 10:18 PM

Dear Bathory,
I have tried based on your link you gave so looks like it is a must to do the jail.conf copy into jail.local. I did that and then restart the fail2ban all is working well now as you can see below. That mean the missing part was there but what is the reason for the copy and why jail.local is the config file any reason?

Quote:

ps -ef | grep fail2ban
root 2728 1 0 06:38 ? 00:00:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
root 2966 2936 0 06:41 pts/0 00:00:00 grep fail2ban
Quote:

fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh-iptables

bathory 12-31-2012 02:44 AM

Quote:

I have tried based on your link you gave so looks like it is a must to do the jail.conf copy into jail.local. I did that and then restart the fail2ban all is working well now as you can see below. That mean the missing part was there but what is the reason for the copy and why jail.local is the config file any reason?
It's not mandatory to copy jail.conf to jail.local. You do this because during an upgrade it's possible that the conf file gets overwritten, so you loose your custom settings.
Other than that, I don't see any reason why fail2ban was not starting at first. Maybe you had an error in the original jail.conf that you fixed after editing jail.local.
Anyway, I'm glad it worked. You may mark the thread "Solved" fro the "Thread tools" on top of the page.

Cheers

newbie14 12-31-2012 02:57 AM

Dear Bathory,
No I did not change anything to the copy at all. IS just the original version as it is? Now I am curious I am going to set another machine I think I must do the copy first? But where is the link saying to pick the configuration from jail.copy rather than jail.conf maybe this the one stopping it?


All times are GMT -5. The time now is 12:00 AM.