LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-30-2012, 04:45 AM   #1
newbie14
Member
 
Registered: Sep 2011
Posts: 403

Rep: Reputation: Disabled
Fail2ban showing error Unable to contact server. Is it running?


We start fail2ban in centos using this command service fail2ban start but when we run service fail2ban status we get as below? What could be the mistake ya? Fail2ban (pid 2810 2813) is running... ERROR Unable to contact server. Is it running? We installed is from the epel source.
 
Old 12-30-2012, 09:22 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,884

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
Fail2ban (pid 2810 2813) is running... ERROR Unable to contact server. Is it running?
Is it running? What gives
Code:
ps -ef|grep fail2ban
If it's running, most likely fail2ban-client cannot find the socket created by the server. Find the socket location from the command above and edit /etc/fail2ban/fail2ban.conf to specify the correct socket location.
 
Old 12-30-2012, 09:43 AM   #3
newbie14
Member
 
Registered: Sep 2011
Posts: 403

Original Poster
Rep: Reputation: Disabled
Dear Bathory,
Below is what I get when I run the command.

root 1912 1891 0 07:42 pts/0 00:00:00 grep fail2ban
 
Old 12-30-2012, 11:30 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,884

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
Originally Posted by newbie14 View Post
Dear Bathory,
Below is what I get when I run the command.

root 1912 1891 0 07:42 pts/0 00:00:00 grep fail2ban
So fail2ban is not running. Check the logs under /var/log to see if you get the reason for this.

Regards
 
Old 12-30-2012, 11:50 AM   #5
newbie14
Member
 
Registered: Sep 2011
Posts: 403

Original Poster
Rep: Reputation: Disabled
Dear Bathory,
Under which file should I look for clue because I tried search most of the file for fail2ban I cant find much. I have tried /var/log/message but just tells me when it was installed only.

Last edited by newbie14; 12-30-2012 at 11:52 AM.
 
Old 12-30-2012, 12:45 PM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,884

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
Originally Posted by newbie14 View Post
Dear Bathory,
Under which file should I look for clue because I tried search most of the file for fail2ban I cant find much. I have tried /var/log/message but just tells me when it was installed only.
I'm not running Centos, but from what I've read you should look at /var/log/messages and /var/log/fail2ban.log for logs.
You may also try to start the server in the foreground and see if you get any errors
Code:
fail2ban-server -f -s /var/run/fail2ban/fail2ban.sock

Last edited by bathory; 12-30-2012 at 12:49 PM.
 
Old 12-30-2012, 12:54 PM   #7
newbie14
Member
 
Registered: Sep 2011
Posts: 403

Original Poster
Rep: Reputation: Disabled
Dear Bathory,
I tried this fail2ban-server -f -s /var/run/fail2ban/fail2ban.sock
2012-12-31 10:51:34,239 fail2ban.server : INFO Starting Fail2ban v0.8.4 and I just stuck here. I cant find any folder /var/log/fail2ban.log and /var/log/message have no information only for the installation of fail2ban.
 
Old 12-30-2012, 04:06 PM   #8
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,884

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
2012-12-31 10:51:34,239 fail2ban.server : INFO Starting Fail2ban v0.8.4 and I just stuck here.
That means that fail2ban is running. You can verify it again with
Code:
ps -ef|grep fail2ban
Or use
Code:
fail2ban-client status
Regarding logs dunno what's wrong, but you may review your installation using this howto as a reference

Regards
 
Old 12-30-2012, 10:18 PM   #9
newbie14
Member
 
Registered: Sep 2011
Posts: 403

Original Poster
Rep: Reputation: Disabled
Dear Bathory,
I have tried based on your link you gave so looks like it is a must to do the jail.conf copy into jail.local. I did that and then restart the fail2ban all is working well now as you can see below. That mean the missing part was there but what is the reason for the copy and why jail.local is the config file any reason?

Quote:
ps -ef | grep fail2ban
root 2728 1 0 06:38 ? 00:00:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
root 2966 2936 0 06:41 pts/0 00:00:00 grep fail2ban
Quote:
fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh-iptables
 
Old 12-31-2012, 02:44 AM   #10
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,884

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
I have tried based on your link you gave so looks like it is a must to do the jail.conf copy into jail.local. I did that and then restart the fail2ban all is working well now as you can see below. That mean the missing part was there but what is the reason for the copy and why jail.local is the config file any reason?
It's not mandatory to copy jail.conf to jail.local. You do this because during an upgrade it's possible that the conf file gets overwritten, so you loose your custom settings.
Other than that, I don't see any reason why fail2ban was not starting at first. Maybe you had an error in the original jail.conf that you fixed after editing jail.local.
Anyway, I'm glad it worked. You may mark the thread "Solved" fro the "Thread tools" on top of the page.

Cheers
 
Old 12-31-2012, 02:57 AM   #11
newbie14
Member
 
Registered: Sep 2011
Posts: 403

Original Poster
Rep: Reputation: Disabled
Dear Bathory,
No I did not change anything to the copy at all. IS just the original version as it is? Now I am curious I am going to set another machine I think I must do the copy first? But where is the link saying to pick the configuration from jail.copy rather than jail.conf maybe this the one stopping it?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
GConf Error: Failed to contact configuration server qwijibow Linux - Software 10 03-25-2013 01:09 PM
User unable to login to the server, Showing blank screen abhay1983 Linux - Server 1 06-08-2012 03:42 AM
Error unable to contact time server treborblack Fedora 4 02-13-2010 05:26 AM
samba unable to contact ldap server vishesh Linux - Server 3 10-26-2009 09:25 AM
fail2ban.server : ERROR Unexpected communication error roy-arne Linux - Server 4 04-12-2009 04:43 PM


All times are GMT -5. The time now is 09:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration