Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
12-30-2012, 04:45 AM
|
#1
|
|
Member
Registered: Sep 2011
Posts: 296
Rep: 
|
Fail2ban showing error Unable to contact server. Is it running?
We start fail2ban in centos using this command service fail2ban start but when we run service fail2ban status we get as below? What could be the mistake ya? Fail2ban (pid 2810 2813) is running... ERROR Unable to contact server. Is it running? We installed is from the epel source.
|
|
|
|
|
12-30-2012, 09:22 AM
|
#2
|
|
Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,391
|
Quote:
|
Fail2ban (pid 2810 2813) is running... ERROR Unable to contact server. Is it running?
|
Is it running? What gives
Code:
ps -ef|grep fail2ban
If it's running, most likely fail2ban-client cannot find the socket created by the server. Find the socket location from the command above and edit /etc/fail2ban/fail2ban.conf to specify the correct socket location. |
|
|
|
|
12-30-2012, 09:43 AM
|
#3
|
|
Member
Registered: Sep 2011
Posts: 296
Original Poster
Rep:
|
Dear Bathory,
Below is what I get when I run the command.
root 1912 1891 0 07:42 pts/0 00:00:00 grep fail2ban
|
|
|
|
|
12-30-2012, 11:30 AM
|
#4
|
|
Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,391
|
Quote:
Originally Posted by newbie14
Dear Bathory,
Below is what I get when I run the command.
root 1912 1891 0 07:42 pts/0 00:00:00 grep fail2ban
|
So fail2ban is not running. Check the logs under /var/log to see if you get the reason for this.
Regards |
|
|
|
|
12-30-2012, 11:50 AM
|
#5
|
|
Member
Registered: Sep 2011
Posts: 296
Original Poster
Rep:
|
Dear Bathory,
Under which file should I look for clue because I tried search most of the file for fail2ban I cant find much. I have tried /var/log/message but just tells me when it was installed only.
Last edited by newbie14; 12-30-2012 at 11:52 AM.
|
|
|
|
|
12-30-2012, 12:45 PM
|
#6
|
|
Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,391
|
Quote:
Originally Posted by newbie14
Dear Bathory,
Under which file should I look for clue because I tried search most of the file for fail2ban I cant find much. I have tried /var/log/message but just tells me when it was installed only.
|
I'm not running Centos, but from what I've read you should look at /var/log/messages and /var/log/fail2ban.log for logs.
You may also try to start the server in the foreground and see if you get any errors
Code:
fail2ban-server -f -s /var/run/fail2ban/fail2ban.sock
Last edited by bathory; 12-30-2012 at 12:49 PM.
|
|
|
|
|
12-30-2012, 12:54 PM
|
#7
|
|
Member
Registered: Sep 2011
Posts: 296
Original Poster
Rep:
|
Dear Bathory,
I tried this fail2ban-server -f -s /var/run/fail2ban/fail2ban.sock
2012-12-31 10:51:34,239 fail2ban.server : INFO Starting Fail2ban v0.8.4 and I just stuck here. I cant find any folder /var/log/fail2ban.log and /var/log/message have no information only for the installation of fail2ban.
|
|
|
|
|
12-30-2012, 04:06 PM
|
#8
|
|
Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,391
|
Quote:
|
2012-12-31 10:51:34,239 fail2ban.server : INFO Starting Fail2ban v0.8.4 and I just stuck here.
|
That means that fail2ban is running. You can verify it again with
Code:
ps -ef|grep fail2ban
Or use
Code:
fail2ban-client status
Regarding logs dunno what's wrong, but you may review your installation using this howto as a reference
Regards |
|
|
|
|
12-30-2012, 10:18 PM
|
#9
|
|
Member
Registered: Sep 2011
Posts: 296
Original Poster
Rep:
|
Dear Bathory,
I have tried based on your link you gave so looks like it is a must to do the jail.conf copy into jail.local. I did that and then restart the fail2ban all is working well now as you can see below. That mean the missing part was there but what is the reason for the copy and why jail.local is the config file any reason?
Quote:
ps -ef | grep fail2ban
root 2728 1 0 06:38 ? 00:00:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
root 2966 2936 0 06:41 pts/0 00:00:00 grep fail2ban
|
Quote:
fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh-iptables
|
|
|
|
|
|
12-31-2012, 02:44 AM
|
#10
|
|
Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,391
|
Quote:
|
I have tried based on your link you gave so looks like it is a must to do the jail.conf copy into jail.local. I did that and then restart the fail2ban all is working well now as you can see below. That mean the missing part was there but what is the reason for the copy and why jail.local is the config file any reason?
|
It's not mandatory to copy jail.conf to jail.local. You do this because during an upgrade it's possible that the conf file gets overwritten, so you loose your custom settings.
Other than that, I don't see any reason why fail2ban was not starting at first. Maybe you had an error in the original jail.conf that you fixed after editing jail.local.
Anyway, I'm glad it worked. You may mark the thread "Solved" fro the "Thread tools" on top of the page.
Cheers |
|
|
|
|
12-31-2012, 02:57 AM
|
#11
|
|
Member
Registered: Sep 2011
Posts: 296
Original Poster
Rep:
|
Dear Bathory,
No I did not change anything to the copy at all. IS just the original version as it is? Now I am curious I am going to set another machine I think I must do the copy first? But where is the link saying to pick the configuration from jail.copy rather than jail.conf maybe this the one stopping it?
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 12:22 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
