Fail2Ban failed to restart. Debian 7, 64bit.

Discussion in 'Installation/Configuration' started by strang3r, Dec 1, 2014.

  1. strang3r

    strang3r Member

    Hi,

    I have followed this guide www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3-p4

    I am at a point where I had to install and make restart fail2ban.

    after following #18 Install fail2ban in guide when I make the restart I get logs with an error... I am not able to figure out what is the problem as I am not an expert :( .

    Code:
    root@server4:/# /etc/init.d/fail2ban restart
    [....] Restarting authentication failure monitor: fail2banTraceback (most recent call last):
      File "/usr/bin/fail2ban-client", line 404, in <module>
        if client.start(sys.argv):
      File "/usr/bin/fail2ban-client", line 373, in start
        return self.__processCommand(args)
      File "/usr/bin/fail2ban-client", line 183, in __processCommand
        ret = self.__readConfig()
      File "/usr/bin/fail2ban-client", line 377, in __readConfig
        self.__configurator.readAll()
      File "/usr/share/fail2ban/client/configurator.py", line 61, in readAll
        self.__jails.read()
      File "/usr/share/fail2ban/client/jailsreader.py", line 44, in read
        ConfigReader.read(self, "jail")
      File "/usr/share/fail2ban/client/configreader.py", line 62, in read
        SafeConfigParserWithIncludes.read(self, [bConf, bLocal])
      File "/usr/share/fail2ban/client/configparserinc.py", line 108, in read
        fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
      File "/usr/share/fail2ban/client/configparserinc.py", line 79, in getIncludes
        parser.read(resource)
      File "/usr/lib/python2.7/ConfigParser.py", line 305, in read
        self._read(fp, filename)
      File "/usr/lib/python2.7/ConfigParser.py", line 512, in _read
        raise MissingSectionHeaderError(fpname, lineno, line)
    ConfigParser.MissingSectionHeaderError: File contains no section headers.
    file: /etc/fail2ban/jail.local, line: 1
    '\xef\xbb\xbf[pureftpd]\r\n'
     failed!
    root@server4:/#
    


    Someone please suggest me why this is happening and what should I do.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please check the pureftpd file that you created for amavis, it is incomplete.
     
  3. strang3r

    strang3r Member

    This is where I created pureftpd.conf : /etc/fail2ban/filter.d/pureftpd.conf

    And this below codes are inside of it.

    Code:
    [Definition]
    failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
    ignoreregex =
    
    still failing.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Then check the file /etc/fail2ban/jail.local
     
  5. strang3r

    strang3r Member

    Ok.

    Ok. I have followed the guide and added all codes for each created file between their relative directory as I said and it is still failing... :(

    /etc/fail2ban/jail.local

    Code:
    [pureftpd]
    enabled  = true
    port     = ftp
    filter   = pureftpd
    logpath  = /var/log/syslog
    maxretry = 3
    
    [dovecot-pop3imap]
    enabled = true
    filter = dovecot-pop3imap
    action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
    logpath = /var/log/mail.log
    maxretry = 5
    
    [sasl]
    enabled  = true
    port     = smtp
    filter   = sasl
    logpath  = /var/log/mail.log
    maxretry = 3
    


    /etc/fail2ban/filter.d/pureftpd.conf

    Code:
    [Definition]
    failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
    ignoreregex =
    


    /etc/fail2ban/filter.d/dovecot-pop3imap.conf

    Code:
    [Definition]
    failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
    ignoreregex =
    
     
  6. strang3r

    strang3r Member

    Not working :(

    Ok. I have followed the guide and added all codes for each created file between their relative directory as I said and it is still failing... :(

    /etc/fail2ban/jail.local

    Code:
    [pureftpd]
    enabled  = true
    port     = ftp
    filter   = pureftpd
    logpath  = /var/log/syslog
    maxretry = 3
    
    [dovecot-pop3imap]
    enabled = true
    filter = dovecot-pop3imap
    action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
    logpath = /var/log/mail.log
    maxretry = 5
    
    [sasl]
    enabled  = true
    port     = smtp
    filter   = sasl
    logpath  = /var/log/mail.log
    maxretry = 3
    


    /etc/fail2ban/filter.d/pureftpd.conf

    Code:
    [Definition]
    failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
    ignoreregex =
    


    /etc/fail2ban/filter.d/dovecot-pop3imap.conf

    Code:
    [Definition]
    failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
    ignoreregex =
    


    If I remove [pureftpd] from jail.local file then error changes from pureftpd to dovecot-pop3imap . in line : 1 .

    Any help please? :(
     
  7. strang3r

    strang3r Member

    Still not fixed yet...

    Still not able to fix this issues yet... Fail2bin not installed. :(

    Any help?.
     

Share This Page