fail2ban is no working

I think is not working, this is the whole log:

Code:

root@main:~# cat /var/log/fail2ban.log 
2011-08-05 20:56:20,180 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2011-08-05 20:56:20,181 fail2ban.jail   : INFO   Creating new jail 'ssh'
2011-08-05 20:56:20,181 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2011-08-05 20:56:20,231 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2011-08-05 20:56:20,231 fail2ban.filter : INFO   Set maxRetry = 6
2011-08-05 20:56:20,232 fail2ban.filter : INFO   Set findtime = 600
2011-08-05 20:56:20,233 fail2ban.actions: INFO   Set banTime = 600
2011-08-05 20:56:20,312 fail2ban.jail   : INFO   Jail 'ssh' started
2011-08-05 21:01:04,889 fail2ban.jail   : INFO   Jail 'ssh' stopped
2011-08-05 21:01:04,889 fail2ban.server : INFO   Exiting Fail2ban

Code:

root@main:~# /etc/init.d/fail2ban restart
Restarting authentication failure monitor: fail2ban failed!

Code:

root@main:~# /etc/init.d/fail2ban stop
root@main:~# /etc/init.d/fail2ban start
root@main:~# 

 

Try to change the log level to see exactly this issue.

edit /etc/fail2ban/fail2ban.conf and set loglevel = 4

 

I do that, and nothing happens. The log is exactly the same.

 

Did you restart fail2ban?

 

Of course!

/etc/init.d/fail2ban restart --> with error

and then
/etc/init.d/fail2ban stop
/etc/init.d/fail2ban start

without error

New test:

Code:

root@main:~# /etc/init.d/fail2ban status
Status of authentication failure monitor:fail2ban is not running ... (warning).
root@main:~# /etc/init.d/fail2ban force-start
root@main:~# /etc/init.d/fail2ban status
Status of authentication failure monitor:fail2ban is not running ... (warning).
root@main:~# 

 

When you set loglevel = 4 (debug) your log /var/log/fail2ban.log must contain debug messages after restart fail2fan daemon.

Just re-check

 

I'm sure what I do, but I'm not sure what happens.

Code:

root@main:~# cat /etc/fail2ban/fail2ban.conf 
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 629 $
#

[Definition]

# Option:  loglevel
# Notes.:  Set the log level output.
#          1 = ERROR
#          2 = WARN
#          3 = INFO
#          4 = DEBUG
# Values:  NUM  Default:  3
#
loglevel = 4 

# Option:  logtarget
# Notes.:  Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
#          Only one log target can be specified.
# Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
#
logtarget = /var/log/fail2ban.log

# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
#         not remove this file when Fail2ban runs. It will not be possible to
#         communicate with the server afterwards.
# Values: FILE  Default:  /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock

I have restarted it some times, and the server too but log still contains the same.

Code:

root@main:~# cat /var/log/fail2ban.log 
2011-08-05 20:56:20,180 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2011-08-05 20:56:20,181 fail2ban.jail   : INFO   Creating new jail 'ssh'
2011-08-05 20:56:20,181 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2011-08-05 20:56:20,231 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2011-08-05 20:56:20,231 fail2ban.filter : INFO   Set maxRetry = 6
2011-08-05 20:56:20,232 fail2ban.filter : INFO   Set findtime = 600
2011-08-05 20:56:20,233 fail2ban.actions: INFO   Set banTime = 600
2011-08-05 20:56:20,312 fail2ban.jail   : INFO   Jail 'ssh' started
2011-08-05 21:01:04,889 fail2ban.jail   : INFO   Jail 'ssh' stopped
2011-08-05 21:01:04,889 fail2ban.server : INFO   Exiting Fail2ban
root@main:~# 

 

Solved

Solved executing:

fail2ban-client reload

I found the problem:

ERROR /etc/fail2ban/filter.d/pureftpd.conf and /etc/fail2ban/filter.d/pureftpd.local do not exist

root@main:~# /etc/init.d/fail2ban status
Status of authentication failure monitor:fail2ban is running.