好久没有检查Fail2Ban邮件,翻了GMail, 才发现其实早在2018年11月份, Fail2Ban就没有正常工作了。

用下面两个命令可以查看当前的一些状态

systemctl status fail2ban.service
journalctl -xe

后来找到手工启动的命令: /usr/bin/fail2ban-client -v -v start,找到下面的错误

ERROR  Failed during configuration: While reading from '/etc/fail2ban/jail.local' [line 146]: option 'port' in section 'pam-generic' already exists
grep -A 8 "pam" /etc/fail2ban/jail.local
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter   = pam-generic
# port actually must be irrelevant but lets leave it all for some possible uses
port     = all
banaction = iptables-allports
port     = anyport
logpath  = /var/log/auth.log
maxretry = 6

确实存在两个port, 把port = anyport注释掉,再跑上面的命令就一切正常了. 在github上也找到了对应的这个问题:https://github.com/fail2ban/fail2ban/issues/1396

再次启动发现还是错误

systemctl restart fail2ban.service
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: failed (Result: start-limit-hit) since Sat 2019-03-09 22:46:50 CST; 6min ago
     Docs: man:fail2ban(1)
  Process: 11913 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)

Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Control process exited, code=exited status=2
Mar 09 22:46:50 new.pjq.me systemd[1]: Failed to start Fail2Ban Service.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Unit entered failed state.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Service hold-off time over, scheduling resta
Mar 09 22:46:50 new.pjq.me systemd[1]: Stopped Fail2Ban Service.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Start request repeated too quickly.
Mar 09 22:46:50 new.pjq.me systemd[1]: Failed to start Fail2Ban Service.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Unit entered failed state.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Failed with result 'start-limit-hit'.

后来打到Fail2Ban github主页:https://github.com/fail2ban/fail2ban , 其实可以直接用实际程序 /usr/bin/fail2ban-client 启动,关闭,还在状态查询

 /usr/bin/fail2ban-client -v -v start
 /usr/bin/fail2ban-client status
 /usr/bin/fail2ban-client reload

最后可以通过下面任一命令重启Fail2Ban服务

sudo service fail2ban restart
sudo systemctl restart fail2ban.service
sudo /etc/init.d/fail2ban restart

Fail2Ban启动失败原因分析
Tagged on:     

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.