好久没有检查Fail2Ban邮件,翻了GMail, 才发现其实早在2018年11月份, Fail2Ban就没有正常工作了。
用下面两个命令可以查看当前的一些状态
systemctl status fail2ban.service
journalctl -xe
后来找到手工启动的命令: /usr/bin/fail2ban-client -v -v start,找到下面的错误
ERROR Failed during configuration: While reading from '/etc/fail2ban/jail.local' [line 146]: option 'port' in section 'pam-generic' already exists
grep -A 8 "pam" /etc/fail2ban/jail.local
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter = pam-generic
# port actually must be irrelevant but lets leave it all for some possible uses
port = all
banaction = iptables-allports
port = anyport
logpath = /var/log/auth.log
maxretry = 6
确实存在两个port, 把port = anyport注释掉,再跑上面的命令就一切正常了. 在github上也找到了对应的这个问题:https://github.com/fail2ban/fail2ban/issues/1396
再次启动发现还是错误
systemctl restart fail2ban.service
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit-hit) since Sat 2019-03-09 22:46:50 CST; 6min ago
Docs: man:fail2ban(1)
Process: 11913 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Control process exited, code=exited status=2
Mar 09 22:46:50 new.pjq.me systemd[1]: Failed to start Fail2Ban Service.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Unit entered failed state.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Service hold-off time over, scheduling resta
Mar 09 22:46:50 new.pjq.me systemd[1]: Stopped Fail2Ban Service.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Start request repeated too quickly.
Mar 09 22:46:50 new.pjq.me systemd[1]: Failed to start Fail2Ban Service.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Unit entered failed state.
Mar 09 22:46:50 new.pjq.me systemd[1]: fail2ban.service: Failed with result 'start-limit-hit'.
后来打到Fail2Ban github主页:https://github.com/fail2ban/fail2ban , 其实可以直接用实际程序 /usr/bin/fail2ban-client 启动,关闭,还在状态查询
/usr/bin/fail2ban-client -v -v start
/usr/bin/fail2ban-client status
/usr/bin/fail2ban-client reload
最后可以通过下面任一命令重启Fail2Ban服务
sudo service fail2ban restart
sudo systemctl restart fail2ban.service
sudo /etc/init.d/fail2ban restart
Fail2Ban启动失败原因分析