fail2ban start but with fail2ban-client start

Yaroslav Halchenko Wed, 29 Nov 2006 16:47:07 -0800

Hi Bertrand,

Tried to start stop fail2ban few times and it seems to start/stop. I am
not sure on the status of iptables after its start or log file since I
am not in adm group, but look:


,--------------------------------------------------------------------------------------------------------
| [EMAIL PROTECTED]:~$ ps auxw | grep fail2ban
| root     17663  0.3  0.8  16324  3892 ?        S    01:15   0:00 python2.4 
/usr/bin/fail2ban-server -b
| root     17664  0.0  0.8  16324  3892 ?        S    01:15   0:00 python2.4 
/usr/bin/fail2ban-server -b
| root     17665  0.0  0.8  16324  3892 ?        S    01:15   0:00 python2.4 
/usr/bin/fail2ban-server -b
| root     17686  2.1  0.8  16324  3892 ?        S    01:15   0:02 python2.4 
/usr/bin/fail2ban-server -b
| root     17687  0.0  0.8  16324  3892 ?        S    01:15   0:00 python2.4 
/usr/bin/fail2ban-server -b
| test     17730  0.0  0.1   3488   780 pts/1    S+   01:17   0:00 grep fail2ban
| [EMAIL PROTECTED]:~$  sudo /etc/init.d/fail2ban stop
| Stopping authentication failure monitor: fail2ban.
| [EMAIL PROTECTED]:~$ ps auxw | grep fail2ban
| test     17745  0.0  0.1   3488   780 pts/1    S+   01:18   0:00 grep fail2ban
| [EMAIL PROTECTED]:~$  sudo /etc/init.d/fail2ban start
| Starting authentication failure monitor: fail2ban.
| [EMAIL PROTECTED]:~$ ps auxw | grep fail2ban
| root     17753  8.4  0.8  16324  3892 ?        S    01:18   0:00 python2.4 
/usr/bin/fail2ban-server -b
| root     17754  0.8  0.8  16324  3892 ?        S    01:18   0:00 python2.4 
/usr/bin/fail2ban-server -b
| root     17755  1.2  0.8  16324  3892 ?        S    01:18   0:00 python2.4 
/usr/bin/fail2ban-server -b
| root     17776 67.7  0.8  16324  3892 ?        S    01:18   0:02 python2.4 
/usr/bin/fail2ban-server -b
| root     17777  0.2  0.8  16324  3892 ?        S    01:18   0:00 python2.4 
/usr/bin/fail2ban-server -b
| test     17786  0.0  0.1   3488   780 pts/1    S+   01:18   0:00 grep fail2ban
|
`---
so it seems to start/stop properly. I am not sure on iptables status -
can you also see after you start it iptables are initialized or not... 

On Sat, 25 Nov 2006, BERTRAND Joц╚l wrote:

> Yaroslav Halchenko a ц╘crit :
> >indeed strange... unfortunately it would be impossible for me to try it
> >myself - no sparc around

>       I can open a ssh access to one on mine ;-)

> >could you please boost verbosity in fail2ban.conf (or override it in
> >fail2ba.local) and then send me along fail2ban.log (if it has anything
> >in) and output of
> >sh -x /etc/init.d/fail2ban start

>       Now, loglevel=4 in /etc/fail2ban/fail2ban.conf
> hilbert:/etc/fail2ban# sh -x /etc/init.d/fail2ban  start
> + PATH=/usr/sbin:/usr/bin:/sbin:/bin
> + DESC='authentication failure monitor'
> + NAME=fail2ban
> + DAEMON=/usr/bin/fail2ban-client
> + SOCKFILE=/tmp/fail2ban.sock
> + SCRIPTNAME=/etc/init.d/fail2ban
> + '[' -x /usr/bin/fail2ban-client ']'
> + '[' -r /etc/default/fail2ban ']'
> + . /etc/default/fail2ban
> ++ FAIL2BAN_OPTS=
> + DAEMON_ARGS=
> + '[' -f /etc/default/rcS ']'
> + . /etc/default/rcS
> ++ TMPTIME=0
> ++ SULOGIN=no
> ++ DELAYLOGIN=no
> ++ UTC=yes
> ++ VERBOSE=yes
> ++ FSCKFIX=no
> + . /lib/lsb/init-functions
> ++ '[' -e /etc/lsb-base-logging.sh ']'
> ++ true
> + case "$1" in
> + '[' yes '!=' no ']'
> + log_daemon_msg 'Starting authentication failure monitor' fail2ban
> + '[' -z 'Starting authentication failure monitor' ']'
> + '[' -z fail2ban ']'
> + echo -n 'Starting authentication failure monitor: fail2ban'
> Starting authentication failure monitor: fail2ban+ do_start
> + do_status
> + /usr/bin/fail2ban-client status
> + case $? in
> + return 0
> + return 1
> + '[' yes '!=' no ']'
> + log_end_msg_wrapper 0 2
> + '[' 0 -lt 2 ']'
> + value=0
> + log_end_msg 0
> + '[' -z 0 ']'
> + log_use_fancy_output
> + TPUT=/usr/bin/tput
> + EXPR=/usr/bin/expr
> + '[' FANCYTTY = 0 ']'
> + '[' xxterm '!=' xdumb ']'
> + '[' -x /usr/bin/tput ']'
> + '[' -x /usr/bin/expr ']'
> + /usr/bin/tput hpa 60
> + /usr/bin/tput setaf 1
> + FANCYTTY=1
> + true
> ++ /usr/bin/tput setaf 1
> + RED=''
> ++ /usr/bin/tput op
> + NORMAL=''
> + '[' 0 -eq 0 ']'
> + echo .
> .
> + return 0
> + :
> hilbert:/etc/fail2ban# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination

> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination

> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> hilbert:/etc/fail2ban#

>       But if I run :

> hilbert:/etc/fail2ban# sh -x /etc/init.d/fail2ban reload
> + PATH=/usr/sbin:/usr/bin:/sbin:/bin
> + DESC='authentication failure monitor'
> + NAME=fail2ban
> + DAEMON=/usr/bin/fail2ban-client
> + SOCKFILE=/tmp/fail2ban.sock
> + SCRIPTNAME=/etc/init.d/fail2ban
> + '[' -x /usr/bin/fail2ban-client ']'
> + '[' -r /etc/default/fail2ban ']'
> + . /etc/default/fail2ban
> ++ FAIL2BAN_OPTS=
> + DAEMON_ARGS=
> + '[' -f /etc/default/rcS ']'
> + . /etc/default/rcS
> ++ TMPTIME=0
> ++ SULOGIN=no
> ++ DELAYLOGIN=no
> ++ UTC=yes
> ++ VERBOSE=yes
> ++ FSCKFIX=no
> + . /lib/lsb/init-functions
> ++ '[' -e /etc/lsb-base-logging.sh ']'
> ++ true
> + case "$1" in
> + log_daemon_msg 'Reloading authentication failure monitor' fail2ban
> + '[' -z 'Reloading authentication failure monitor' ']'
> + '[' -z fail2ban ']'
> + echo -n 'Reloading authentication failure monitor: fail2ban'
> Reloading authentication failure monitor: fail2ban+ do_reload
> + /usr/bin/fail2ban-client reload
> + return 0
> + log_end_msg 0
> + '[' -z 0 ']'
> + log_use_fancy_output
> + TPUT=/usr/bin/tput
> + EXPR=/usr/bin/expr
> + '[' FANCYTTY = 0 ']'
> + '[' xxterm '!=' xdumb ']'
> + '[' -x /usr/bin/tput ']'
> + '[' -x /usr/bin/expr ']'
> + /usr/bin/tput hpa 60
> + /usr/bin/tput setaf 1
> + FANCYTTY=1
> + true
> ++ /usr/bin/tput setaf 1
> + RED=''
> ++ /usr/bin/tput op
> + NORMAL=''
> + '[' 0 -eq 0 ']'
> + echo .
> .
> + return 0
> + :
> hilbert:/etc/fail2ban# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> fail2ban-ssh  tcp  --  anywhere             anywhere            tcp dpt:ssh

> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     0    --  anywhere             anywhere

> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination

> Chain fail2ban-ssh (1 references)
> target     prot opt source               destination
> DROP       0    --  webwonderworld.net   anywhere
> RETURN     0    --  anywhere             anywhere
> hilbert:/etc/fail2ban#

> >Thank you!

>       You're welcome. And if you have any idea...

>       Regards,

>       JKB




-- 
                                  .-.
=------------------------------   /v\  ----------------------------=
Keep in touch                    // \\     (yoh@|www.)onerussian.com
Yaroslav Halchenko              /(   )\               ICQ#: 60653192
                   Linux User    ^^-^^    [175555]

pgpH3UHk7g77f.pgp
Description: PGP signature

Bug#400278: fail2ban does not start with /etc/init.d/fail2ban start but with fail2ban-client start

Reply via email to