Support » Plugin: WP fail2ban - Advanced Security Plugin » Can’t start f2b on Nginx/Apache

  • Resolved popvid

    (@popvid)


    As my host and I are at an impasse, I thought I’d reach out for a bit of help. I’m trying to wrap my head around this stuff and not sure how to proceed.

    I have a VPS account and host a few WP sites for clients. Server info: Nginx (1.17.0) – Apache (2.4.39) on CentOS 7.6.

    After recently reading about the strengths of fail2ban I decided to give it a try. I asked the hosting company to install f2b and they did so a couple of days ago. Unfortunately, I’ve not been able to get it off the ground at all and they’re not willing to help unless I give them some coin.

    They installed v 0.9.7 although the current version appears to be 0.10.4. Following instructions from a couple of guides and the docs for this plugin, I installed the plugin, and performed the following:

    – “/wp-content/plugins/wp-fail2ban/filters.d/” contained wordpress-hard.conf, wordpress-soft.conf, and wordpress-extra.conf (as listed in the docs)

    – “sudo systemctl enable fail2ban”

    – I got no terminal response (which I think is correct).

    – I created the ‘jail.local’ file (duplicated the jail.conf file).

    – I placed the following code in that file:

    [DEFAULT]

    # Ban hosts for one hour:
    bantime = 3600

    # Override /etc/fail2ban/jail.d/00-firewalld.conf:
    banaction = iptables-multiport

    [sshd]
    enabled = true

    [wordpress-hard]
    enabled = true
    filter = wordpress-hard
    logpath = /var/log/auth.log
    maxretry = 1
    port = http,https

    [wordpress-soft]
    enabled = true
    filter = wordpress-soft
    logpath = /var/log/auth.log
    maxretry = 3
    port = http,https

    – exited nano and saved

    – “sudo systemctl restart fail2ban” resulted in the following: Job for fail2ban.service failed because the control process exited with error code. See “systemctl status fail2ban.service” and “journalctl -xe” for details.

    – “systemctl status fail2ban.service” resulted in:
    fail2ban.service – Fail2Ban Service Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
    Active: failed (Result: start-limit) since Mon 2019-08-05 14:52:20 EDT; 1min 4s ago Docs: man:fail2ban(1)
    Process: 12326 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
    Main PID: 9099 (code=exited, status=0/SUCCESS)

    – “sudo fail2ban-client status” resulted in: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

    – “/var/run/fail2ban/fail2ban.sock” is missing/not there/nonexistent

    – “journalctl -u fail2ban.service” results in:
    fail2ban-client[10992]: ERROR Errors in jail ‘wordpress-hard’. Skipping…
    fail2ban-client[10992]: ERROR Found no accessible config files for ‘filter.d/wo
    fail2ban-client[10992]: ERROR No section: ‘Definition’
    fail2ban-client[10992]: ERROR No section: ‘Definition’
    fail2ban-client[10992]: ERROR Unable to read the filter

    And that’s where I’m at. My apologies for the length.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author invisnet

    (@invisnet)

    Did you copy the filter files into the fail2ban filter.d directory?

    Thread Starter popvid

    (@popvid)

    Thanks for the reply.

    Yes, they’re in the proper location.

    https://imgur.com/pegl7e5

    Thread Starter popvid

    (@popvid)

    I don’t think there is a way to get the service running, given how my host provider has set up the VPS server. If there is, I’m clueless about it. Although your configs are in the proper place when looking at the file viewer (public_html/wp-content/plugins/wp-fail2ban/filters.d/), I cannot find them in the terminal.

    I am told this should do the trick:
    sudo cp /var/www/html/wp-content/plugins/wp-fail2ban/filters.d/wordpress-hard.conf /etc/fail2ban/filter.d/
    but there is nothing in /var/www/html. So I don’t know where they’ve stashed those files. Also, if I look in /etc/fail2ban/fail2ban.d/ or /etc/fail2ban/filter.d there’s no -hard.conf or -soft.conf.

    Plugin Author invisnet

    (@invisnet)

    The key is to get the files into /etc/fail2ban/filter.d/ – exactly how you do that isn’t particularly important.

    If you can’t find the path where your WP install lives (and your host really ought to be able to tell you that), then as a last resort you could download the filter files directly and then move them: https://plugins.trac.wordpress.org/browser/wp-fail2ban/trunk/filters.d

    Thread Starter popvid

    (@popvid)

    Thanks again for the reply. I downloaded those conf files to the directory and they are now in place. I then attempted to restart fail2ban and received the same error as above:

    root@vps30001 [/etc/fail2ban/filter.d]# systemctl restart fail2ban
    Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
    root@vps30001 [/etc/fail2ban/filter.d]# systemctl status fail2ban.service
    ● fail2ban.service - Fail2Ban Service
       Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
       Active: failed (Result: start-limit) since Wed 2019-08-07 12:37:43 EDT; 1min 10s ago
         Docs: man:fail2ban(1)
      Process: 21477 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
     Main PID: 9099 (code=exited, status=0/SUCCESS)

    I could very well be wrong, but my intuition tells me they’ve installed the package in some abby-normal way. I will try to dig deeper.

    Thread Starter popvid

    (@popvid)

    Will have to backtrack on my false assumption. It appears they have installed everything correctly. I deleted all files from this plugin and restarted the service and f2b runs fine. I reinstalled this plugin along with all requisite files, checked their locations, etc, but as soon as I add the [wordpress-hard] and/or [wordpress-soft] and/or [wordpress-extra] instructions to jail.local, the service breaks.

    I will mention that this is a VPS using cPanel and as I mentioned above, the WP install is not located in /var/www/html/.

    I did find that WP lives in /home/name of cpanel account/public_html.

    Plugin Author invisnet

    (@invisnet)

    What messages do you get if you run fail2ban-client -v -v start?

    Thread Starter popvid

    (@popvid)

    Thanks again for your help! With your conf file(s) loaded and code placed in jail.local (behavior is same for each):

    root@vps30001 [/etc/fail2ban]# fail2ban-client -v -v start

    INFO   Loading configs for fail2ban under /etc/fail2ban
    DEBUG  Reading configs for fail2ban under /etc/fail2ban
    DEBUG  Reading config files: /etc/fail2ban/fail2ban.conf
    INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
    INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
    INFO   Using socket file /var/run/fail2ban/fail2ban.sock
    INFO   Loading configs for jail under /etc/fail2ban
    DEBUG  Reading configs for jail under /etc/fail2ban
    DEBUG  Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.d/00-firewalld.conf, /etc/fail2ban/jail.local, /etc/fail2ban/jail.d/sshd.local
    INFO     Loading files: ['/etc/fail2ban/jail.conf']
    INFO     Loading files: ['/etc/fail2ban/paths-fedora.conf']
    INFO     Loading files: ['/etc/fail2ban/paths-common.conf']
    INFO     Loading files: ['/etc/fail2ban/paths-overrides.local']
    INFO     Loading files: ['/etc/fail2ban/jail.d/00-firewalld.conf']
    INFO     Loading files: ['/etc/fail2ban/jail.local']
    INFO     Loading files: ['/etc/fail2ban/jail.d/sshd.local']
    INFO     Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-fedora.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/00-firewalld.conf', '/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-fedora.conf', '/etc/fail2ban/jail.local', '/etc/fail2ban/jail.d/sshd.local']
    INFO   Loading configs for filter.d/sshd under /etc/fail2ban
    DEBUG  Reading configs for filter.d/sshd under /etc/fail2ban
    DEBUG  Reading config files: /etc/fail2ban/filter.d/sshd.conf
    INFO     Loading files: ['/etc/fail2ban/filter.d/sshd.conf']
    INFO     Loading files: ['/etc/fail2ban/filter.d/common.conf']
    INFO     Loading files: ['/etc/fail2ban/filter.d/common.local']
    INFO     Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/sshd.conf']
    INFO   Loading configs for action.d/iptables-multiport under /etc/fail2ban
    DEBUG  Reading configs for action.d/iptables-multiport under /etc/fail2ban
    DEBUG  Reading config files: /etc/fail2ban/action.d/iptables-multiport.conf
    INFO     Loading files: ['/etc/fail2ban/action.d/iptables-multiport.conf']
    INFO     Loading files: ['/etc/fail2ban/action.d/iptables-common.conf']
    INFO     Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local']
    INFO     Loading files: ['/etc/fail2ban/action.d/iptables-common.local']
    INFO     Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-multiport.conf']
    INFO   Loading configs for filter.d/wordpress-soft under /etc/fail2ban
    DEBUG  Reading configs for filter.d/wordpress-soft under /etc/fail2ban
    DEBUG  Reading config files: /etc/fail2ban/filter.d/wordpress-soft.conf
    INFO     Loading files: ['/etc/fail2ban/filter.d/wordpress-soft.conf']
    ERROR  Failed during configuration: File contains no section headers.
    file: /etc/fail2ban/filter.d/wordpress-soft.conf, line: 1
    • This reply was modified 2 years, 1 month ago by popvid.
    Thread Starter popvid

    (@popvid)

    Alright…finally. Disregard that last section. It is up and running now that I created the appropriate log files. Will let you know if I run into any more problems. Thanks again!

    • This reply was modified 2 years, 1 month ago by popvid.
Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Can’t start f2b on Nginx/Apache’ is closed to new replies.