Debugging Fail2ban not starting [FAILED]

Valic —  December 20, 2012 — Leave a comment

I will show you how to degug Fail2ban when you can’t start it and you get the following error:

Starting Fail2ban: [FAILED]

You can’t find any errors in syslog or Fail2ban log because the Fail2ban init script is writing the output of the fail2ban-client to /dev/null The best way to debug Fail2ban is to call directly the fail2ban-client and that will show any syntax error found in the config files. The command and the output looks like this:

fail2ban-client -xd start
WARNING 'findtime' not defined in 'apache-noscript'. Using default value
WARNING 'findtime' not defined in 'pam-generic'. Using default value
WARNING 'findtime' not defined in 'vsftpd'. Using default value
WARNING 'findtime' not defined in 'xinetd-fail'. Using default value
WARNING 'findtime' not defined in 'ssh-ddos'. Using default value
WARNING 'findtime' not defined in 'apache-multiport'. Using default value
WARNING 'findtime' not defined in 'apache-overflows'. Using default value
WARNING 'findtime' not defined in 'couriersmtp'. Using default value
WARNING 'findtime' not defined in 'wuftpd'. Using default value
WARNING 'findtime' not defined in 'ssh'. Using default value
ERROR  Error in action definition
ERROR  Errors in jail 'ssh'. Skipping...
['set', 'loglevel', 3]
['set', 'logtarget', '/var/log/fail2ban.log']

  • -x – will force the execution of the server and removes the socket file
  • -d – will dump the configuration for debugging purpose

Valic

Posts Twitter Facebook

Editor in Chief at Debian-Tutorials, Linux enthusiast.

No Comments

Be the first to start the conversation.

Leave a Reply