Symptoms

After enabling a jail, the Fail2Ban service can't be restarted or stopped.

The service status is shown incorrectly, without the jails list:

# service fail2ban status
fail2ban-server (pid  3291) is running

/var/log/fail2ban.log shows that the service stopped when adding log files to its monitoring pool:

2014-07-27 21:09:25,487 fail2ban.filter [25047]: INFO    Added logfile = /var/www/vhosts/system/example.com/logs/proxy_access_log
2014-07-27 21:09:25,985 fail2ban.filter [25047]: INFO    Added logfile = /var/www/vhosts/system/example.com/logs/proxy_access_ssl_log

The following errors may appear in /var/log/fail2ban.log :

fail2ban.action         [1130]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-BadBots iptables -F f2b-BadBots iptables -X f2b-BadBots -- stdout: ''
fail2ban.action         [1130]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-BadBots iptables -F f2b-BadBots iptables -X f2b-BadBots -- stderr: 'iptables: Too many links.\n'
fail2ban.actions        [2497]: ERROR   Failed to stop jail 'plesk-wordpress' action 'iptables-multiport': Error stopping action

Cause

This is Plesk bug with ID #PPPM-4692 . It was fixed in Plesk Onyx 17.5.3 , and a fix for Plesk 12.5 will be included in one of the next updates. Debian/Ubuntu distros are not affected to the problem, as they use pyinotify as a monitoring backend.

Resolution

As a workaround, manually edit the file /usr/lib/pythonX.X/dist-packages/fail2ban/server/database.py (where X.X is a Python version). The lines to add are marked with '+' sign:

    cur = self._db.cursor()
    cur.execute("PRAGMA foreign_keys = ON;")
+   cur.execute("PRAGMA synchronous = OFF;")
+   cur.execute("PRAGMA journal_mode = MEMORY;")

    try:
        cur.execute("SELECT version FROM fail2banDb LIMIT 1")

Alternatively, consider upgrading to the latest version of Plesk.