Fail2ban service gets stuck and IP Address Banning (Fail2ban) page is not accessible

Refers to:

  • Plesk 12.5 for Linux
  • Plesk 12.0 for Linux

Created:

2016-11-16 13:14:52 UTC

Modified:

2017-02-08 00:04:27 UTC

2

Was this article helpful?


Have more questions?

Submit a request

Fail2ban service gets stuck and IP Address Banning (Fail2ban) page is not accessible

Symptoms

  1. Plesk hangs when trying to access Tools & Settings > IP Address Banning (Fail2Ban) .

  2. Attempt to remove a subscription shows 504 Gateway Time-out after a long delay.

  3. The following error is displayed while trying to create or remove a subscription and to stop or start services in Plesk > Tools & Settings > Services Management :

    This operation is taking too long. Check the result in few minutes.
  4. It is not possible to enable jails with one of the following errors:

    Error: f2bmng failed: Traceback (most recent call last):
    File "/usr/bin/fail2ban-client", line 470, in
    if client.start(sys.argv):
    File "/usr/bin/fail2ban-client", line 440, in start
    return self.__processCommand(args)
    File "/usr/bin/fail2ban-client", line 256, in __processCommand
    if self.__ping():
    File "/usr/bin/fail2ban-client", line 153, in __ping
    return self.__processCmd([["ping"]], False)
    File "/usr/bin/fail2ban-client", line 185, in __processCmd
    client.close()
    AttributeError: CSocket instance has no attribute 'close'
    ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload']' returned non-zero exit status 1

OR
ERROR   ipset create fail2ban-apache-badbots hash:ip timeout 172800
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-badbots src -j REJECT --reject-with icmp-port-unreachable -- stderr: ''
  • It is not possible to install Fail2Ban using Plesk autoinstaller:

    Fatal error during packages installation: Test Transaction Errors:   file /etc/fail2ban/action.d/iptables-allports.conf from install of fail2ban-0.8.13-centos7.14071718.noarch conflicts with file from package fail2ban-server-0.9.1-2.el7.noarch
  • The following error can be found at /var/log/plesk/sw-cp-server/error_log :

    2241#0: *603 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.0.2.2, server: , request: "GET /admin/server-protection/ban-list HTTP/1.1", upstream: "fastcgi://unix:/var/run/sw-engine.sock", host: "192.0.2.2:8443", referrer: "https://203.0.113.2:8443/admin/server/tools?context=tools"

    The process hangs after the following message in /var/log/plesk/panel.log with debug mode enabled:

    DEBUG [util_exec] [63762328da92388cff356a50532a3ead][0] Starting: f2bmng --get-banned-ips, stdin:
  • Cause

    Unsupported Fail2Ban package version is installed.

    Probably, EPEL repository (or any other 3rd party repository) is enabled on the server which is responsible for the incorrect version of Fail2ban is installed. You can find supported Fail2Ban versions below:

    Plesk version Supported Fail2Ban version
    12.5 0.9.2
    12.0 0.8.13

    Resolution

    Check the version of the installed Fail2Ban package using the command:

    # rpm -qa | grep fail2ban

    If the version differs from the supported one, perform the following steps:

    1. Create a backup of /etc/fail2ban directory as /usr/local/src/fail2ban/

    2. Exclude Fail2ban from epel repository at /etc/yum.repos.d/epel.repo :

      cat /etc/yum.repos.d/epel.repo[epel]...exclude=fail2ban...

    3. Reinstall fail2ban:

    4. Via CLI:

          # plesk installer --select-product-id plesk --select-release-current --remove-component fail2ban

      # plesk installer --select-product-id plesk --select-release-current --install-component fail2ban
    5. Via GUI:

      Home > Tools & Settings > Updates and Upgrades > Add/Remove Components

    Or

    Reinstall Fail2ban package manually:

    1. Find the Fail2ban package version:

      # rpm -qa | grep fail2ban
      fail2ban-0.9.3-1.el6.1.noarch
      plesk-fail2ban-configurator-12.0.18-cos6.build1200140526.11.noarch
    2. Delete the package manually:

      # rpm -e fail2ban-0.9.3-1.el6.1.noarch --nodeps --noscripts
    3. Download the correct Fail2ban package from Plesk repository .

    4. Install the correct package:

      # rpm -i fail2ban-version_number.rpm

    NOTE: For both cases, after the fail2ban package has been removed, it is necessary to verify that there are no any hanged fail2ban processes:

    # ps auxxffww | grep fail2ban
    root 4567 0.0 0.0 103252 824 pts/0 S+ 20:30 0:00 | \\_ grep fail2ban
    root 2087 0.3 0.3 1353768 11256 ? S 2015 488:55 /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b

    # ps auxxffww | grep f2bmng

    root 15868 0.0 0.2 82752 7860 ? SN 12:55 0:00 | \\_ /usr/bin/python -Estt /usr/local/psa/admin/sbin/f2bmng --set-options
    root 16595 0.0 0.2 82756 7864 ? SN 13:07 0:00 | \\_ /usr/bin/python -Estt /usr/local/psa/admin/sbin/f2bmng --set-options
    root 17052 0.0 0.2 82752 7860 ? SN 13:12 0:00 | \\_ /usr/bin/python -Estt /usr/local/psa/admin/sbin/f2bmng --set-options
    root 477 0.0 0.2 179476 7684 pts/1 S 19:22 0:00 /usr/bin/python -Estt /usr/local/psa/admin/sbin/f2bmng --add-log plesk-apache /var/www/vhosts/system/example.com/logs/error_log

    In case they were found, manually kill them using the kill command:

    # kill -9 4567 2087 15868 16595 17052 477

    Replace the id's with id's in question.

    Have more questions? Submit a request
    Please sign in to leave a comment.