Fail2ban extension hangs: Failed to stop jail action

Created:

2016-11-16 13:22:44 UTC

Modified:

2017-08-16 17:26:02 UTC

5

Was this article helpful?


Have more questions?

Submit a request

Fail2ban extension hangs: Failed to stop jail action

Applicable to:

  • Plesk for Linux

Symptoms

  1. RedHat based OS is used.

  2. After enabling a jail, Fail2ban service can not be restarted or stopped.

  3. The service status is shown incorrectly, without the jails list:

    [root@server ~]# service fail2ban status
    fail2ban-server (pid 3291) is running
  4. /var/log/fail2ban.log shows that the service stopped when adding log files to its monitoring pool:

    fail2ban.filter [25047]: INFO    Added logfile = /var/www/vhosts/system/example.com/logs/proxy_access_log
    fail2ban.filter [25047]: INFO Added logfile = /var/www/vhosts/system/example.com/logs/proxy_access_ssl_log
  5. Fail2ban can not be managed from Tools & Settings > Services Management :

    Unable to start service: Unable to manage service by f2bmng: ('start', 'fail2ban'). Error: Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details. ERROR:f2bmng:Failed to start fail2ban service 
  6. The following errors may appear in /var/log/fail2ban.log :

    fail2ban.action         [1130]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-BadBots iptables -F f2b-BadBots iptables -X f2b-BadBots -- stdout: ''
    fail2ban.action [1130]: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-BadBots iptables -F f2b-BadBots iptables -X f2b-BadBots -- stderr: 'iptables: Too many links.
    fail2ban.actions [2497]: ERROR Failed to stop jail 'plesk-wordpress' action 'iptables-multiport': Error stopping action

Cause

This is a Plesk bug with ID #PPPM-5495 which is planned to be fixed in future Plesk updates.

Resolution

Note: Fail2Ban might not operate properly if there are many domains and Fail2Ban has to monitor a lot of log files.

As a workaround, use python-inotify monitoring backend which is faster than gamin backend. For that:

  1. Install python-inotify Python module.

    For CentOS 7:

    # yum install python-inotify

    For CentOS 6 add EPEL repository first:

    # wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
    # rpm -ivh epel-release-6-8.noarch.rpm
    # yum install python-inotify
  2. Set backend to pyinotify in /etc/fail2ban/jail.conf file:

    [root@server ~]# grep 'backend =' /etc/fail2ban/jail.conf
    backend = pyinotify
  3. Restart fail2ban service:

    # service fail2ban restart
Have more questions? Submit a request

4 Comments

  • 0
    Avatar
    Gianluca

    Hello, solution for CentOS 7 applied, but error persist:

     

    2017-01-09 10:13:16,967 fail2ban.action         [13400]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-plesk-wordpress
    iptables -F f2b-plesk-wordpress
    iptables -X f2b-plesk-wordpress -- stderr: 'iptables: Too many links.\n'
    2017-01-09 10:13:16,968 fail2ban.action         [13400]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-plesk-wordpress
    iptables -F f2b-plesk-wordpress
    iptables -X f2b-plesk-wordpress -- returned 1
    2017-01-09 10:13:16,968 fail2ban.actions        [13400]: ERROR   Failed to stop jail 'plesk-wordpress-j' action 'iptables-multiport': Error stopping action
    2017-01-09 10:13:16,969 fail2ban.jail           [13400]: INFO    Jail 'plesk-wordpress-j' stopped
    2017-01-09 10:13:17,420 fail2ban.action         [13400]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-plesk-wordpress
    iptables -F f2b-plesk-wordpress
    iptables -X f2b-plesk-wordpress -- stdout: ''
    2017-01-09 10:13:17,420 fail2ban.action         [13400]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-plesk-wordpress
    iptables -F f2b-plesk-wordpress
    iptables -X f2b-plesk-wordpress -- stderr: 'iptables: Too many links.\n'

  • 0
    Avatar
    Vitaly Zhidkov

    @Gianluca, try the following workaround and let me know if it will not help:

    1. Backup file /usr/lib/pythonX.X/dist-packages/fail2ban/server/database.py where X.X is a Python version).

    2. Modify /usr/lib/pythonX.X/dist-packages/fail2ban/server/database.py The lines to add are marked with '+' sign:

            cur = self._db.cursor()
            cur.execute("PRAGMA foreign_keys = ON;")
        +   cur.execute("PRAGMA synchronous = OFF;")
        +   cur.execute("PRAGMA journal_mode = MEMORY;")
        
            try:
                cur.execute("SELECT version FROM fail2banDb LIMIT 1")

  • 0
    Avatar
    Gianluca

    Thank you for your answer Vitaly, but i have Onyx and the file "/usr/lib/python2.7/site-packages/fail2ban/server/database.py" (path "/usr/lib/pythonX.X/dist-packages/...." doesn't exist on my server) already contains that lines.

  • 0
    Avatar
    Alexander Nezymaev

    @Gianluca, I am going to create a ticket for you in our support system.

    We will contact you soon by email.

Please sign in to leave a comment.