Fail2ban startup without mysql

filippo_carletti · June 6, 2018, 7:59am

I installed fail2ban but it didn’t start. I found with the following error:

Jun  6 09:51:09 nsec-primary systemd: Starting Fail2Ban Service...
Jun  6 09:51:09 nsec-primary fail2ban-client: ERROR  No file(s) found for glob /var/log/mariadb/mariadb.log
Jun  6 09:51:09 nsec-primary fail2ban-client: ERROR  Failed during configuration: Have not found any log file for mysqld-auth jail
Jun  6 09:51:09 nsec-primary systemd: fail2ban.service: control process exited, code=exited status=255
Jun  6 09:51:09 nsec-primary systemd: Failed to start Fail2Ban Service.

The system doesn’t run mysql.
I went to the server-manager, disabled the MySQL Auth jail and fail2ban started.

dnutan · June 6, 2018, 8:56am

There’s need to verify the presence of the log file. Similar to this old one:

Solutions from @stephdl :

filippo_carletti · June 6, 2018, 9:06am

Thank you Marc, I think that I have some “inconsistencies” in the system (it has been restored many times in the past years, after some tests).

mysqld is not used, not installed but the configuration db has:

[root@nsec-primary ~]# config show mysqld
mysqld=service
    LocalNetworkingOnly=no
    MaxAllowedPacket=16M
    TCPPort=3306
    access=
    status=enabled

fail2ban template check that mysql is enabled, but as you suggest the check for the log file seems “more correct”.
I’d ask for @stephdl opinion.

stephdl · June 6, 2018, 9:25am

I believe this is a bug I probably need to check again all services and valid the two conditions, presence of log and status enabled

filippo_carletti · June 6, 2018, 9:31am

I have a pull request ready, but it works only for mariadb. I’ll leave it up to you.

diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.local/10MysqlAuth b/root/etc/e-smith/templates/etc/fail2ban/jail.local/10MysqlAuth
index 5df0a23..49d383c 100644
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.local/10MysqlAuth
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.local/10MysqlAuth
@@ -1,6 +1,6 @@
 {
 my $mysql = $mysqld{status} || 'disabled';
-return "\n#mysqld not used on this server" unless ($mysql eq 'enabled');
+return "\n#mysqld not used on this server" unless (($mysql eq 'enabled') && (-f '/var/log/mariadb/mariadb.log'));
 
 my $MysqldAuth_status = $fail2ban{MysqldAuth_status} || 'true';
 my $TCPPort = $mysqld{TCPPort} || '3306';

stephdl · June 6, 2018, 1:37pm

please do a PR to gitub, I reviewed a list of other services.

stephdl · June 6, 2018, 2:02pm