I have a basic issue on getting fail2ban started on one of my machines. I have a machine with Ubuntu 16.04 freshly installed today, and I am following a variety of instructions on fail2ban from source such as this, this, this, and this. (I'm following several to cross-reference each, and because the official fail2ban FAQ (which I'm also cross-referencing, just to be fair) seems to be out of date as it refers to fail2ban 0.8 (and doesn't have Ubuntu-specific instructions), whereas I have 0.9.3:
$ fail2ban-client --version
Fail2Ban v0.9.3
Copyright (c) 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors
Copyright of modifications held by their respective authors.
Licensed under the GNU General Public License v2 (GPL).
Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
I installed fail2ban via
sudo apt-get install fail2ban
and also sendmail, which presumably allows for emails to happen.
$ sudo apt-get install sendmail
Reading package lists... Done
Building dependency tree
Reading state information... Done
sendmail is already the newest version (8.15.2-3).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Following the instructions from the guides above, I copied the /etc/fail2ban/jail.conf file into /etc/fail2ban/jail.local, commented out all lines, and then only changed the following four things in /etc/fail2ban/jail.local. (In the following, I paste the line numbers as it appears in vim, which might be useful for checking if you have a similar jail file.)
(1) The max retry, I changed to be 3, so there should be 3 failed attempts before the system blocks the user from ssh-ing.
65 # # "maxretry" is the number of failures before a host get banned.
66 maxretry = 3
(2) and (3): I changed these two items, the first one with my personal email (i.e., the [mypersonalemail]) and the other one with the computer name. I just put in 'ComputerName' -- would an email be better here?
129 destemail = [mypersonalemail]
130
131 # # Sender email address used solely for some actions
132 sender = ComputerName
(4) Finally I changed the action to be the one that is more expressive, so it gives an email notification.
201 # # Choose default action. To change, just override value of 'action' with the
202 # # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
203 # # globally (section [DEFAULT]) or per specific section
204 action = %(action_mwl)s
With that, the next step appears to be to start the service somehow. I'm not interested in getting fancy regexs here or having customized jails, or fiddling with the IP tables. At this point, all I am interested in is starting the service, and testing it by having me ssh repeatedly into the machine with intentionally bad passwords.
Unfortunately, when I try to start the service, I get the error:
$ sudo service fail2ban start
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
with output (computer-name is the name of the machine):
$ systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit-hit) since Fri 2018-12-07 17:03:55 PST; 29s ago
Docs: man:fail2ban(1)
Process: 21838 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
Main PID: 6381 (code=killed, signal=TERM)
Dec 07 17:03:55 computer-name systemd[1]: Failed to start Fail2Ban Service.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Unit entered failed state.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart.
Dec 07 17:03:55 computer-name systemd[1]: Stopped Fail2Ban Service.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Start request repeated too quickly.
Dec 07 17:03:55 computer-name systemd[1]: Failed to start Fail2Ban Service.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Unit entered failed state.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Failed with result 'start-limit-hit'.
and
$ journalctl -xe
Dec 07 17:03:55 computer-name systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fail2ban.service has failed.
--
-- The result is failed.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Unit entered failed state.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart.
Dec 07 17:03:55 computer-name systemd[1]: Stopped Fail2Ban Service.
-- Subject: Unit fail2ban.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fail2ban.service has finished shutting down.
Dec 07 17:03:55 computer-name systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fail2ban.service has begun starting up.
Dec 07 17:03:55 computer-name fail2ban-client[21838]: ERROR Failed during configuration: File contains no section headers.
Dec 07 17:03:55 computer-name fail2ban-client[21838]: file: '/etc/fail2ban/jail.local', line: 66
Dec 07 17:03:55 computer-name fail2ban-client[21838]: 'maxretry = 3\n'
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Control process exited, code=exited status=255
Dec 07 17:03:55 computer-name systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fail2ban.service has failed.
--
-- The result is failed.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Unit entered failed state.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart.
Dec 07 17:03:55 computer-name systemd[1]: Stopped Fail2Ban Service.
-- Subject: Unit fail2ban.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fail2ban.service has finished shutting down.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Start request repeated too quickly.
Dec 07 17:03:55 computer-name systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fail2ban.service has failed.
--
-- The result is failed.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Unit entered failed state.
Dec 07 17:03:55 computer-name systemd[1]: fail2ban.service: Failed with result 'start-limit-hit'.
Dec 07 17:04:32 computer-name org.gtk.vfs.Daemon[1529]: ** (process:3758): WARNING **: Couldn't create directory monitor on smb://x-gnome-
Does anyone have some advice? Thanks.
PS: there are some similar questions:
[sshd]uncommented above themaxretry = 3line? The error is saying that it is missing the section header which would be[sshd]or whatever section you are trying to have the maxretry for. – Terrance Dec 08 '18 at 02:18[DEFAULT]section header? – steeldriver Dec 08 '18 at 03:00[DEFAULT],bantime = 3600,[ssh], andenabled = true, and now thesudo service fail2ban startcommand works! – ComputerScientist Dec 08 '18 at 21:09