You are not logged in.
Pages: 1
Topic closed
Hi All,
I used to use fail2ban service to avoid SSH DDos hack in my Arch system.
However, I found faiil2ban service failed to be started recently after I perform a system upgrade (pacman -Syu).
I keep getting failure when try to start fail2ban service by "systemctl start fail2ban.service".
Checked the status, I got below informatoin:
[root@archx system]# systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled)
Active: failed (Result: start-limit) since Fri 2014-11-28 09:40:14 CST; 20min ago
Docs: man:fail2ban(1)
Process: 493 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=1/FAILURE)Nov 28 09:40:14 archx systemd[1]: Failed to start Fail2Ban Service.
Nov 28 09:40:14 archx systemd[1]: Unit fail2ban.service entered failed state.
Nov 28 09:40:14 archx systemd[1]: fail2ban.service failed.
Nov 28 09:40:14 archx systemd[1]: start request repeated too quickly for fail2ban.service
Nov 28 09:40:14 archx systemd[1]: Failed to start Fail2Ban Service.
Nov 28 09:40:14 archx systemd[1]: Unit fail2ban.service entered failed state.
Nov 28 09:40:14 archx systemd[1]: fail2ban.service failed.
From the latest /var/log/error.log.1 I see below information:
[root@archx log]# tail errors.log.1
Nov 21 08:14:56 archx sshd[2646]: pam_tally(sshd:auth): pam_get_uid; no such user
Nov 21 08:14:58 archx sshd[2646]: pam_tally(sshd:auth): pam_get_uid; no such user
Nov 21 08:15:00 archx sshd[2646]: pam_tally(sshd:auth): pam_get_uid; no such user
Nov 21 08:15:02 archx sshd[2646]: pam_tally(sshd:auth): pam_get_uid; no such user
Nov 21 08:15:06 archx sshd[2657]: pam_tally(sshd:auth): pam_get_uid; no such user
Nov 21 08:15:08 archx sshd[2657]: pam_tally(sshd:auth): pam_get_uid; no such user
Nov 21 08:15:10 archx sshd[2657]: pam_tally(sshd:auth): pam_get_uid; no such user
Nov 21 08:15:12 archx sshd[2657]: pam_tally(sshd:auth): pam_get_uid; no such user
Nov 21 08:15:15 archx sshd[2657]: pam_tally(sshd:auth): pam_get_uid; no such user
Nov 21 08:30:07 archx systemd-udevd[135]: [/usr/lib/systemd/network/99-default.link:2] Failed to parse interface name policy, ignoring: kernel
I have no idea about systemd-udevd so I googled about it and found "Predictable Network Interface Names".
http://www.freedesktop.org/wiki/Softwar … faceNames/
Is the failure related to it or it's totally different?
And any idea or guideline that could help me troubleshoot and resolve it?
Your help is appreciated! Thanks!
Offline
Not the question you asked and partially related to your problem: use sshguard instead.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
try to set 'backend = systemd' in the /etc/fail2ban/jail.conf file if 'sudo journalctl -xe' say some like
-- Unit fail2ban.service has begun starting up.
nov 27 21:39:38 sL1pKn07 fail2ban-client[1813]: ERROR No file(s) found for glob /var/log/auth.log
nov 27 21:39:38 sL1pKn07 fail2ban-client[1813]: ERROR Failed during configuration: Have not found any log file for sshd jail
nov 27 21:39:38 sL1pKn07 systemd[1]: fail2ban.service: control process exited, code=exited status=255
nov 27 21:39:38 sL1pKn07 systemd[1]: Failed to start Fail2Ban Service.
-- Subject: Unit fail2ban.service has failed
Last edited by sl1pkn07 (2014-11-27 20:49:03)
Offline
fix my problem thanks you sl1pkn07 just replace backend = auto by backend = systemd in the jail.local or .conf
Offline
Thank you for confirming that works, nXXo. Please refrain from bumping old topics though.
https://wiki.archlinux.org/index.php/Fo … bumping.22
Closing.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline
Pages: 1
Topic closed