Fail2Ban Includes Error


#1

Ok, I am not sure what is happening here. New VPS with a firm I have two others with. Same distro, and cookbook used on all three VPS servers yet this server fail2ban refuses to start. I am getting this error:

* Restarting authentication failure monitor fail2ban WARNING 'logpath' not defined in 'INCLUDES'. Using default one: '/var/log/messages' ERROR Failed during configuration: Bad value substitution: section: [sshd] option : logpath key : sshd_log rawval : any ideas on what can be causing this? it is an Ubuntu 14.04_4 64bit VPS

The cookbook receipe I use is this: `---- Fail 2 Ban ---- Guide: https://easyengine.io/tutorials/nginx/fail2ban/

  1. copy fail2ban wp settings to server: git clone git://github.com/gagomap/fail2ban_settings.git
  2. overwrite base fail2ban with new rules: cp -rf fail2ban /etc/
  3. Edit the jail.local changing emails to myadmin@emailaddress.com…`

#2

Hi

From the error shown in the log I could see that in one of the section defining ssh service is not having “logpath” defined. Check the following configuration files for any typo error or missing entry for logpath.

/etc/fail2ban/jail.confee /etc/fail2ban/jail.conf

if not provided, please input “/etc/fail2ban/jail.confee” towards “logpath”.


#3

I would agree but in my jail.local file I have path calls in all the jails. Even odder is that if I remove the jails from the jail.local it is giving me the same error. I even reformatted the server to base ubuntu 14.04 64bit minimal (my normal flavor) and same issue. Spun up a new server did the exact same setup and it is working. Really odd.

Here is the jail.local for sshd which it is erroring out on. `[sshd]

enabled = true port = 22 filter = sshd logpath = /var/log/auth.log maxretry = 3 bantime = 3600

[sshd-ddos]

enabled = true port = 22 filter = sshd-ddos logpath = /var/log/auth.log maxretry = 6 bantime = 3600 `

Here is my fail2ban.conf and you can see there is a log target (sorry about the # side causing bold in markdown) # Option: logtarget # Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT. # Only one log target can be specified. # If you change logtarget from the default value and you are # using logrotate – also adjust or disable rotation in the # corresponding configuration file # (e.g. /etc/logrotate.d/fail2ban on Debian systems) # Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR # logtarget = /var/log/fail2ban.log

finally I have line by line compared a working server to this and they are identical… really odd… might try 16.04 of ubuntu or debian core but just really perplexed by this one.


#4