I installed fail2ban on rocky linux 9 and from systemctl status fail2ban I get this error message:
× fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Thu 2024-05-16 14:03:51 CEST; 8s ago
Duration: 119ms
Docs: man:fail2ban(1)
Process: 2137 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Process: 2138 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
Main PID: 2138 (code=exited, status=255/EXCEPTION)
CPU: 111ms
May 16 14:03:51 mike systemd[1]: Starting Fail2Ban Service...
May 16 14:03:51 mike systemd[1]: Started Fail2Ban Service.
May 16 14:03:51 mike fail2ban-server[2138]: 2024-05-16 14:03:51,442 fail2ban.configreader [2138]: ERROR Found no accessible config files for 'action.d/mail-whois-lines' under /etc/fail2ban
May 16 14:03:51 mike fail2ban-server[2138]: 2024-05-16 14:03:51,443 fail2ban.jailreader [2138]: ERROR Unable to read action 'mail-whois-lines'
May 16 14:03:51 mike fail2ban-server[2138]: 2024-05-16 14:03:51,443 fail2ban.jailsreader [2138]: ERROR Errors in jail 'sshd'. Skipping...
May 16 14:03:51 mike fail2ban-server[2138]: 2024-05-16 14:03:51,447 fail2ban [2138]: ERROR Async configuration of server failed
May 16 14:03:51 mike systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
May 16 14:03:51 mike systemd[1]: fail2ban.service: Failed with result 'exit-code'.
I checked /etc/fail2ban/action.d/ and there are several config files missing, one of them is mail-whois-lines.conf. Does anyone have an idea what to do? Thanks.
If you don’t have a filter that the package provides, you will need to find and download it from the internet. It seems you have enabled configuration for something that you don’t have locally.
So either disable the configuration that you enabled for the filters that you do not have, or search for and download the missing ones. Fail2ban only comes with a default set of filters, anything else on top of that you need to grab elsewhere.
But my guess is you enabled too much stuff in your config without realising if you need it or not. You only need to enable filters for services you wish to protect. Or perhaps you meant to use sendmail-whois-lines which is provided by fail2ban-sendmail package. That should be installed though if you installed the virtual fail2ban package which pulls in everything else.
And if you copied/pasted some config file from the internet, then that is the wrong way of configuring something. You should read and learn the product rather than just copy/paste what someone else used since some config files are specific to different Linux distributions. In fact mail-whois-lines is something you usually find on Debian/Ubuntu, which confirms what I have been thinking, that you followed some howto, and copied/pasted verbatim when that is not the way to do it.
But only you will know what you have done, so you may need to provide more information on what you installed and how you tried to configure it.
dnf repoquery -l fail2ban-mail
Last metadata expiration check: 1:11:05 ago on Thu 16 May 2024 07:37:23 AM MDT.
/etc/fail2ban/action.d/complain.conf
/etc/fail2ban/action.d/mail-buffered.conf
/etc/fail2ban/action.d/mail-whois-lines.conf
/etc/fail2ban/action.d/mail-whois.conf
/etc/fail2ban/action.d/mail.conf
Thank you for your answer. I indeed copied my own config which I used for an ubuntu server. My only active filter is sshd, my banaction is route and my mta is postfix, not sendmail. I thougt that should work for rocky linux also, or am I wrong?
LOL, when checking during my reply didn’t notice thefail2ban-mail package.
That aside, Ubuntu is not Rocky and Rocky is not Ubuntu, and so some things can vary in config files, so it’s not recommended to copy them verbose from one to the other. Sure, you can copy it, but you will need to verify the content, and also check any paths mentioned in a config file do actually match what is on the system that it is being copied to. Usually it would be better to reference the config file from the original system, and then manually edit the one on the new system to enable/disable whatever you need to use in it. Of course, if the system is the same, like copying from one Rocky 9 to another Rocky 9, then that would be OK.