Page 1 of 2
Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 11:30
by Fezzi
Ich bin sicher, dass die Ursache des Problems bei KeyHelp liegt
(z.B. Ja / Nein (Probleme ohne KeyHelp-Bezug gehören ins Offtopic-Forum))
Bin mir nicht Sicher
Server-Betriebssystem + Version
(z.B. Ubuntu 24.04)
Ubuntu 24.04 (64-bit)
Eingesetzte Server-Virtualisierung-Technologie
(z.B. keine, OpenVZ, KVM, XEN, etc.)
KVM
KeyHelp-Version + Build-Nummer
(z.B. 26.0 - Build 3582)
26.0 (Build 3624)
Problembeschreibung / Fehlermeldungen
Fail2Ban laeuft nicht mehr, laesst sich nicht mehr starten.
Am System wurde nichts veraendert.
Code: Select all
x fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Mon 2026-04-20 11:25:05 CEST; 21s ago
Duration: 21.645s
Docs: man:fail2ban(1)
Process: 734911 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=0/SUCCESS)
Process: 735259 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=255/EXCEPTION)
Main PID: 734911 (code=exited, status=0/SUCCESS)
CPU: 24.612s
Apr 20 11:24:44 server.phuket-hosting.com systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 20 11:24:44 server.phuket-hosting.com fail2ban-server[734911]: 2026-04-20 11:24:44,287 fail2ban.configreader [734911]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Apr 20 11:24:45 server.phuket-hosting.com fail2ban-server[734911]: Server ready
Apr 20 11:25:05 server.phuket-hosting.com fail2ban-client[735259]: 2026-04-20 11:25:05,952 fail2ban [735259]: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
Apr 20 11:25:05 server.phuket-hosting.com systemd[1]: fail2ban.service: Control process exited, code=exited, status=255/EXCEPTION
Apr 20 11:25:05 server.phuket-hosting.com systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Apr 20 11:25:05 server.phuket-hosting.com systemd[1]: fail2ban.service: Consumed 24.612s CPU time, 39.6M memory peak, 0B memory swap peak.
Fail2Ban startet und laeuft wie gewohnt
Tatsächliches Ergebnis
Fail2Ban laeuft nicht mehr, laesst sich nicht mehr starten.
Schritte zur Reproduktion
Keine
Zusätzliche Informationen
(z.B. kürzlich durchgeführte Änderungen am Server, Auszüge aus Protokolldateien (/var/log/*, /var/log/keyhelp/php-error.log, etc.))
Es wurde nichts am System geaendert
.
Hat irgendwer eine Idee das wieder gerade zu biegen?
Danke schon mal in Voraus
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 11:36
by Fezzi
Hmmm.. sehr seltsam... nach einem Server Neustart laeuft wieder alles.
Ich hatte etwas aehnliches Gestern, da wurden keine Mails mehr ausgeliefert, auch nach Neustart der entsprechenden Dienste.
Dann mal den Server durchgestartet und alles lief wieder...
Sehr seltsam alles...
Irgendwer eine Idee? Ich habe die Kiste vor einer Woche, problemlos, von Ubuntu 22 auf 24 upgegraded ... das war alles..
Nachtrag... nicht so ganz...
Der Systemdienst laeuft zwar, aber in der KeyHelp GUI wird nichts angezeigt
- Screenshot from 2026-04-20 16-36-52.png (19.14 KiB) Viewed 135 times
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 11:39
by Jolinar
Er findet den Socket offenbar nicht:
Code: Select all
Failed to access socket path: /var/run/fail2ban/fail2ban.sock
Was sagen die Befehle:
Code: Select all
journalctl -u fail2ban -xe
ls -al /var/run/fail2ban/
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 11:44
by Fezzi
Jetzt bin ich verwirrt... alarmiert...
Code: Select all
root@server:~# journalctl -u fail2ban -xe
Apr 20 11:32:08 server.phuket-hosting.com fail2ban-server[784]: 2026-04-20 11:3>
Apr 20 11:32:11 server.phuket-hosting.com fail2ban-server[784]: Server ready
Apr 20 11:36:35 server.phuket-hosting.com fail2ban-client[4081]: 2026-04-20 11:>
Apr 20 11:36:35 server.phuket-hosting.com systemd[1]: fail2ban.service: Control>
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ An ExecStop= process belonging to unit fail2ban.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 255.
Apr 20 11:36:35 server.phuket-hosting.com systemd[1]: fail2ban.service: Failed >
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit fail2ban.service has entered the 'failed' state with result 'exit-c>
Apr 20 11:36:35 server.phuket-hosting.com systemd[1]: fail2ban.service: Consume>
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit fail2ban.service completed and consumed the indicated resources.
lines 9-31/31 (END)
Code: Select all
root@server:~# ls -al /var/run/fail2ban/
ls: cannot access '/var/run/fail2ban/': No such file or directory
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 11:50
by Jolinar
Prüfen, ob
/run/fail2ban existiert (oft ist
/var/run nur ein Link zu
/run):
Falls es auch dort fehlt, Verzeichnis anlegen:
Code: Select all
mkdir -p /run/fail2ban
chown root:fail2ban /run/fail2ban
chmod 755 /run/fail2ban
Den Dienst neu starten:
Code: Select all
systemctl stop fail2ban
systemctl start fail2ban
systemctl status fail2ban
Prüfen, ob der Socket jetzt existiert:
Code: Select all
ls -la /run/fail2ban/fail2ban.sock
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 11:57
by Fezzi
Alles nach Anleitung gemacht... es ging kurzzeitig alles und jetzt wieder das selbe...
WTF is going on here... ich raffs nicht
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 12:02
by Fezzi
Das System laeuft sonst rund... ich kann nicht erkennen dass evtl. ein Hack stattgefunden haette, aber das Fail2Ban nicht laueft beunruhingt mich ein wenig...
Ich bin offen fuer Ideen und Loesungsansaetze...
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 12:09
by Tobi
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 12:12
by Fezzi
Das ist ja der Bloedsinn...
Stelle ich alles wieder her wie von Jolinar beschrieben, dann laeuft alles fuer eine Minute oder so und schwups... alles wieder beim alten
Code: Select all
root@server:~# fail2ban-client status
2026-04-20 12:11:19,075 fail2ban [2686]: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 12:13
by Jolinar
Wie sieht denn deine
fail2ban.service aus:
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 12:14
by Fezzi
So schauts aus:
Code: Select all
root@server:~# systemctl cat fail2ban.service
# /usr/lib/systemd/system/fail2ban.service
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
PartOf=firewalld.service
[Service]
Type=simple
Environment="PYTHONNOUSERSITE=1"
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
RuntimeDirectory=fail2ban
PIDFile=/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255
Environment="PYTHONNOUSERSITE=yes"
[Install]
WantedBy=multi-user.target
lines 1-23
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 12:18
by Jolinar
Hmm...
Arbeite mal folgende Befehle ohne Verzögerung ab und gib uns die Ausgabe:
Code: Select all
systemctl stop fail2ban
systemctl start fail2ban
systemctl status fail2ban
journalctl -u fail2ban -n 30
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 12:20
by Jolinar
Und bitte noch die Ausgabe von:
Code: Select all
cat /etc/fail2ban/jail.conf | grep -E "(backend|logpath|enabled)"
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 12:21
by Fezzi
Bitteschoen... und Danke schon mal fuers helfen
Code: Select all
root@server:~# systemctl stop fail2ban
root@server:~# systemctl start fail2ban
root@server:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: active (running) since Mon 2026-04-20 12:19:49 CEST; 13s ago
Docs: man:fail2ban(1)
Main PID: 5623 (fail2ban-server)
Tasks: 37 (limit: 38416)
Memory: 43.1M (peak: 44.5M)
CPU: 3.159s
CGroup: /system.slice/fail2ban.service
└─5623 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Apr 20 12:19:49 server.phuket-hosting.com systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 20 12:19:49 server.phuket-hosting.com fail2ban-server[5623]: 2026-04-20 12:19:49,887 fail2ban.configreader [5623]: WARNING 'allowipv6' not defined in 'Defini>
Apr 20 12:19:51 server.phuket-hosting.com fail2ban-server[5623]: Server ready
root@server:~# journalctl -u fail2ban -n 30
Apr 20 11:32:08 server.phuket-hosting.com fail2ban-server[784]: 2026-04-20 11:32:08,126 fail2ban.configreader [784]: WARNING 'allowipv6' not defined in 'Definiti>
Apr 20 11:32:11 server.phuket-hosting.com fail2ban-server[784]: Server ready
Apr 20 11:36:35 server.phuket-hosting.com fail2ban-client[4081]: 2026-04-20 11:36:35,716 fail2ban [4081]: ERROR Failed to access socket path: /var>
Apr 20 11:36:35 server.phuket-hosting.com systemd[1]: fail2ban.service: Control process exited, code=exited, status=255/EXCEPTION
Apr 20 11:36:35 server.phuket-hosting.com systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Apr 20 11:36:35 server.phuket-hosting.com systemd[1]: fail2ban.service: Consumed 47.892s CPU time, 441.4M memory peak, 0B memory swap peak.
Apr 20 11:52:39 server.phuket-hosting.com systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 20 11:52:39 server.phuket-hosting.com fail2ban-server[15292]: 2026-04-20 11:52:39,630 fail2ban.configreader [15292]: WARNING 'allowipv6' not defined in 'Defi>
Apr 20 11:52:41 server.phuket-hosting.com fail2ban-server[15292]: Server ready
Apr 20 11:54:29 server.phuket-hosting.com fail2ban-client[16772]: 2026-04-20 11:54:29,691 fail2ban [16772]: ERROR Failed to access socket path: /v>
Apr 20 11:54:29 server.phuket-hosting.com systemd[1]: fail2ban.service: Control process exited, code=exited, status=255/EXCEPTION
Apr 20 11:54:29 server.phuket-hosting.com systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Apr 20 11:54:29 server.phuket-hosting.com systemd[1]: fail2ban.service: Consumed 4.962s CPU time, 45.1M memory peak, 0B memory swap peak.
Apr 20 12:07:37 server.phuket-hosting.com systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 20 12:07:37 server.phuket-hosting.com fail2ban-server[22269]: 2026-04-20 12:07:37,588 fail2ban.configreader [22269]: WARNING 'allowipv6' not defined in 'Defi>
Apr 20 12:07:39 server.phuket-hosting.com fail2ban-server[22269]: Server ready
Apr 20 12:09:56 server.phuket-hosting.com fail2ban-client[23024]: 2026-04-20 12:09:56,867 fail2ban [23024]: ERROR Failed to access socket path: /v>
Apr 20 12:09:56 server.phuket-hosting.com systemd[1]: fail2ban.service: Control process exited, code=exited, status=255/EXCEPTION
Apr 20 12:09:56 server.phuket-hosting.com systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Apr 20 12:09:56 server.phuket-hosting.com systemd[1]: fail2ban.service: Consumed 4.869s CPU time, 44.4M memory peak, 0B memory swap peak.
-- Boot 6eaca1f76a3941ee9598f59f59aac193 --
Apr 20 12:10:37 server.phuket-hosting.com systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 20 12:10:38 server.phuket-hosting.com fail2ban-server[775]: 2026-04-20 12:10:38,243 fail2ban.configreader [775]: WARNING 'allowipv6' not defined in 'Definiti>
lines 1-23
Re: Ploetzlicher Ausfall von Fail2Ban
Posted: Mon 20. Apr 2026, 12:23
by Fezzi
Ups... zweiteres erst jetzt gesehen:
Code: Select all
root@server:~# cat /etc/fail2ban/jail.conf | grep -E "(backend|logpath|enabled)"
# enabled = true
# "backend" specifies the backend used to get files modification.
# Specifying "logpath" is not valid for this backend.
# auto: will try to use the following backends, in order:
# Note: if systemd backend is chosen as the default but you enable a jail
# backend for that jail (e.g. polling) and provide empty value for
backend = auto
# "enabled" enables the jails.
# true: jail will be enabled and log files will get monitored for changes
# false: jail is not enabled
enabled = false
%(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]
%(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
logpath = %(sshd_log)s
backend = %(sshd_backend)s
logpath = %(dropbear_log)s
backend = %(dropbear_backend)s
logpath = %(auditd_log)s
logpath = %(apache_error_log)s
logpath = %(apache_access_log)s
logpath = %(apache_error_log)s
logpath = %(apache_error_log)s
logpath = %(apache_error_log)s
logpath = %(apache_error_log)s
logpath = %(apache_access_log)s
logpath = %(apache_error_log)s
logpath = %(apache_error_log)s
logpath = /opt/openhab/logs/request.log
logpath = %(nginx_error_log)s
logpath = %(nginx_error_log)s
logpath = %(nginx_error_log)s
logpath = %(nginx_access_log)s
logpath = %(nginx_access_log)s
logpath = %(suhosin_log)s
logpath = %(lighttpd_error_log)s
logpath = %(roundcube_errors_log)s
#backend = %(syslog_backend)s
logpath = /var/log/openwebmail.log
logpath = /var/log/horde/horde.log
logpath = /home/groupoffice/log/info.log
logpath = /var/log/sogo/sogo.log
logpath = /var/log/tine20/tine20.log
logpath = %(syslog_daemon)s
backend = %(syslog_backend)s
logpath = /var/log/tomcat*/catalina.out
#logpath = /var/log/guacamole.log
logpath = /var/log/monit
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
logpath = /var/log/squid/access.log
logpath = /var/log/3proxy.log
logpath = %(proftpd_log)s
backend = %(proftpd_backend)s
logpath = %(pureftpd_log)s
backend = %(pureftpd_backend)s
logpath = %(syslog_daemon)s
backend = %(syslog_backend)s
logpath = %(wuftpd_log)s
backend = %(wuftpd_backend)s
# logpath = %(syslog_authpriv)s
logpath = %(vsftpd_log)s
logpath = /root/path/to/assp/logs/maillog.txt
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
logpath = %(postfix_log)s
backend = %(postfix_backend)s
logpath = %(postfix_log)s
backend = %(postfix_backend)s
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
logpath = /service/qmail/log/main/current
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s
logpath = %(solidpop3d_log)s
logpath = %(exim_main_log)s
logpath = %(exim_main_log)s
logpath = /opt/kerio/mailserver/store/logs/security.log
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
logpath = %(postfix_log)s
backend = %(postfix_backend)s
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
# logpath = /var/log/named/security.log
logpath = /var/log/named/security.log
logpath = /var/log/nsd.log
logpath = /var/log/asterisk/messages
logpath = /var/log/freeswitch.log
logpath = /var/lib/znc/moddata/adminlog/znc.log
logpath = %(mysql_log)s
backend = %(mysql_backend)s
# See the 'mssql-conf' manpage how to change logpath or port
logpath = /var/opt/mssql/log/errorlog
logpath = /var/log/mongodb/mongodb.log
logpath = /var/log/fail2ban.log
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
logpath = %(syslog_daemon)s
backend = %(syslog_backend)s
logpath = /var/log/stunnel4/stunnel.log
logpath = /var/log/ejabberd/ejabberd.log
logpath = /opt/cstrike/logs/L[0-9]*.log
logpath = /usr/local/vpnserver/security_log/*/sec.log
logpath = /var/log/gitlab/gitlab-rails/application.log
logpath = /var/log/grafana/grafana.log
logpath = /home/*/bwdata/logs/identity/Identity/log.txt
logpath = /var/log/centreon/login.log
logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility
backend = %(syslog_backend)s
logpath = /opt/sun/comms/messaging64/log/mail.log_current
logpath = /var/log/directadmin/login.log
logpath = /var/lib/portsentry/portsentry.history
logpath = %(apache_access_log)s
logpath = /var/log/mumble-server/mumble-server.log
logpath = /var/log/system.log
logpath = /var/log/haproxy.log
logpath = /var/log/slapd.log
logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.log
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
logpath = %(apache_error_log)s
logpath = /var/log/traefik/access.log
logpath = %(syslog_local0)s
logpath = /var/log/monitorix-httpd