I checked fail2ban.log on my server this morning and found it hadn’t been running for about 2 weeks! :shame: I tried to start it manually
/etc/init.d/fail2ban start
but noticed when doing a ps that fail2ban server had next to it. Shortly thereafter, ps aux | grep fail2ban showed nothing running. I noticed from /var/log/messages that there are entries relating to fail2ban exiting with 255. I tried
zypper in -f fail2ban
but get the same results. Any thoughts?
Try this :
Stop fail2ban with
rcfail2ban stop
Erase the content of /var/run/fail2ban
And try to restart with
rcfail2ban start
That did the trick! I’m guessing it was some random lock file problem caused by a crash at some point?
Yes, you got it right there is a lock in this directory that is not erased in some cases, like the brutal shutdown of the system.
Glad to have helped you.
You won’t have this problem if you start fail2ban with the “-x” option.
fail2ban-server --help
Usage: /usr/bin/fail2ban-server [OPTIONS]
Fail2Ban v0.8.4 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.
Only use this command for debugging purpose. Start the server with
fail2ban-client instead. The default behaviour is to start the server
in background.
Options:
-b start in background
-f start in foreground
-s <FILE> socket path
-x force execution of the server (remove socket file)
-h, --help display this help message
-V, --version print the version
Yast > sysconfig > search fail2ban