Fail2ban Succeeds in Failing to Load

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
1

I have recently had increasing problems and finally a dead nextcloudpi box. After analyzing sudo systemctl status it showed me that fail2ban was failing.

I ‘think’ the issue is that there is a permission problem on the log files (somewhere) as the following is showing that there is no nextcloud.log file which is 100% not true. I checked many times and it is there and contains log data after i did a cat on the file.

Here is the output of sudo systemctl status fail2ban.service

Thanks for any / all advice on this.

Warning: The unit file, source configuration file or drop-ins of fail2ban.service changed on disk. Run 'systemctl daemon-reload' to reload units.
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/fail2ban.service.d
           └─ncp-delay-automount.conf, touch-ufw-log.conf
   Active: failed (Result: exit-code) since Tue 2020-10-27 13:08:31 GMT; 10min ago
     Docs: man:fail2ban(1)
  Process: 503 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
  Process: 504 ExecStartPre=/bin/sleep 10 (code=exited, status=0/SUCCESS)
  Process: 831 ExecStartPre=/bin/touch /var/log/ufw.log (code=exited, status=0/SUCCESS)
  Process: 834 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
 Main PID: 834 (code=exited, status=255/EXCEPTION)

Oct 27 13:08:19 nextcloudpi systemd[1]: Starting Fail2Ban Service...
Oct 27 13:08:30 nextcloudpi systemd[1]: Started Fail2Ban Service.
Oct 27 13:08:31 nextcloudpi fail2ban-server[834]:  'backend' not defined in 'ssh'. Using default one: 'auto'
Oct 27 13:08:31 nextcloudpi fail2ban-server[834]:  'backend' not defined in 'nextcloud'. Using default one: 'auto'
Oct 27 13:08:31 nextcloudpi fail2ban-server[834]:  No file(s) found for glob /media/USBdrive/ncdata/nextcloud.log
Oct 27 13:08:31 nextcloudpi fail2ban-server[834]:  Failed during configuration: Have not found any log file for nextcloud jail
Oct 27 13:08:31 nextcloudpi fail2ban-server[834]:  Async configuration of server failed
Oct 27 13:08:31 nextcloudpi systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Oct 27 13:08:31 nextcloudpi systemd[1]: fail2ban.service: Failed with result 'exit-code'.

Things I have tried already, without success are:

  1. re-create /ncdata/nextcloud.log file

  2. try 750 permissions on nextcloud.log file

  3. try 755 permissions on it

  4. re-create log file

  5. sudo apt update and sudo apt upgrade

  6. sudo ncp-update

At this point it’s above my skill level so I think I will try to do a fresh re-install of entire NCP but I think this thread could be of some use to someone else so I thought it is good for the records since it’s real.

2

This information was provided to me by @JukkaT on Telegram and I wanted to post it in reply to my own post since it looks like it might have some solid answers:

I propose some extra information to the documentation on the article:

There could be specially mentioned that:

ncp-config should always be run by sudo ncp-config, but not as a root without sudo. That’s because some functions like for example fail2ban script fail2ban.sh (developed by nachoparker) does not work without sudo on default freshly installed Debian 10 (Buster) operating system. Using administrative privileges without sudo when running ncp-config can even compromise your security setup.

The reason for this is is Linux there is an environment variable called $PATH that tells command line where to search for binaries. By default root has /bin, /sbin, /usr/sbin and /usr/bin in the PATH while regular users don’t have /sbin nor /usr/sbin. For the reason that root user don’t have /usr/local/bin in the PATH you can’t run all the same binaries as you can with sudo. But as root user you are able to run sudo too enabling to run all those same binaries.

For example running fail2ban install script on NCP TUI after running ncp-config as root without sudo does not work right leaving your fail2ban service down even though NCP reports that fail2ban is enabled. That is because following commands in the fail2ban.sh -script are not able to run without sudo:

update-rc.d fail2ban defaults
update-rc.d fail2ban enable
service fail2ban restart

Giving you this error:

Running fail2ban
System config value loglevel set to string 2
System config value log_type set to string file
/usr/local/bin/ncp/SECURITY/fail2ban.sh: line 170: update-rc.d: command not found
/usr/local/bin/ncp/SECURITY/fail2ban.sh: line 171: update-rc.d: command not found
/usr/local/bin/ncp/SECURITY/fail2ban.sh: line 172: service: command not found
fail2ban enabled
Done. Press any key…

But with sudo fail to ban runs as it should
giving you this outcome:

Running fail2ban
System config value loglevel set to string 2
System config value log_type set to string file
fail2ban enabled
Done. Press any key…

1 Like