Fail2ban fails to start after update?

server configuration services fail2ban

11,070

Solution 1

I noticed that after the upgrade to 15.04 when I check the webmin for a server that I have with the same issue, what I saw what that I had a new jail called "sshd" that had nothing defined as a filter. I deleted this jail and it now works again. To be clear, the ssh jail is still there,just the empty jail called sshd is gone. Outside of webmin I'm not sure where to find that jail. You pastebin looks clear of any invalid entries.

Solution 2

On Ubuntu 16.04 had the same issue out of a sudden:

dec 17 08:58:41 xxx fail2ban-client[1342]: ERROR Failed during configuration: Bad value substitution: option 'action' in section 'sshd' contains an interpolation key 'port' which is not a valid option name. Raw value: '%(action_)s'

it turns out that on Ubuntu inside jail.d/defaults-debian.conf there is a jail confing that contained nothing but:

[sshd]

enabled = true

Commenting this lines out fixed the issue above.

Solution 3

I had the same issue. Fix was: Port in jail.conf was missing.

11,070

Asifa.K

Hello! I am a computer science PhD student researcher investigating flooding with AI. I currently know C♯, HTML, CSS, Javascript, PHP, some Python (ewww), C++ (mainly Arduino), and Prolog, SQL, and Rust (mind-bending). I also do Linux sysadmin in my spare time. I enjoy learning new things. If I find or something interesting, I will post about it on my blog - I try to post at least once a week. I have a website, which you should check out if you are interested. I also have a twitter account, but I don't check it all that often - the tweets there are largely automated by IFTTT. If you prefer, I've also created a subreddit that's also automated by IFTTT, though I do check it slightly more often than twitter. I can't think of anything else to put here at the moment, but if there is anything you think I should add / change please contact me somehow and I will consider it (commenting on my blog is a good way to get hold of me).

Updated on September 18, 2022

Comments

Asifa.K over 1 year
I have been using fail2ban for a while on my Ubuntu server. Recently (after upgrading to ubuntu 15.04 I assume) fail2ban has been failing to start.

Initially, this was because the port option had been specified twice somewhere - I fixed that.

Now I am getting the following error:
```
WARNING 'filter' not defined in 'sshd'. Using default one: ''
ERROR  Failed during configuration: Bad value substitution:
        section: [sshd]
        option : action
        key    : port
        rawval : ", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]
```
Here is a link to a pastebin of my jail.local configuration file: http://pastebin.com/KksbwT1r

I have removed the email addresses for privacy reasons.
Asifa.K about 9 years

Thanks for the comment. I found my fail2ban configs at /etc/fail2ban/jail.conf and /etc/fail2ban/jail.local (jail.local is the file that you should edit and jail.conf is the default settings one I think). Would it be possible for you to post your fail2ban config? I would find it helpful to compare your working one against my failing one :)
mirkobrankovic about 8 years

I found sshd jail in jail.d/defaults-debian.conf wwith only 2 lines, so no filter no action
Sathiya Narayanan about 5 years

Thanks for the hint. I modified defaults-debian.conf in the following way and fail2ban service started again. [sshd] enabled = true port = ssh filter = sshd maxretry = 6
franc over 4 years

Thanks, I had also a sshd jail only visible in Webmin. Deleted it and it works again :)