fail2ban log file contains ERROR test -e /proc/net/xt_recent/fail2ban-ssh

[jlerbsc]

What's the meaning of this errors in fail2ban log?
and why /proc/net/xt_recent is not created with debops fail2ban installation?

ERROR test -e /proc/net/xt_recent/fail2ban-ssh returned 100
ERROR Invariant check failed. Trying to restore a sane environment
ERROR echo / > /proc/net/xt_recent/fail2ban-ssh
iptables -D INPUT -m recent --update --seconds 604800 --name fail2ban-ssh --jump REJECT --reject-with icmp-admin-prohibited returned 100

[drybjed]

Not sure... Do you run the debops.fail2ban role with DebOps playbooks or as standalone? If you use a custom playbook, did you enable the become: True option on the playbook level so that the role will be run with root privileges?

[jlerbsc]

It's a custom playbook, I'm going to try become: True. Thanks

[jhilden]

@jlerbsc did you find a solution for this error? We are seeing the same thing. /proc/net/xt_recent/ is just empty on the servers.

@drybjed I'm not sure how to add become: true "on the playbook level", since we have the role directly in our site.yml like this:

--
- hosts: all
  remote_user: root
  roles:
    - debops.fail2ban

Adding become: true here did not help.

Any help would be appreciated.

[drybjed]

@jhilden What happens when you install fail2ban package by hand on that host, does it work correctly?

[jhilden]

@drybjed yes, wehen I install it manually on that host (sudo apt-get install fail2ban) it works just fine.

[drybjed]

@jhilden In that case I suppose it might be some configuration applied by the role. You could try commenting out the sections that the role adds and see if you find out which one is the culprit.

[jlerbsc]

@hi drybjec, I always have this log when using debops.fail2ban role with a custom playbooks and become: yes option on the playbook level like this. Do you have an idea?

• hosts : tag_managed_ansible:&tag_role_nginx_front:&tag_target_{{target}}
  become : yes
  user: xxx
  tags:

  • nginx_front
  • fail2ban
    vars_files:
  • "{{inventory_dir}}/vars/fail2ban-nginx.yml"
  • "{{inventory_dir}}/vars/fail2ban-default.yml"

  roles:

  • { role : debops.fail2ban }

ERROR test -e /proc/net/xt_recent/fail2ban-ssh returned 100
ERROR Invariant check failed. Trying to restore a sane environment
ERROR echo / > /proc/net/xt_recent/fail2ban-ssh
iptables -D INPUT -m recent --update --seconds 604800 --name fail2ban-ssh --jump REJECT --reject-with icmp-admin-prohibited returned 100

[drybjed]

This seems to be an error from the fail2ban service itself, perhaps an issue with the configuration. What happens when you try to restart the service by hand?

[drybjed]

@jlerbsc Is that the same error that you started this issue thread with?

[jlerbsc]

Yes it's the same error. I think the origi of the error is related to the fact that the file fail2ban-ssh in /proc/net/xt_recent directory is not found and the command sudo echo / > /proc/net/xt_recent/fail2ban-ssh throws /proc/net/xt_recent/fail2ban-ssh: No such file or directory

[drybjed]

Do you have the xt_recent module loaded in the kernel? Check with:

lsmod | grep recent

What kind of host is this, is is a container, a VM?

[jlerbsc]

When i restart fail2ban by hand, i have the same errors (Fail2ban v0.8.13).

[jlerbsc]

lsmod | grep recent
xt_recent 17246 0
x_tables 27111 3 xt_recent,ip_tables,iptable_filter

[jlerbsc]

The host is an AWS/EC2 server

[drybjed]

@jlerbsc Well, I have the same suggestion as last time - try installing a fail2ban package manually on a clean host to see if it works at all. If it does, configure it with debops.fail2ban and try commenting out or moving away parts of the configuration until it works again. That way you can find out what caused the issue.

[jlerbsc]

When i re install fail2ban from scratch it works perfectly with default configuration.
sudo apt-get purge fail2ban
sudo apt-get install fail2ban