iysheng
(Yang sheng)
January 10, 2025, 6:51am
1
I installed fail2ban, the fail2ban version is
▸ fail2ban-client --version
Fail2Ban v1.1.0
but failed to start this service, when I checked I found error message like:
ERROR Error connecting to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3': unable to open database file
But when I check this file:
▸ ls -l /var/lib/fail2ban/fail2ban.sqlite3
.rw-rw-rw-. root root 72 KB Fri Jan 10 14:22:09 2025 /var/lib/fail2ban/fail2ban.sqlite3
and try use sqlite3 to open it , I can open it success.
▸ sqlite3 /var/lib/fail2ban/fail2ban.sqlite3
SQLite version 3.45.1 2024-01-30 16:01:20
Enter ".help" for usage hints.
sqlite> .open /var/lib/fail2ban/fail2ban.sqlite3
sqlite>
barryascott
(Barry A Scott)
January 10, 2025, 10:34am
2
What user does the service run as?
Is the file supposed to be owned by that user?
iysheng
(Yang sheng)
January 10, 2025, 11:31am
3
How could i check what user can run this service?
barryascott
(Barry A Scott)
January 10, 2025, 12:03pm
4
You can see the service file using systemctl cat <service-name>
.
Look for a User=
line.
iysheng
(Yang sheng)
January 10, 2025, 11:53pm
5
When I do command sudo systemctl cat fail2ban
, I just get output as below
# /usr/lib/systemd/system/fail2ban.service
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
PartOf=firewalld.service
[Service]
Type=simple
Environment="PYTHONNOUSERSITE=1"
ExecStartPre=/bin/mkdir -p /run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255
[Install]
WantedBy=multi-user.target
# /usr/lib/systemd/system/service.d/10-timeout-abort.conf
# This file is part of the systemd package.
# See https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer.
alciregi
(Alessio)
January 11, 2025, 6:53am
6
What is the output of
ls -laZ /var/lib/fail2ban/fail2ban.sqlite3
On my system is
-rw-------. 1 root root system_u:object_r:fail2ban_var_lib_t:s0 73728 Jan 11 07:52 /var/lib/fail2ban/fail2ban.sqlite3
1 Like
iysheng
(Yang sheng)
January 11, 2025, 8:39am
7
ls -lAZ /var/lib/fail2ban/fail2ban.sqlite3
.rw-rw-rw-. root root unconfined_u:object_r:var_lib_t:s0 72 KB Fri Jan 10 14:22:09 2025 /var/lib/fail2ban/fail2ban.sqlite3
ls -l /var/lib/fail2ban/fail2ban.sqlite3
.rw-rw-rw-. root root 72 KB Fri Jan 10 14:22:09 2025 /var/lib/fail2ban/fail2ban.sqlite
l do the mode changed command as sudo chmod 666 /var/lib/fiail2ban/fail2bn.sqlite3
before when I meer this isdue.
alciregi
(Alessio)
January 11, 2025, 9:53am
8
You can revert back to 600
I don’t know how it happened, but there is an issue with selinux contexts.
Try to issue this command to restore the expected ones:
sudo restorecon /var/lib/fail2ban/fail2ban.sqlite3
1 Like
iysheng
(Yang sheng)
January 11, 2025, 10:24am
9
thanks for your relpy, after I do these commands:
sudo chmod 600 /var/lib/fail2ban/fail2ban.sqlite3
sudo restorecon /var/lib/fail2ban/fail2ban.sqlite3
It works now.
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: disabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Sat 2025-01-11 18:20:59 HKT; 1min 44s ago
Docs: man:fail2ban(1)
Process: 1160584 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 1160586 (fail2ban-server)
Tasks: 5 (limit: 37922)
Memory: 15.0M (peak: 38.5M)
CPU: 445ms
CGroup: /system.slice/fail2ban.service
└─1160586 /usr/bin/python3 -sP /usr/bin/fail2ban-server -xf start
Jan 11 18:20:59 localhost.localdomain systemd[1]: Starting fail2ban.service - Fail2Ban ervice...
Jan 11 18:20:59 localhost.localdomain systemd[1]: Started fail2ban.service - Fail2Ban Service.
Jan 11 18:20:59 localhost.localdomain fail2ban-server[1160586]: Server ready
1 Like