Error installing nextcloud: No failure-id group in 'Regex to match into the log for a failed login'

notplants · November 11, 2021, 1:28pm

My YunoHost server

Hardware: Digital Ocean VPS
YunoHost version: 4.3.2.2
I have access to my server : SSH on a VPS
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello, I’m getting an error while trying to install Nextcloud on my yunohost.

It looks like it has to do with fail2ban:

2021-11-11 13:21:21,081: WARNING - [Error] Nov 11 13:08:46 systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ban.pid → /run/fail2ban/fail2ban.pid; please update the unit file accordingly.
2021-11-11 13:21:21,082: WARNING - Nov 11 13:08:50 systemd[1]: Reloading Fail2Ban Service.
2021-11-11 13:21:21,082: WARNING - Nov 11 13:08:50 fail2ban-client[26834]:  NOK: ("No failure-id group in 'Regex to match into the log for a failed login'",)
2021-11-11 13:21:21,083: WARNING - Nov 11 13:08:50 fail2ban-client[26834]: No failure-id group in 'Regex to match into the log for a failed login'
2021-11-11 13:21:21,083: WARNING - Nov 11 13:08:50 systemd[1]: fail2ban.service: Control process exited, code=exited, status=255/EXCEPTION

Here is the full yunopaste log: https://paste.yunohost.org/raw/gohoniqiyi

any ideas how to fix it?

wbk · November 11, 2021, 2:36pm

I had a look at my /lib/systemd/system/fail2ban.service,

# cat /lib/systemd/system/fail2ban.service 
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service
PartOf=firewalld.service

[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255

[Install]
WantedBy=multi-user.target

My Nexctloud installed with no problems, but it has been a while back. Maybe this check got stricter.

You could try changing the path in the way suggested in the logging, by removing the /var-bit; the one is a symlink to the other:

# ls -hals /var/run
0 lrwxrwxrwx 1 root root 4 Jan 24  2019 /var/run -> /run

notplants · November 11, 2021, 3:26pm

@wbk thanks. I tried with your fail2ban service file (and running daemon-reload) and also modifying the unit file to reference fail2ban by /run/fail2ban instead of /var/run/fail2ban,
but neither helped

seeing the same error when installing nextcloud and unable to install

wbk · November 11, 2021, 3:38pm

Then there must be another cause. Your VPS is on Debian Buster? Are there any warnings in diagnosis? Are there any updates to apply?

ljf · November 11, 2021, 3:47pm

What are differencies between the recommended fail2ban conf and the one on your server ?
You can see that, with this command:

yunohost tools regenconf fail2ban --with-diff --dry-run

notplants · November 11, 2021, 4:32pm

@ljf thanks for the command. When I run this on my server it yields no output – which I think must mean there is no difference.

ljf · November 11, 2021, 4:35pm

indeed, what about the output of :

journalctl -u fail2ban
systemctl status fail2ban

notplants · November 11, 2021, 4:42pm

@wbk yup I am running Debian GNU/Linux 10 (buster) on the VPS.

There are no system updates needed.

There are a few apps that say they need updates (gitea, cryptpad, etherpads).

I tried updating gitea and got the same fail2ban error, so I now see its not specific to nextcloud.

In the past week I updated my yunohost to 4.3.2.2 so it must be something about the update I imagine.

I also got the same fail2ban error while trying to install a new app just now, standard notes server.

notplants · November 11, 2021, 4:43pm

@ljf here is the result of journalctl -u fail2ban:

-- Logs begin at Wed 2021-11-10 19:45:02 UTC, end at Thu 2021-11-11 16:38:26 UTC. --
Nov 11 09:52:24 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 09:52:24 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 09:52:24 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 09:52:24 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 09:52:25 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 11:59:51 mfowler.info systemd[1]: Reloading Fail2Ban Service.
Nov 11 12:00:16 mfowler.info fail2ban-client[24616]:  NOK: ("No failure-id group in 'Regex to match into the log for a failed login'",)
Nov 11 12:00:16 mfowler.info fail2ban-client[24616]: No failure-id group in 'Regex to match into the log for a failed login'
Nov 11 12:00:16 mfowler.info systemd[1]: fail2ban.service: Control process exited, code=exited, status=255/EXCEPTION
Nov 11 12:00:16 mfowler.info systemd[1]: Reload failed for Fail2Ban Service.
Nov 11 12:00:24 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 12:00:31 mfowler.info systemd[1]: Reloading Fail2Ban Service.
Nov 11 12:00:31 mfowler.info fail2ban-client[27645]:  NOK: ("No failure-id group in 'Regex to match into the log for a failed login'",)
Nov 11 12:00:31 mfowler.info fail2ban-client[27645]: No failure-id group in 'Regex to match into the log for a failed login'
Nov 11 12:00:31 mfowler.info systemd[1]: fail2ban.service: Control process exited, code=exited, status=255/EXCEPTION
Nov 11 12:00:31 mfowler.info systemd[1]: Reload failed for Fail2Ban Service.
Nov 11 12:01:16 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 12:01:23 mfowler.info systemd[1]: Stopping Fail2Ban Service...

And here is the result of systemctl status fail2ban:

● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2021-11-11 16:38:23 UTC; 4min 17s ago
     Docs: man:fail2ban(1)
  Process: 17847 ExecReload=/usr/bin/fail2ban-client reload (code=exited, status=255/EXCEPTION)
 Main PID: 2910 (fail2ban-server)
    Tasks: 1 (limit: 2375)
   Memory: 20.8M
   CGroup: /system.slice/fail2ban.service
           └─2910 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Nov 11 16:40:58 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 16:40:59 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 16:40:59 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 16:41:00 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 16:41:00 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 16:41:09 mfowler.info systemd[1]: Reloading Fail2Ban Service.
Nov 11 16:41:09 mfowler.info fail2ban-client[17847]:  NOK: ("No failure-id group in 'Regex to match into the log for a failed login'",)
Nov 11 16:41:09 mfowler.info fail2ban-client[17847]: No failure-id group in 'Regex to match into the log for a failed login'

I’ve tried running systemctl restart fail2ban a few times, which works, but the error comes back after trying to update or install an app, as described above.

notplants · November 11, 2021, 4:56pm

The only warnings in diagnosis are:

Configuration file /etc/nginx/conf.d/yunohost_panel.conf.inc appears to have been manually modified.
Configuration file /etc/ssh/sshd_config appears to have been manually modified.
The reverse DNS is not correctly configured in IPv4. Some emails may fail to get delivered or may get flagged as spam.

notplants · November 11, 2021, 6:33pm

Cool, I can simply replicate the error, in terminal, by running:

fail2ban-client reload

which gives the output:

 NOK: ("No failure-id group in 'Regex to match into the log for a failed login'",)
No failure-id group in 'Regex to match into the log for a failed login'

now to figure out which configuration actually causes this error…

notplants · November 11, 2021, 6:59pm

I ran
fail2ban-client -d
to get an output of all my fail2ban configurations,
and found a setting which matched the error message I was seeing.

The setting came from archivebox, an app that I had packaged for yunohost. While developing the package, I must have made an invalid fail2ban configuration at some point, which somehow stayed around. I guess this didn’t cause any problems until I updated yunohost, and then somehow it became an issue.

Sorry for wasting anyone’s time to read through this when it ended up to be my specific issue.

I was able to fix the issue by removing the stale archivebox fail2ban configurations from /etc/fail2ban/filter.d and /etc/fail2ban/jail.d

system · December 11, 2021, 7:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.