Fail2ban missing files after migration/upgrade

Dex · June 1, 2025, 10:32pm

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.0.17
How are you able to access your server: The webadmin
SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: No

Describe your issue

I (finally) got around to migrating my installation to 12 and that seemed to go smoothly, all completed and let me log back in - apps all there, data all there. But then when I ran a diagnostic it told me that the fail2ban service wasn’t running.

So I ran yunohost service status fail2ban and the output was:

configuration: broken
configuration-details: 
  - 2025-06-01 17:54:44,740 fail2ban.configreader   [3981]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
  - 2025-06-01 17:54:44,741 fail2ban.configreader   [3981]: ERROR   Found no accessible config files for 'filter.d/sshd' under /etc/fail2ban
  - 2025-06-01 17:54:44,741 fail2ban.jailreader     [3981]: ERROR   Unable to read the filter 'sshd'
  - 2025-06-01 17:54:44,741 fail2ban.jailsreader    [3981]: ERROR   Errors in jail 'sshd'.
  - 2025-06-01 17:54:44,741 fail2ban.configreader   [3981]: ERROR   Found no accessible config files for 'filter.d/nginx-http-auth' under /etc/fail2ban
  - 2025-06-01 17:54:44,741 fail2ban.jailreader     [3981]: ERROR   Unable to read the filter 'nginx-http-auth'
  - 2025-06-01 17:54:44,741 fail2ban.jailsreader    [3981]: ERROR   Errors in jail 'nginx-http-auth'.
  - 2025-06-01 17:54:44,743 fail2ban.configreader   [3981]: ERROR   Found no accessible config files for 'filter.d/postfix' under /etc/fail2ban
  - 2025-06-01 17:54:44,743 fail2ban.jailreader     [3981]: ERROR   Unable to read the filter 'postfix'
  - 2025-06-01 17:54:44,743 fail2ban.jailsreader    [3981]: ERROR   Errors in jail 'postfix'.
  - 2025-06-01 17:54:44,743 fail2ban.configreader   [3981]: ERROR   Found no accessible config files for 'filter.d/dovecot' under /etc/fail2ban
  - 2025-06-01 17:54:44,743 fail2ban.jailreader     [3981]: ERROR   Unable to read the filter 'dovecot'
  - 2025-06-01 17:54:44,743 fail2ban.jailsreader    [3981]: ERROR   Errors in jail 'dovecot'.
  - 2025-06-01 17:54:44,744 fail2ban.configreader   [3981]: ERROR   Found no accessible config files for 'filter.d/recidive' under /etc/fail2ban
  - 2025-06-01 17:54:44,744 fail2ban.jailreader     [3981]: ERROR   Unable to read the filter 'recidive'
  - 2025-06-01 17:54:44,744 fail2ban.jailsreader    [3981]: ERROR   Errors in jail 'recidive'.
  - 2025-06-01 17:54:44,744 fail2ban.configreader   [3981]: ERROR   Found no accessible config files for 'filter.d/pam-generic' under /etc/fail2ban
  - 2025-06-01 17:54:44,744 fail2ban.jailreader     [3981]: ERROR   Unable to read the filter 'pam-generic'
  - 2025-06-01 17:54:44,744 fail2ban.jailsreader    [3981]: ERROR   Errors in jail 'pam-generic'.
  - 2025-06-01 17:54:44,746 fail2ban                [3981]: ERROR   Failed during configuration: Bad value substitution: option 'failregex' in section 'Definition' contains an interpolation key '__prefix_line' which is not a valid option name. Raw value: '^%(__prefix_line)swarning: [-._\\w]+\\[<HOST>\\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\\s*$'
  - 2025-06-01 17:54:44,746 fail2ban                [3981]: ERROR   ERROR: test configuration failed
description: Protects against brute-force and other kinds of attacks from the Internet
last_state_change: 2025-06-01 17:48:48
start_on_boot: enabled
status: failed

So I had a look and indeed, none of the files were in /etc/fail2ban/

After a bit of searching I eventually found conf files in /usr/lib/python3/dist-packages/fail2ban/tests/config/ so I copied them all over to /etc/fail2ban/ and then restarted the fail2ban service but still its failing, this time with errors that I think indicate the files are found but configured wrong:

configuration: broken
configuration-details: 
  - 2025-06-01 18:04:08,187 fail2ban.configreader   [4293]: WARNING 'socket' not defined in 'Definition'. Using default one: '/var/run/fail2ban/fail2ban.sock'
  - 2025-06-01 18:04:08,187 fail2ban.configreader   [4293]: WARNING 'pidfile' not defined in 'Definition'. Using default one: '/var/run/fail2ban/fail2ban.pid'
  - 2025-06-01 18:04:08,187 fail2ban.configreader   [4293]: WARNING 'logtarget' not defined in 'Definition'. Using default one: '/var/log/fail2ban.log'
  - 2025-06-01 18:04:08,187 fail2ban.configreader   [4293]: WARNING 'syslogsocket' not defined in 'Definition'. Using default one: 'auto'
  - 2025-06-01 18:04:08,188 fail2ban.configreader   [4293]: WARNING 'logtarget' not defined in 'Definition'. Using default one: 'STDERR'
  - 2025-06-01 18:04:08,188 fail2ban.configreader   [4293]: WARNING 'syslogsocket' not defined in 'Definition'. Using default one: 'auto'
  - 2025-06-01 18:04:08,189 fail2ban.configreader   [4293]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
  - 2025-06-01 18:04:08,189 fail2ban.configreader   [4293]: WARNING 'dbfile' not defined in 'Definition'. Using default one: '/var/lib/fail2ban/fail2ban.sqlite3'
  - 2025-06-01 18:04:08,189 fail2ban.configreader   [4293]: WARNING 'dbpurgeage' not defined in 'Definition'. Using default one: '1d'
  - 2025-06-01 18:04:08,189 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'emptyaction'. Using default one: 'auto'
  - 2025-06-01 18:04:08,189 fail2ban.jailreader     [4293]: WARNING No filter set for jail emptyaction
  - 2025-06-01 18:04:08,189 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'emptyaction'. Using default one: 'auto'
  - 2025-06-01 18:04:08,189 fail2ban.jailreader     [4293]: WARNING No actions were defined for emptyaction
  - 2025-06-01 18:04:08,189 fail2ban.configreader   [4293]: WARNING 'enabled' not defined in 'special'. Using default one: False
  - 2025-06-01 18:04:08,189 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'special'. Using default one: 'auto'
  - 2025-06-01 18:04:08,189 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'test-known-interp'. Using default one: 'auto'
  - 2025-06-01 18:04:08,190 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'test-known-interp'. Using default one: 'auto'
  - 2025-06-01 18:04:08,190 fail2ban.configreader   [4293]: WARNING 'action' not defined in 'test-known-interp'. Using default one: ''
  - 2025-06-01 18:04:08,190 fail2ban.jailreader     [4293]: WARNING No actions were defined for test-known-interp
  - 2025-06-01 18:04:08,190 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'missinglogfiles'. Using default one: 'auto'
  - 2025-06-01 18:04:08,191 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'missinglogfiles'. Using default one: 'auto'
  - 2025-06-01 18:04:08,191 fail2ban.configreader   [4293]: WARNING 'action' not defined in 'missinglogfiles'. Using default one: ''
  - 2025-06-01 18:04:08,191 fail2ban.jailreader     [4293]: WARNING No actions were defined for missinglogfiles
  - 2025-06-01 18:04:08,191 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'brokenactiondef'. Using default one: 'auto'
  - 2025-06-01 18:04:08,191 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'brokenactiondef'. Using default one: 'auto'
  - 2025-06-01 18:04:08,192 fail2ban.jailreader     [4293]: ERROR   Invalid action definition 'joho[foo': unexpected option syntax
  - 2025-06-01 18:04:08,192 fail2ban.jailsreader    [4293]: ERROR   Errors in jail 'brokenactiondef'.
  - 2025-06-01 18:04:08,192 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'brokenfilterdef'. Using default one: 'auto'
  - 2025-06-01 18:04:08,192 fail2ban.jailreader     [4293]: ERROR   Invalid filter definition 'flt[test': unexpected option syntax
  - 2025-06-01 18:04:08,192 fail2ban.jailsreader    [4293]: ERROR   Errors in jail 'brokenfilterdef'.
  - 2025-06-01 18:04:08,192 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'brokenaction'. Using default one: 'auto'
  - 2025-06-01 18:04:08,192 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'brokenaction'. Using default one: 'auto'
  - 2025-06-01 18:04:08,193 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'missingaction'. Using default one: 'auto'
  - 2025-06-01 18:04:08,193 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'missingaction'. Using default one: 'auto'
  - 2025-06-01 18:04:08,194 fail2ban.configreader   [4293]: ERROR   Found no accessible config files for 'action.d/noactionfileforthisaction' under /etc/fail2ban
  - 2025-06-01 18:04:08,194 fail2ban.jailreader     [4293]: ERROR   Unable to read action 'noactionfileforthisaction'
  - 2025-06-01 18:04:08,194 fail2ban.jailsreader    [4293]: ERROR   Errors in jail 'missingaction'.
  - 2025-06-01 18:04:08,194 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'missingbitsjail'. Using default one: 'auto'
  - 2025-06-01 18:04:08,194 fail2ban.configreader   [4293]: ERROR   Found no accessible config files for 'filter.d/catchallthebadies' under /etc/fail2ban
  - 2025-06-01 18:04:08,194 fail2ban.jailreader     [4293]: ERROR   Unable to read the filter 'catchallthebadies'
  - 2025-06-01 18:04:08,194 fail2ban.jailsreader    [4293]: ERROR   Errors in jail 'missingbitsjail'.
  - 2025-06-01 18:04:08,194 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'parse_to_end_of_jail.conf'. Using default one: 'auto'
  - 2025-06-01 18:04:08,194 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'parse_to_end_of_jail.conf'. Using default one: 'auto'
  - 2025-06-01 18:04:08,194 fail2ban.jailreader     [4293]: WARNING No actions were defined for parse_to_end_of_jail.conf
  - 2025-06-01 18:04:08,195 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'tz_correct'. Using default one: 'auto'
  - 2025-06-01 18:04:08,195 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'tz_correct'. Using default one: 'auto'
  - 2025-06-01 18:04:08,195 fail2ban.configreader   [4293]: WARNING 'action' not defined in 'tz_correct'. Using default one: ''
  - 2025-06-01 18:04:08,195 fail2ban.jailreader     [4293]: WARNING No actions were defined for tz_correct
  - 2025-06-01 18:04:08,195 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'multi-log'. Using default one: 'auto'
  - 2025-06-01 18:04:08,195 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'sshd'. Using default one: 'auto'
  - 2025-06-01 18:04:08,195 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'sshd'. Using default one: 'auto'
  - 2025-06-01 18:04:08,196 fail2ban.configreader   [4293]: WARNING 'action' not defined in 'sshd'. Using default one: ''
  - 2025-06-01 18:04:08,196 fail2ban.jailreader     [4293]: WARNING No actions were defined for sshd
  - 2025-06-01 18:04:08,196 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'nginx-http-auth'. Using default one: 'auto'
  - 2025-06-01 18:04:08,196 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'nginx-http-auth'. Using default one: 'auto'
  - 2025-06-01 18:04:08,196 fail2ban.configreader   [4293]: WARNING 'action' not defined in 'nginx-http-auth'. Using default one: ''
  - 2025-06-01 18:04:08,196 fail2ban.jailreader     [4293]: WARNING No actions were defined for nginx-http-auth
  - 2025-06-01 18:04:08,197 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'postfix'. Using default one: 'auto'
  - 2025-06-01 18:04:08,197 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'postfix'. Using default one: 'auto'
  - 2025-06-01 18:04:08,197 fail2ban.configreader   [4293]: WARNING 'action' not defined in 'postfix'. Using default one: ''
  - 2025-06-01 18:04:08,197 fail2ban.jailreader     [4293]: WARNING No actions were defined for postfix
  - 2025-06-01 18:04:08,197 fail2ban.configreader   [4293]: WARNING 'backend' not defined in 'sasl'. Using default one: 'auto'
  - 2025-06-01 18:04:08,198 fail2ban                [4293]: ERROR   Failed during configuration: Bad value substitution: option 'failregex' in section 'Definition' contains an interpolation key '__prefix_line' which is not a valid option name. Raw value: '^%(__prefix_line)swarning: [-._\\w]+\\[<HOST>\\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\\s*$'
  - 2025-06-01 18:04:08,198 fail2ban                [4293]: ERROR   ERROR: test configuration failed

I’m at a bit of a loss as to how to sort this out. Running the system update says there’s nothing wrong but fail2ban is totally broken.

Share relevant logs or error messages

Can’t run logs as fail2ban cannot be found.

otm33 · June 2, 2025, 12:51am

Hello @Dex
Have you already tried sudo yunohost tools regen-conf fail2ban ?

Dex · June 2, 2025, 1:03am

I did yes, sorry I forgot to mention that. First time before copying the files and it told me fail2ban didn’t exist (I guess because there was nothing in /etc/fail2ban) and the second time after I copied the file which resulted in The configuration file '/etc/fail2ban/jail.conf' has been manually modified and will not be updated.

otm33 · June 2, 2025, 8:09am

If fail2ban is totally broken and if you didn’t have any filter or jail left in /etc/fail2ban/jail.d and /etc/fail2ban/filter.d, you can try reinstalling fail2ban. You will likely need to manually add files from fail2ban repo and to recreate jails for your apps.
This thread may help.

Dex · June 2, 2025, 10:12am

Thank you. So is it true to say that if I totally remove what I have now (rm directories and purge), then reinstall fail2ban and then run regen-conf that should sort the issue?

otm33 · June 2, 2025, 10:21am

Unfortunately, it’s not so easy… see :

… I would recommand to backup every file related to fail2ban before reinstalling.