Ubuntu
fail2ban package

default config in noble prevents start of fail2ban

Bug #2064141 reported by Andrei Caraman
This bug report is a duplicate of:  Bug #2055114: fail2ban is broken in 24.04 Noble. Edit Remove
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
fail2ban (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

While installing fail2ban, apt shows these warning:
Setting up fail2ban (1.0.2-3) ...
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:224: SyntaxWarning: invalid escape sequence '\s'
  "1490349000 test failed.dns.ch", "^\s*test <F-ID>\S+</F-ID>"
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:435: SyntaxWarning: invalid escape sequence '\S'
  '^'+prefix+'<F-ID>User <F-USER>\S+</F-USER></F-ID> not allowed\n'
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:443: SyntaxWarning: invalid escape sequence '\S'
  '^'+prefix+'User <F-USER>\S+</F-USER> not allowed\n'
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:444: SyntaxWarning: invalid escape sequence '\d'
  '^'+prefix+'Received disconnect from <F-ID><ADDR> port \d+</F-ID>'
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:451: SyntaxWarning: invalid escape sequence '\s'
  _test_variants('common', prefix="\s*\S+ sshd\[<F-MLFID>\d+</F-MLFID>\]:\s+")
/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.py:537: SyntaxWarning: invalid escape sequence '\['
  'common[prefregex="^svc\[<F-MLFID>\d+</F-MLFID>\] connect <F-CONTENT>.+</F-CONTENT>$"'
/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py:1375: SyntaxWarning: invalid escape sequence '\s'
  "`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-w-nft-mp\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`",
/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py:1378: SyntaxWarning: invalid escape sequence '\s'
  "`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-w-nft-mp\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`",
/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py:1421: SyntaxWarning: invalid escape sequence '\s'
  "`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-w-nft-ap\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`",
/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py:1424: SyntaxWarning: invalid escape sequence '\s'
  "`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-w-nft-ap\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`",
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /usr/lib/systemd/system/fail2ban.service.

and after installation, fail2ban fails to start:

# systemctl status fail2ban
× fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Mon 2024-04-29 11:40:44 EDT; 6min ago
   Duration: 155ms
       Docs: man:fail2ban(1)
    Process: 231600 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
   Main PID: 231600 (code=exited, status=255/EXCEPTION)
        CPU: 144ms

Apr 29 11:40:44 prod systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 29 11:40:44 prod fail2ban-server[231600]: 2024-04-29 11:40:44,512 fail2ban.configreader [231600]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Apr 29 11:40:44 prod fail2ban-server[231600]: 2024-04-29 11:40:44,544 fail2ban [231600]: ERROR No module named 'asynchat'
Apr 29 11:40:44 prod systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Apr 29 11:40:44 prod systemd[1]: fail2ban.service: Failed with result 'exit-code'.

Sysadmins have been used to having fail2ban block offenders on the default config and might naturally assume some degree of protection by simply installing the package. The actual behaviour however does not match their expectations.

Seth Arnold (seth-arnold)
information type: Private Security → Public
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in fail2ban (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.