[CentOS] Can't run fail2ban 0.8.4 [CentOS 6]

Fri Nov 4 12:49:40 UTC 2011
John Hinton <webmaster at ew3d.com>

On 11/4/2011 8:24 AM, Kévin GASPARD wrote:
> Le 04/11/2011 12:54, Patrick Lists a écrit :
>> On 11/04/2011 12:48 PM, Kévin GASPARD wrote:
>>> The output of service fail2ban start in root (that's in french) :
>>>
>>> Démarrage de fail2ban :                                    [ÉCHOUÉ]
>> The docs on the fail2ban website also say how you can start fail2ban
>> manually (at http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Usage):
>>
>> $ fail2ban-client start
>>
>> Maybe starting it that way gives you more information why it fails.
>>
>> Regards,
>> Patrick
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> Hi,
>
> [root at turing lighttpd]# fail2ban-client start
> WARNING 'action' not defined in 'php-url-fopen'. Using default value
> WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value
> ERROR  Error in action definition
> ERROR  Errors in jail 'lighttpd-fastcgi'. Skipping...
>
> Cordially
>
Yeah... I was thinking that was the problem. I'm running Fail2Ban and I 
think I got it from EPEL, on CentOS 6 without problems.

Looks like you need to kill off some of your jail confs and then turn 
them on and tune them one by one. Fail2Ban relies on logging and even 
certain log levels being run from the services you are checking. I found 
the default Fail2Ban install worked very well on a default 
webserver/mailserver install. There were a number of things that I 
needed to do to turn on other checks. And I have customized even 
further. For instance, I subscribe to Spamhaus. I use the spamhaus 
maillog entries to look for repeated attempts to one or more domains and 
after so many, block the offender at the firewall. Saves a lot of server 
load and 'seems' to make these folks give up on my systems to some extent.

So, turn off most of the event triggers and then turn them back on one 
at a time. Then edit the rules as needed or set log levels on the 
service being checked to give the output needed to work with the rule.

-- 
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions