6

I have been using fail2ban for a while on my Ubuntu server. Recently (after upgrading to ubuntu 15.04 I assume) fail2ban has been failing to start.

Initially, this was because the port option had been specified twice somewhere - I fixed that.

Now I am getting the following error:

WARNING 'filter' not defined in 'sshd'. Using default one: ''
ERROR  Failed during configuration: Bad value substitution:
        section: [sshd]
        option : action
        key    : port
        rawval : ", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]

Here is a link to a pastebin of my jail.local configuration file: http://pastebin.com/KksbwT1r

I have removed the email addresses for privacy reasons.

starbeamrainbowlabs
  • 1,187
  • 3
  • 17
  • 36

4 Answers4

2

I noticed that after the upgrade to 15.04 when I check the webmin for a server that I have with the same issue, what I saw what that I had a new jail called "sshd" that had nothing defined as a filter. I deleted this jail and it now works again. To be clear, the ssh jail is still there,just the empty jail called sshd is gone. Outside of webmin I'm not sure where to find that jail. You pastebin looks clear of any invalid entries.

Randy_O
  • 430
  • 2
  • 9
  • Thanks for the comment. I found my fail2ban configs at `/etc/fail2ban/jail.conf` and `/etc/fail2ban/jail.local` (`jail.local` is the file that you should edit and `jail.conf` is the default settings one I think). Would it be possible for you to post your fail2ban config? I would find it helpful to compare your working one against my failing one :) – starbeamrainbowlabs Apr 30 '15 at 18:56
  • Update: I found another file called `jail.conf.dpkg-dist` in that directory too. I assume it's the newest default config file, so I backed up and deleted the old ones and reconfigured my fail2ban install using the new config file it seems to be working now. Thanks for your help! – starbeamrainbowlabs Apr 30 '15 at 19:16
  • 1
    I found sshd jail in `jail.d/defaults-debian.conf` wwith only 2 lines, so no filter no action – mirkobrankovic Mar 13 '16 at 21:56
  • Thanks, I had also a sshd jail only visible in Webmin. Deleted it and it works again :) – franc Feb 11 '20 at 14:07
2

On Ubuntu 16.04 had the same issue out of a sudden:

dec 17 08:58:41 xxx fail2ban-client[1342]: ERROR Failed during configuration: Bad value substitution: option 'action' in section 'sshd' contains an interpolation key 'port' which is not a valid option name. Raw value: '%(action_)s'

it turns out that on Ubuntu inside jail.d/defaults-debian.conf there is a jail confing that contained nothing but:

[sshd]

enabled = true

Commenting this lines out fixed the issue above.

Community
  • 1
Ionut Irofte
  • 21
  • 2
1

After upgrading from 16.04 to 18.04 I ran into similar issues. For me it was sufficient to replace the .conf files with the .conf.dpkg-dist files.

sudo mv paths-common.conf paths-common.conf.old
sudo mv paths-common.conf.dpkg-dist paths-common.conf
sudo mv paths-debian.conf paths-debian.conf.old
sudo mv paths-debian.conf.dpkg-dist paths-debian.conf

I also had to apply these changes to /etc/fail2ban/jail.local, essentially replacing all occurrences of imap3 with either imap or imap2.

Afterwards fail2ban started without problems.

Gerald Schneider
  • 563
  • 3
  • 13
1

I had the same issue. Fix was: Port in jail.conf was missing.

martialblog
  • 43
  • 4
  • Thanks for the hint. I modified `defaults-debian.conf` in the following way and `fail2ban` service started again. `[sshd] enabled = true port = ssh filter = sshd maxretry = 6` – Avio May 06 '19 at 09:41