While setting up a webserver, I noticed that
fail2ban-client status did not list all of the rules that I’d configured in
jail.d. Althought configuration files were added to the directory, the status wasn’t showing them listed, so it hadn’t activated the jails. Running
service fail2ban restart didn’t add them either.
After spending some time researching, some people suggest changing the backend used in fail2ban from auto to polling in jail.conf. Since you shouldn’t edit jail.conf on a debian based system, I tried creating a new file
nano /etc/fail2ban/jail.local and adding the line
backend = polling. This actually prevented the fail2ban service from starting for me. The errors in
systemctl status fail2ban.service didn’t show anything useful as to the cause of the error. In the end I reverted this change.
fail2ban-client reload did present error messages detailing which rule couldn’t be activated:
ERROR No file(s) found for glob /var/log/apache2/*.log ERROR Failed during configuration: Have not found any log file for apache-xmlrpc jail
This then meant I was able to investigate the
jail.d config file with the rule indicated as causing the problem and correct the log file path.
fail2ban-client status then shows the correct jails running.