Background
I switched server OS from Uuntu 24.04 to Debian 12 bookworm. After updates, among priorities, I installed fail2ban utility to prevent sshd attack. It turned out a failed process.
At the /etc/fail2ban directory, a copy of fail.conf was made fail.local, a traditional practice. Fail2ban showed an error exit code:
root@xxxxxxxxx:/etc/fail2ban# systemctl restart fail2ban
root@xxxxxxxxx:/etc/fail2ban# systemctl status fail2ban
× fail2ban.service – Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Tue 2025-04-22 01:08:08 PDT; 3s ago
Duration: 56ms
Docs: man:fail2ban(1)
Process: 2315 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
Main PID: 2315 (code=exited, status=255/EXCEPTION)
CPU: 55ms
Apr 22 01:08:08 xxxxxxxxx systemd[1]: Started fail2ban.service – Fail2Ban Service.
Apr 22 01:08:08 xxxxxxxxx fail2ban-server[2315]: 2025-04-22 01:08:08,852 fail2ban [2315]: ERROR Failed during confi……>
Apr 22 01:08:08 xxxxxxxxx fail2ban-server[2315]: 2025-04-22 01:08:08,853 fail2ban [2315]: ERROR Async configuration>
Apr 22 01:08:08 xxxxxxxxx systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Apr 22 01:08:08 xxxxxxxxx systemd[1]: fail2ban.service: Failed with result ‘exit-code’.
Analysis
Found empty service log in /var/log/fail2ban.log, I then googled for potential causes. Someone suggested to install rsyslog, but that did not work for me. Although most people found it easy to follow.
root@xxxxxxxxx:/etc/fail2ban# tail /var/log/fail2ban.log
root@xxxxxxxxx:/etc/fail2ban# ls -al /var/log/fail2ban.log
-rw-r—– 1 root adm 0 Apr 22 00:50 /var/log/fail2ban.log
root@xxxxxxxxx:/etc/fail2ban# apt install rsyslog -y
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
The following additional packages will be installed:
libestr0 libfastjson4 liblognorm5
Suggested packages:
rsyslog-mysql | rsyslog-pgsql rsyslog-mongodb rsyslog-doc rsyslog-openssl | rsyslog-gnutls rsyslog-gssapi rsyslog-relp
The following NEW packages will be installed:
libestr0 libfastjson4 liblognorm5 rsyslog
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 829 kB of archives.
After this operation, 2,280 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 libestr0 amd64 0.1.11-1 [9,204 B]
Get:2 http://deb.debian.org/debian bookworm/main amd64 libfastjson4 amd64 1.2304.0-1 [28.9 kB]
Get:3 http://deb.debian.org/debian bookworm/main amd64 liblognorm5 amd64 2.0.6-4 [67.2 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 rsyslog amd64 8.2302.0-1+deb12u1 [724 kB]
Fetched 829 kB in 0s (31.0 MB/s)
Selecting previously unselected package libestr0:amd64.
(Reading database … 29849 files and directories currently installed.)
Preparing to unpack …/libestr0_0.1.11-1_amd64.deb …
Unpacking libestr0:amd64 (0.1.11-1) …
Selecting previously unselected package libfastjson4:amd64.
Preparing to unpack …/libfastjson4_1.2304.0-1_amd64.deb …
Unpacking libfastjson4:amd64 (1.2304.0-1) …
Selecting previously unselected package liblognorm5:amd64.
Preparing to unpack …/liblognorm5_2.0.6-4_amd64.deb …
Unpacking liblognorm5:amd64 (2.0.6-4) …
Selecting previously unselected package rsyslog.
Preparing to unpack …/rsyslog_8.2302.0-1+deb12u1_amd64.deb …
Unpacking rsyslog (8.2302.0-1+deb12u1) …
Setting up libestr0:amd64 (0.1.11-1) …
Setting up libfastjson4:amd64 (1.2304.0-1) …
Setting up liblognorm5:amd64 (2.0.6-4) …
Setting up rsyslog (8.2302.0-1+deb12u1) …
Created symlink /etc/systemd/system/syslog.service → /lib/systemd/system/rsyslog.service.
Created symlink /etc/systemd/system/multi-user.target.wants/rsyslog.service → /lib/systemd/system/rsyslog.service.
Processing triggers for libc-bin (2.36-9+deb12u10) …
Focus on configuration file
I had to get attention back to the jail.local file, since it was reported the cause. Although it hinted Async conf was not right, it was not the core reason and could be ignored.
root@xxxxxxxxx:~# fail2ban-client -vv -t
2025-04-22 01:25:12,068 7F69EDC94040 INFO Loading configs for fail2ban under /etc/fail2ban
2025-04-22 01:25:12,068 7F69EDC94040 DEBUG Reading configs for fail2ban under /etc/fail2ban
2025-04-22 01:25:12,069 7F69EDC94040 DEBUG Reading config files: /etc/fail2ban/fail2ban.conf
2025-04-22 01:25:12,069 7F69EDC94040 INFO Loading files: [‘/etc/fail2ban/fail2ban.conf’]
2025-04-22 01:25:12,069 7F69EDC94040 INFO Loading files: [‘/etc/fail2ban/fail2ban.conf’]
2025-04-22 01:25:12,069 7F69EDC94040 INFO Using socket file /var/run/fail2ban/fail2ban.sock
2025-04-22 01:25:12,069 7F69EDC94040 INFO Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log
2025-04-22 01:25:12,069 7F69EDC94040 INFO Loading configs for jail under /etc/fail2ban
2025-04-22 01:25:12,069 7F69EDC94040 DEBUG Reading configs for jail under /etc/fail2ban
2025-04-22 01:25:12,070 7F69EDC94040 DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.d/defaults-debian.conf, /etc/fail2ban/jail.local
2025-04-22 01:25:12,070 7F69EDC94040 INFO Loading files: [‘/etc/fail2ban/jail.conf’]
2025-04-22 01:25:12,072 7F69EDC94040 INFO Loading files: [‘/etc/fail2ban/paths-debian.conf’]
2025-04-22 01:25:12,072 7F69EDC94040 INFO Loading files: [‘/etc/fail2ban/paths-common.conf’]
2025-04-22 01:25:12,073 7F69EDC94040 INFO Loading files: [‘/etc/fail2ban/paths-overrides.local’]
2025-04-22 01:25:12,073 7F69EDC94040 INFO Loading files: [‘/etc/fail2ban/jail.d/defaults-debian.conf’]
2025-04-22 01:25:12,073 7F69EDC94040 INFO Loading files: [‘/etc/fail2ban/jail.local’]
2025-04-22 01:25:12,073 7F69EDC94040 ERROR Failed during configuration: While reading from ‘/etc/fail2ban/jail.local’ [line 102]: option ‘bantime’ in section ‘DEFAULT’ already exists
2025-04-22 01:25:12,073 7F69EDC94040 ERROR ERROR: test configuration failed
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/fail2ban/client/fail2banclient.py”, line 405, in start
ret = self.initCmdLine(argv)
^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/fail2ban/client/fail2bancmdline.py”, line 264, in initCmdLine
raise ServerExecutionException(“ERROR: test configuration failed”)
fail2ban.client.fail2bancmdline.ServerExecutionException: ERROR: test configuration failed
2025-04-22 01:25:12,076 7F69EDC94040 DEBUG Exit with code 255
Get rid of unnecessary misconfigurations
It was not hard to correct all mistakes crammed inside the faill.local. After all possible complaints were removed, which were not necessarily appended at the initial stage, though it was custom according to our needs.
After several rounds, all seemed OK; the configuration test showed successful. And the log started logging.
root@arechtechled:~# fail2ban-client -vv -t
2025-04-22 01:31:16,339 7F558E299040 INFO Loading configs for fail2ban under /etc/fail2ban
2025-04-22 01:31:16,339 7F558E299040 DEBUG Reading configs for fail2ban under /etc/fail2ban
2025-04-22 01:31:16,340 7F558E299040 DEBUG Reading config files: /etc/fail2ban/fail2ban.conf
2025-04-22 01:31:16,340 7F558E299040 INFO Loading files: [‘/etc/fail2ban/fail2ban.conf’]
2025-04-22 01:31:16,340 7F558E299040 INFO Loading files: [‘/etc/fail2ban/fail2ban.conf’]
2025-04-22 01:31:16,340 7F558E299040 INFO Using socket file /var/run/fail2ban/fail2ban.sock
2025-04-22 01:31:16,340 7F558E299040 INFO Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log
2025-04-22 01:31:16,340 7F558E299040 INFO Loading configs for jail under /etc/fail2ban
2025-04-22 01:31:16,341 7F558E299040 DEBUG Reading configs for jail under /etc/fail2ban
2025-04-22 01:31:16,341 7F558E299040 DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.d/defaults-debian.conf, /etc/fail2ban/jail.local
2025-04-22 01:31:16,341 7F558E299040 INFO Loading files: [‘/etc/fail2ban/jail.conf’]
2025-04-22 01:31:16,343 7F558E299040 INFO Loading files: [‘/etc/fail2ban/paths-debian.conf’]
2025-04-22 01:31:16,343 7F558E299040 INFO Loading files: [‘/etc/fail2ban/paths-common.conf’]
2025-04-22 01:31:16,344 7F558E299040 INFO Loading files: [‘/etc/fail2ban/paths-overrides.local’]
2025-04-22 01:31:16,344 7F558E299040 INFO Loading files: [‘/etc/fail2ban/jail.d/defaults-debian.conf’]
2025-04-22 01:31:16,344 7F558E299040 INFO Loading files: [‘/etc/fail2ban/jail.local’]
2025-04-22 01:31:16,347 7F558E299040 INFO Loading files: [‘/etc/fail2ban/paths-common.conf’, ‘/etc/fail2ban/paths-debian.conf’, ‘/etc/fail2ban/jail.conf’, ‘/etc/fail2ban/jail.d/defaults-debian.conf’, ‘/etc/fail2ban/paths-common.conf’, ‘/etc/fail2ban/paths-debian.conf’, ‘/etc/fail2ban/jail.local’]
2025-04-22 01:31:16,347 7F558E299040 WARNI ‘allowipv6’ not defined in ‘Definition’. Using default one: ‘auto’
2025-04-22 01:31:16,347 7F558E299040 INFO Loading configs for filter.d/sshd under /etc/fail2ban
2025-04-22 01:31:16,347 7F558E299040 DEBUG Reading configs for filter.d/sshd under /etc/fail2ban
2025-04-22 01:31:16,348 7F558E299040 DEBUG Reading config files: /etc/fail2ban/filter.d/sshd.conf
2025-04-22 01:31:16,348 7F558E299040 INFO Loading files: [‘/etc/fail2ban/filter.d/sshd.conf’]
2025-04-22 01:31:16,348 7F558E299040 INFO Loading files: [‘/etc/fail2ban/filter.d/common.conf’]
2025-04-22 01:31:16,349 7F558E299040 INFO Loading files: [‘/etc/fail2ban/filter.d/common.local’]
2025-04-22 01:31:16,349 7F558E299040 INFO Loading files: [‘/etc/fail2ban/filter.d/common.conf’, ‘/etc/fail2ban/filter.d/sshd.conf’]
2025-04-22 01:31:16,350 7F558E299040 INFO Loading configs for action.d/iptables-multiport under /etc/fail2ban
2025-04-22 01:31:16,350 7F558E299040 DEBUG Reading configs for action.d/iptables-multiport under /etc/fail2ban
2025-04-22 01:31:16,350 7F558E299040 DEBUG Reading config files: /etc/fail2ban/action.d/iptables-multiport.conf
2025-04-22 01:31:16,350 7F558E299040 INFO Loading files: [‘/etc/fail2ban/action.d/iptables-multiport.conf’]
2025-04-22 01:31:16,351 7F558E299040 INFO Loading files: [‘/etc/fail2ban/action.d/iptables.conf’]
2025-04-22 01:31:16,351 7F558E299040 INFO Loading files: [‘/etc/fail2ban/action.d/iptables.conf’, ‘/etc/fail2ban/action.d/iptables-multiport.conf’]
OK: configuration test is successful
2025-04-22 01:31:16,354 7F558E299040 DEBUG Exit with code 0
root@xxxxxxxxx:~# systemctl restart fail2ban
root@xxxxxxxxx:~# systemctl status fail2ban
● fail2ban.service – Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: active (running) since Tue 2025-04-22 01:31:25 PDT; 6s ago
Docs: man:fail2ban(1)
Main PID: 714 (fail2ban-server)
Tasks: 5 (limit: 38406)
Memory: 19.0M
CPU: 147ms
CGroup: /system.slice/fail2ban.service
└─714 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Apr 22 01:31:25 arechtechled.com systemd[1]: Started fail2ban.service – Fail2Ban Service.
Apr 22 01:31:25 arechtechled.com fail2ban-server[714]: 2025-04-22 01:31:25,333 fail2ban.configreader [714]: WARNING ‘allowipv6’ not defin>
Apr 22 01:31:25 arechtechled.com fail2ban-server[714]: Server ready
root@xxxxxxxxx:~# less /var/log/fail2ban.log
root@xxxxxxxxx:~# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 15
| |- Total failed: 54
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 4
|- Total banned: 4
`- Banned IP list: 218.92.0.226 218.92.0.134 197.5.145.150 218.92.0.235
Conclusion
It is just an small error, but it could be quite a disconcerting thing if you work on a wrong path. I hope this article help you solve the problem in this regard.
Updates on Fail2ban "ERROR Failed during configuration: Have not found any log file for sshd jail"
1 Background
2 Locate fault and find remedy
1) Edit the /etc/fail2ban/jail.local file by adding ‘backend = systemd’ under [DEFAULT] at the beginning part.
(But when I looked back again in this file, the systemd changed it: backend = auto. I am not sure if it worked fine on other versions, but it is working fine for me. Because, according to Github comments on this issue, some said ‘backend = auto’ is just an option, which did not include ‘backend = systemd’. Anyway, it is a workaround to fix part of that issue.
2) The core part is to install the systemd package since systemd by default takes over the system monitoring job on debian.
root@xxxxxx:~# apt install python3-systemd -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
python3-systemd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 39.3 kB of archives.
After this operation, 217 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 python3-systemd amd64 235-1+b2 [39.3 kB]
Fetched 39.3 kB in 0s (661 kB/s)
Selecting previously unselected package python3-systemd.
(Reading database ... 40741 files and directories currently installed.)
Preparing to unpack .../python3-systemd_235-1+b2_amd64.deb ...
Unpacking python3-systemd (235-1+b2) ...
Setting up python3-systemd (235-1+b2) ...
3 Restart the fail2ban service and check out its status. It should work now.
root@xxxxxx:~# systemctl restart fail2ban
root@xxxxxx:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: active (running) since Wed 2025-05-07 05:32:18 UTC; 6s ago
Docs: man:fail2ban(1)
Main PID: 3194 (fail2ban-server)
Tasks: 5 (limit: 2312)
Memory: 73.1M
CPU: 174ms
CGroup: /system.slice/fail2ban.service
└─3194 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
May 07 05:32:18 xxxxxx systemd[1]: Started fail2ban.service - Fail2Ban Service.
May 07 05:32:19 xxxxxx fail2ban-server[3194]: Server ready
root@xxxxxx:~# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 6
| |- Total failed: 98
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 4
|- Total banned: 4
`- Banned IP list: 5.196.94.201 45.159.189.214 88.214.50.40 14.103.170.141