环境
- 系统:rocky linux 8.8
- Python版本:Python 3.6.8
安装
安装过程大概如下:
# 下载 fail2ban 1.0.2版本
wget https://github.com/fail2ban/fail2ban/archive/refs/tags/1.0.2.tar.gz
tar xzf 1.0.2.tar.gz && cd fail2ban-1.0.2
# 执行fail2ban自带的fail2ban-2to3工具进行转换
./fail2ban-2to3
# 无意外最后会提示Success!
# 进行单元测试
./fail2ban-testcases-all-python3
# 测试完成后,进行最后一步安装
python3 setup.py install
cp build/fail2ban.service /lib/systemd/system/
在执行 systemctl start fail2ban.service后提示:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2023-10-26 21:39:57 CST; 3s ago
Docs: man:fail2ban(1)
Process: 2610466 ExecStart=/usr/local/bin/fail2ban-server -xf start (code=exited, status=1/FAILURE)
Process: 2610464 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 2610466 (code=exited, status=1/FAILURE)
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Main process exited, code=exited, status=1/FAILURE
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Service RestartSec=100ms expired, scheduling restart.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Scheduled restart job, restart counter is at 5.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: Stopped Fail2Ban Service.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Start request repeated too quickly.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: Failed to start Fail2Ban Service.
在查看 /var/log/messages日志中,得到以下信息:
Oct 26 21:39:56 iZwz952biq4t3vffese51wZ systemd[1]: Starting Fail2Ban Service...
Oct 26 21:39:56 iZwz952biq4t3vffese51wZ systemd[1]: Started Fail2Ban Service.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ fail2ban-server[2610466]: Traceback (most recent call last):
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ fail2ban-server[2610466]: File "/usr/local/bin/fail2ban-server", line 34, in <module>
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ fail2ban-server[2610466]: from fail2ban.client.fail2banserver import exec_command_line, sys
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ fail2ban-server[2610466]: ModuleNotFoundError: No module named 'fail2ban'
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Main process exited, code=exited, status=1/FAILURE
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Service RestartSec=100ms expired, scheduling restart.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Scheduled restart job, restart counter is at 5.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: Stopped Fail2Ban Service.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Start request repeated too quickly.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Oct 26 21:39:57 iZwz952biq4t3vffese51wZ systemd[1]: Failed to start Fail2Ban Service.
解决
经查找原因,得知 Systemd 会以最小环境启动进程,因此如果从 systemd 单元启动,python 路径可能会有所不同。因此可以在 systemd-unit 环境中扩展 PYTHONPATH(以包含 /usr/local/lib/python3.6/site-packages)。
编辑 /lib/systemd/system/fail2ban.service文件,在 Service添加一个 Environment="PYTHONPATH=/usr/local/lib/python3.6/site-packages"环境变量:
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service
[Service]
Type=simple
Environment="PYTHONNOUSERSITE=1"
Environment="PYTHONPATH=/usr/local/lib/python3.6/site-packages"
ExecStartPre=/bin/mkdir -p /run/fail2ban
ExecStart=/usr/local/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/local/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/local/bin/fail2ban-client stop
ExecReload=/usr/local/bin/fail2ban-client reload
PIDFile=/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255
[Install]
WantedBy=multi-user.target
更改完成后,尝试重新启动即可正常启动:
systemctl daemon-reload
systemctl start fail2ban.service
systemctl status fail2ban.service
systemctl enable fail2ban.service