Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 259787 - net-analyzer/fail2ban-0.8.3: stale socket not cleared, fails to start after unclean shutdown
Summary: net-analyzer/fail2ban-0.8.3: stale socket not cleared, fails to start after u...
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: High normal with 1 vote (vote)
Assignee: Gentoo Netmon project
URL: http://www.fail2ban.org/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-21 08:23 UTC by Adam Shea
Modified: 2010-11-04 01:05 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Shea 2009-02-21 08:23:31 UTC 
After a hard reboot, fail2ban fails to restart due to a stale socket file.

Reproducible: Always

Steps to Reproduce:
1. Start fail2ban using initscript (#/etc/init.d/fail2ban start)
2. Power Cycle your machine (or kill -9 the process and zap the initscript)
3. Try restarting fail2ban with the initscrip (#/etc/init.d/fail2ban start)

Actual Results:  
 * Service fail2ban starting
 * Starting fail2ban ...
 * Failed to start fail2ban                          [ !! ]
 * ERROR:  fail2ban failed to start


Expected Results:  
 * Service fail2ban starting
 * Starting fail2ban...                              [ ok ]
 * Service fail2ban started


By using the fail2ban-client startup method I was able to determine that the failure is due to a stale socket file located in /var/run/fail2ban/fail2ban.sock.  Removing this stale socket fixes the problem.

  # fail2ban-client start
  2009-02-21 02:19:06,826 fail2ban.server : INFO   Starting Fail2ban v0.8.3
  2009-02-21 02:19:06,827 fail2ban.server : INFO   Starting in daemon mode
  ERROR  Could not start server. Maybe an old socket file is still present. Try
  to remove /var/run/fail2ban/fail2ban.sock. If you used fail2ban-client to 
  start the server, adding the -x option will do it

I suggest adding some method that detects this file / bad shutdown in the initscript and seamlessly removes a stale socket while possibly throwing a warning.  This is a minor security issue as fail2ban will fail to restart after a power failure.
Comment 1 Lypsik 2010-03-22 18:04:10 UTC 
Still the same with 0.8.4.
I did a strace with the fail2ban-client to see why it's taking so long before it finally fails starting, as it delays startup of the computer for about 30 seconds.
It seems it is trying to connect on the stale socket, I counted 302 tries.
Also I found that the message about the socket fail2ban-client finally gives at the end when it's called directly, isn't logged in the fail2ban log. Such message would be very useful there.
Comment 2 Nathan Levin-Greenhaw 2010-08-28 02:24:26 UTC 
I always have the same problem after I upgrade fail2ban. After awhile of snooping around I realize I just need to configure fail2ban to start even if a socket exists:

In /etc/conf.d/fail2ban add -x to FAIL2BAN_OPTIONS
Comment 3 Markos Chandras (RETIRED) gentoo-dev 2010-11-03 21:45:59 UTC 
0.8.3 is no longer on tree
Comment 4 Lypsik 2010-11-04 01:05:37 UTC 
But 0.8.4 is.
Is there a fix for the issues in my previous comment?