News:

SMF - Just Installed!

Main Menu

Fail2Ban unable to block IP Addresses on a Plesk server

Started by senthil, Sep 27, 2025, 07:21 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

senthil

Sep 27, 2025, 07:21 AM
Applicable to:
  • Plesk for Linux
Symptoms
  • Users encounter an error when attempting to block an IP address using Fail2Ban in Plesk. The error message states:
    ERROR:__main__Command ['set', 'plesk-one-week-ban', 'banip', '203.0.112.1'] failed with error
    UnknownJailException('plesk-one-week-ban').
  • Reloading fail2ban gives a permission error.
    Code Select
    # fail2ban-client reload
    2024-12-05 16:11:12,990 fail2ban [3005163]: ERROR NOK: (13, 'Permission denied')
    [Errno 13] Permission denied: '/var/www/vhosts/system/example.com/logs/error_log'
  • SELinux context of file seen in error above is httpd_sys_content instead of the correct one, httpd_log_t:
    Code Select
    # ls -Z /var/www/vhosts/system/example.com/logs/error_log
    system_u:object_r:httpd_sys_content_t:s0
    /var/www/vhosts/system/example.com/logs/error_log
  • Audit log file /var/log/audit/audit.log shows a denied request regarding fail2ban-server:
    Code Select
    # egrep "fail2ban-server" /var/log/audit/audit.log | grep denied
    type=AVC msg=audit(1733411472.982:1927101): avc: denied { read } for pid=2373127
    comm="fail2ban-server" name="error_log" dev="sda1" ino=230808319
    scontext=system_u:system_r:fail2ban_t:s0
    tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file permissive=0

Cause
The issue is caused by incorrect SELinux context for the log files that Fail2Ban needs to access.

Resolution
  • Connect to the server via SSH
  • Remove currently installed psa-selinux package via Plesk installer:
    Code Select
    # plesk installer --select-product-id plesk --select-release-current --remove-component
    selinux
  • Reinstall currently installed psa-selinux package via Plesk installer:
    Code Select
    # plesk installer --select-product-id plesk --select-release-current --install-component
    selinux
  • Check again context of affected file, it should look like this:
    Code Select
    # ls -Z /var/www/vhosts/system/example.com/logs/error_log
    system_u:object_r:httpd_log_t:s0 /var/www/vhosts/system/example.com/logs/error_log
Print
Go Up Pages1
User actions