# fail2ban won't reload or stop

## Robert S

Since I have upgraded to net-analyzer/fail2ban-0.9.6, it won't stop or reload:

```
 # /etc/init.d/fail2ban restart

 * Stopping fail2ban ...

 * start-stop-daemon: 1 process refused to stop

 * Failed to stop fail2ban                                                                                  [ !! ]

 * ERROR: fail2ban failed to stop
```

It also crashed in the middle of the night last night.  If I do 'ps ax', it doesn't show the fail2ban process

Does anyone have any suggestions?

----------

## guitou

Hello

If fail2ban process is not running anymore, then you may wish to remove PID file (/var/run/fail2ban...): luckily, that would be enough to be able to restart service.

++

Gi)

----------

## cboldt

The generic way to do that under openrc is `/etc/init.d/service zap`

----------

## Robert S

I'm more concerned that this is a recurrent problem.

----------

## cboldt

Of course, understood that resolving random service failure  is priority.  But you have provided no insight as to why the service failed, just that it did.  Naturally, that might elicit reply from others who had fail2ban crash, but so far, those people have decided to not participate in this thread.

----------

## Robert S

Thanks. I'll keep watching this thread. I've downgraded my installation to the last stable version.

----------

## Syl20

If you plan to update fail2ban again, you should have a look into the /var/log/ files (I suppose /var/log/syslog is the right log file), when it crashes. Also, please post the result of the emerge --info" command, to help us understand why fail2ban is unstable for you.

----------

## Robert S

I'm still having this problem with the latest masked version: 0.9.7.

The init script runs the following when it stops fail2ban:

```
start-stop-daemon --verbose --stop --pidfile /run/fail2ban/fail2ban.pid "/usr/bin/fail2ban-client stop"

 * Sending signal 0 to PID 5982 ...                                                                                                                                                                                                    [ ok ]

 * Sending signal 0 to PID 5982 ...                                                                                                                                                                                                    [ ok ]

[many more lines the same]

 * Sending signal 0 to PID 5982 ...                                                                                                                                                                                                    [ ok ]

 * Sending signal 0 to PID 5982 ...                                                                                                                                                                                                    [ ok ]

 * Sending signal 0 to PID 5982 ...                                                                                                                                                                                                    [ ok ]

 * Sending signal 0 to PID 5982 ...                                                                                                                                                                                                    [ ok ]

 * Sending signal 0 to PID 5982 ...                                                                                                                                                                                                    [ ok ]

 * start-stop-daemon: 1 process refused to stop
```

Despite this, the pid /run/fail2ban/fail2ban.pid file does not exist, "ps ax" does not show the process and the fail2ban process doesn't exist.  The start-stop-daemon command therefore incorrectly reports the process as still running (or times out before it stops).

My system log shows this:

```
Dec 10 12:35:42 mypc /etc/init.d/fail2ban[5655]: start-stop-daemon: 1 process refused to stop

Dec 10 12:35:42 mypc /etc/init.d/fail2ban[5636]: ERROR: fail2ban failed to stop

Dec 10 12:35:44 mypc sendmail[5694]: vBA1ZiNs005694: from=fail2ban, size=184, class=0, nrcpts=1, msgid=<201712100135.vBA1ZiNs005694@mypc.mydomain.com.au>, relay=root@localhost
```

Here is the output of emerge --info:

```
 # emerge --info

Portage 2.3.13 (python 2.7.14-final-0, default/linux/amd64/17.0, gcc-6.4.0, glibc-2.25-r9, 4.12.12-gentoo x86_64)

=================================================================

System uname: Linux-4.12.12-gentoo-x86_64-AMD_FX-tm-4100_Quad-Core_Processor-with-gentoo-2.4.1

KiB Mem:     7648752 total,    357360 free

KiB Swap:    2097148 total,   2096636 free

Timestamp of repository gentoo: Sat, 09 Dec 2017 17:00:01 +0000

Head commit of repository gentoo: 3950fd10a46b156e5aac8f91fca4922976b96495

sh bash 4.3_p48-r1

ld GNU ld (Gentoo 2.29.1 p3) 2.29.1

distcc 3.2rc1 x86_64-pc-linux-gnu [disabled]

ccache version 3.2.4 [enabled]

app-shells/bash:          4.3_p48-r1::gentoo

dev-lang/perl:            5.24.3::gentoo

dev-lang/python:          2.7.14-r1::gentoo, 3.5.4-r1::gentoo

dev-util/ccache:          3.2.4::gentoo

dev-util/cmake:           3.8.2::gentoo

dev-util/pkgconfig:       0.29.2::gentoo

sys-apps/baselayout:      2.4.1-r2::gentoo

sys-apps/openrc:          0.34.11::gentoo

sys-apps/sandbox:         2.10-r4::gentoo

sys-devel/autoconf:       2.69::gentoo

sys-devel/automake:       1.13.4-r1::gentoo, 1.15.1-r1::gentoo

sys-devel/binutils:       2.29.1-r1::gentoo

sys-devel/gcc:            6.4.0::gentoo

sys-devel/gcc-config:     1.8-r1::gentoo

sys-devel/libtool:        2.4.6-r3::gentoo

sys-devel/make:           4.2.1::gentoo

sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers)

sys-libs/glibc:           2.25-r9::gentoo

Repositories:

gentoo

    location: /usr/portage

    sync-type: rsync

    sync-uri: rsync://rsync.gentoo.org/gentoo-portage

    priority: -1000

    sync-rsync-extra-opts:

x-portage

    location: /usr/local/portage

    masters: gentoo

    priority: 0

ACCEPT_KEYWORDS="amd64"

ACCEPT_LICENSE="* -@EULA"

CBUILD="x86_64-pc-linux-gnu"

CFLAGS="-O2 -pipe"

CHOST="x86_64-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.0/ext-active/ /etc/php/cgi-php7.0/ext-active/ /etc/php/cli-php7.0/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo"

CXXFLAGS="-O2 -pipe"

DISTDIR="/usr/portage/distfiles"

FCFLAGS="-O2 -pipe"

FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"

FFLAGS="-O2 -pipe"

GENTOO_MIRRORS="http://mirror.internode.on.net/pub/gentoo"

LANG="en_AU"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

MAKEOPTS="-j5"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"

PORTAGE_TMPDIR="/var/tmp"

USE="acl amd64 bash-completion berkdb bzip2 cli cracklib crypt cxx dri fortran gdbm gpm iconv mmx modules multilib ncurses nls nptl openmp pam pcre readline seccomp session sse sse2 ssl tcpd unicode xattr zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-0" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5" QEMU_SOFTMMU_TARGETS="i386 x86_64 arm" QEMU_USER_TARGETS="i386 x86_64 arm" RUBY_TARGETS="ruby22" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

```

[Moderator edit: changed [quote] tags to [code] tags to preserve output layout. -Hu]

----------

## Frautoincnam

may be try that : https://bugs.gentoo.org/618138

----------

## Syl20

I met the same behaviour since some weeks, and adding "--retry 20" to the stop command solved the problem. Thank you Frautoincnam for the tip.

----------

## Elleni

dito. 

My problem arised, when I had implemented to store blocked ips permanentely. Setting retry option solved it for me too: 

https://forums.gentoo.org/viewtopic-t-1071018-start-0.html

----------

