MySQL 외부 접속 (root / user) 가능하도록 설정

원격 접속 가능한 호스트 및 사용자 확인

[root@company bin]# mysql uroot p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 561388
Server version: 5.0.51log Source distribution
 
 
 
mysql> select HOST, USER, Password FROM mysql.user;
+—————–+——-+——————————————-+
| HOST            | USER  | Password                                  |
+—————–+——-+——————————————-+
| localhost       | root  | *(생략)                           | 
| company         | root  |                                           | 
| 127.0.0.1       | root  |                                           | 
| localhost       |       |                                           | 
| company         |       |                                           | 
| localhost       | news  | *(생략)                                | 
| 211.200.200.200 | news  | (생략)                                     | 
| 100.200.100.100 | news  | (생략)                                      | 
| 192.168.100.110 | news  | (생략)                                      | 
+—————–+——-+——————————————-+
 
9 rows in set (0.02 sec)

위 경우 HOST에 명시된 호스트에서만 접속 가능.

따라서 사용자 추가.

mysql> show databases;
+——————–+
| Database           |
+——————–+
| information_schema | 
| mysql              | 
| company            | 
+——————–+
3 rows in set (0.01 sec)
 
mysql> use mysql
Database changed
 
mysql> insert into user (host,user,password) 
values(‘%’,‘news’,password(‘newspasswd’));
Query OK, 0 rows affected (0.02 sec)
 
mysql> GRANT all privileges on *.* to ‘news’@‘%’ 
identified by ‘newspasswd’ ;
Query OK, 0 rows affected (0.02 sec)
 
mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)
 
 
mysql> select HOST, USER, Password FROM mysql.user;
+—————–+——-+——————————————-+
| HOST            | USER  | Password                                  |
+—————–+——-+——————————————-+
| localhost       | root  | *7540F67EE4(생략)                         | 
| company         | root  |                                           | 
| 127.0.0.1       | root  |                                           | 
| localhost       |       |                                           | 
| company         |       |                                           | 
| localhost       | news  | *7540F67EE4                               | 
| 211.200.200.200 | news  | 49d7                                      | 
| 100.200.100.100 | news  | 49d7                                      | 
| 192.168.100.110 | news  | 49d7                                      | 
| %  | news  | *7540F67EE4                               | 
+—————–+——-+——————————————-+
10 rows in set (0.02 sec)
 


단 MySQL 5.7에서는 Insert 명령어를 아래와 같이 변경해야 함.
insert into user(host,user,authentication_string,ssl_cipher,x509_issuer,x509_subject) values (‘%’, ‘news’, password(‘password’),”,”,”);


호스트를 %로 할경우 어떤 호스트에서든 접속 가능.

이렇게 하고도… 외부에서 접속이 안될 경우

1. OS 방화벽 (리눅스 방화벽 확인 ) 해제 – ufw disable
2. MySQL 설정 파일 “my.cnf” (mysqld.cnf) 에, bind-address=127.0.0.1 로 되어 있는 것을 “0.0.0.0” 으로 변경 후, 
3. MySQL 재시작

UBuntu 16.04 – 부팅시 rc.local 파일 실행 되지 않을 때 (systemd 기반 rc.local 활성화)

우분투 16.04 버전은 systemd 기반으로 PID들이 관리된다,
rc.local을 부득이 하게 사용할 일이 생겨 사용하려 했으나 활성화가 안되어 있어서 활성화 방법을 찾아서 기록

 

/lib/systemd/sytem/rc-local.service 을 수정한다.

 

가장 하단에 

 

[#M_ more.. | less.. |[Install]
WantedBy=multi-user.target _M#]

 

​위 와 같이 추가 시켜준 뒤 

[#M_ more.. | less.. |systemctl enable rc-local.service _M#]

 

​rc.local 서비스를 활성화 시켜준다.

Install을 추가시켜주지 않고 활성화를 시켜주려 하면, 해당 부분이 없어 활성화가 되지 않는다.

 

rc.local이 제데로 동작하는지 테스트는 서비스 재시작 뒤 확인 해주면 된다.

[#M_ more.. | less.. |service rc.local restart
systemctl status rc-local.service_M#]

 

​정상적으로 동작한다면 

 

[#M_ more.. | less.. |

root@stream:~# systemctl status rc-local.service

● rc-local.service – /etc/rc.local Compatibility

   Loaded: loaded (/etc/systemd/system/rc-local.service; static; vendor preset: enabled)

  Drop-In: /lib/systemd/system/rc-local.service.d

           └─debian.conf

   Active: active (running) since Mon 2018-04-02 15:23:37 KST; 3min 43s ago

  Process: 1434 ExecStart=/etc/rc.local start (code=exited, status=0/SUCCESS)

    Tasks: 87

   Memory: 111.9M

      CPU: 3.000s

   CGroup: /system.slice/rc-local.service

           ├─1529 /usr/local/bin/tvheadend –config /home/TVHeadEnd/.hts/tvheadend/ –user root –gr

           └─1530 /usr/local/bin/istatserver -d

 

Apr 02 15:23:38 stream tvheadend[1529]: scanfile: DVB-C – loaded 18 regions with 60 networks

Apr 02 15:23:38 stream tvheadend[1529]: scanfile: ATSC-T – loaded 2 regions with 12 networks

Apr 02 15:23:38 stream tvheadend[1529]: scanfile: ATSC-C – loaded 1 regions with 5 networks

Apr 02 15:23:38 stream tvheadend[1529]: scanfile: ISDB-T – loaded 2 regions with 1297 networks

Apr 02 15:24:37 stream tvheadend[1529]: iptv: m3u parse: 0 new mux(es) in network ‘IPTV’ (total 116)

 _M#]

active (활성화) 되었다고 표시되며, 하단에 로그도 확인이 가능하다.

Ubunt 16.04 – apt-get install 시, “E: Failed to fetch 403 Forbidden” 오류 발생시,

Ubuntu 16.04에서, 
apt-get install 로 package 설치시,

해당 패키지에 접근할 수 없다는 오류

E: Failed to fetch  ‘패키지 이름’ 403  Forbidden

가 발생시, 
간단하게

다음과 같이 해결 할 수 있다.

우선 /etc/appt/sources.list 파일을 백업 한후,

기존 sources.list 내용을 지우고 다음과 같이 2줄을 추가.

[#M_ more.. | less.. |deb http://archive.ubuntu.com/ubuntu xenial main universe restricted multiverse
deb-src http://archive.ubuntu.com/ubuntu xenial main universe restricted multiverse
_M#]

하고 다시

apt-get update 를 해주면 정상적으로 package가 설치됨.

[Mac] 특정 네트워크 인터페이스에 static route 정보 설정

출처 : http://egloos.zum.com/mcchae/v/11263102

Mac 에서 (Sierra) static route를 설정할 필요가 있습니다.

예를 들어,
Wi-Fi 로 연결된 자신의 주소가 192.168.10.100 이었고,
192.168.10.200 이라는 내부 라우터가
192.168.100.0/24 네트워크를 라우팅할 필요가 있다면
터미널에서
$ sudo route -n add 192.168.100.0/24 192.168.10.200
라고 명령을 주면 됩니다.
문제는 다음에 재기동하면 다시 이 정보가 없어지는 문제가 있지요.
다음은 간단히 networksetup 명령을 이용하여 static routing 정보를
시스템에 등록하는 방법입니다.
우선 현재 시스템에 설치된 인터페이스를 검색합니다.
$ networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
Wi-Fi
USB 10/100/1000 LAN
iPhone USB
Bluetooth PAN
Thunderbolt Bridge
Wi-Fi 인터페이스에 지정된 정보를 확인합니다.
$ networksetup -getinfo Wi-Fi
DHCP Configuration
IP address: 192.168.10.160
Subnet mask: 255.255.255.0
Router: 192.168.10.1
Client ID:
IPv6: Automatic
IPv6 IP address: none
IPv6 Router: none
Wi-Fi ID: 80:e6:50:0f:1a:f4
혹시 이전에 설정한 static 정보가 있는지 확인합니다.
$ networksetup -getadditionalroutes Wi-Fi
There are no additional IPv4 routes on Wi-Fi.
 
이제는 위에서 설명한 것과 같은 static 라우팅 정보를 지정합니다.
$ sudo networksetup -setadditionalroutes Wi-Fi 192.168.100.0 255.255.255.0 192.168.10.200
다시 부팅을 하거나 해도 다음과 같이 정적 라우팅 정보를 확인해 보면,
$ networksetup -getadditionalroutes Wi-Fi
192.168.100.0 255.255.255.0 192.168.10.200
과 같이 정적 라우팅이 지정됩니다.

Synology NAS DSM 6.2 업데이트 후, SSH 로그인 실패 현상

DSM 6.2 업데이트 이전에는 잘되던 SSH가 갑지가 6.2 업데이트 후 SSH 접속이 되지 않을 경우,

다음에 따라 수정할 것.

1. telnet 활성화.
2. telnet 을 통해 admin 계정 접속 후,
3. 다음의 파일 수정
  파일 : /etc/ssh/sshd_config

ChallengeResponseAuthentication 는 yes
UsePAM 는 no
로 변경 후,

저장
4. SSH 재시작
  명령어 : killall -1 sshd

이후 SSH 가 접속되는 것을 확인 후 telnet은 비활성화

리눅스 “umount : device is busy” 발생시 강제 umount 방법

페도라든 우분트든,.. 내가 사용하고 있는 리눅스 시스템에서, 분명히 사용중이 아닌 경우에도 
mount된 디렉토리를 umount 하고자 할 때,
특정 사용자 & 프로세스가 해당 디렉토리를 사용하고 있다며 

[root@linux ~]# umount /backup
umount: /backup: device is busy.        
(In some cases useful info about processes that use the device is found by lsof(8) or fuser(1))


라고 
“device is busy” 메세지가 발생하며 umount 가 되지 않을 때가 있다. 

누가? 또는 어떤 프로세스가 해당 mount 영역을 사용하고 있는지 확인 하고 싶을때는

# fuser -cu /backup

이 경우 umount를 위해 해당 프로세스를 강제로 kill 하는 방법은 아래와 같다.

# fuser -ck 마운트디렉토리

ex) fuser -ck /backup

위 명령으로 프로세스를 kill 하고 umount를 재시도하면 정상적으로 mount가 해제 된다.

Ubuntu 14.04 + sendmail 설치

** sendmail 설치 및 설정

 

> 설치 

# apt-get install sendmail
# apt-get install sendmail-cf    ;; sendmail 설정

> 제대로 설치되었나 확인

# cd /etc/mail

 

> 내부에서만 메일을 주고 받을수 있게 설정해보자

# vi /etc/mail/sendmail.mc

Line 56 아래와 같이 수정
DAMON_OPTIONS('Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl

Line 59 아래와 같이 수정
DAMON_OPTIONS('Family=inet, Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl

# m4 sendmail.mc   ;; 변경된 값 적용

 

> 접근할 수 있는 IP 대역 설정 추가

 

# vi /etc/mail/access

아래 부분 추가

127.0.0.1 RELAY
192.168.0 RELAY ;; 내부 아이피에서는 허용
;; 공인 아이피가 있다면 같이 추가해줌

# makemap hash access < access ;; 적용

> sendmail 재시작

 

# service sendmail restart

 

  

** sendmail이 가긴 가는데 너무 느리게 갈 때

 

> sendmail error log 확인

 

# vi /var/log/mail.err

아래 내용이 있는지 확인
My unqualified host name (localhost) unknown;; sleeping for retry

 

host name을 못 찾겠다 하지만 메일은 보내주겠다는 내용인 것 같음.

 

> host name 추가

# vi /etc/hots

127.0.0.1    localhost.localdomain localhost (yourhostname)

 

 

 

Asterisk – 해킹 시도 Fail2Ban 으로 차단하기

Fail2Ban (with iptables) And Asterisk

Fail2Ban


Fail2Ban is a limited intrusion detection/prevention system. It works by scanning log files and then banning IPs based on the entries in those logs. Note that Digium is moving away from writing security information to log files, and is now using AMI events. Consider fail2ban a short-term solution only.

You can get Fail2Ban, as well as more documentation, at www.fail2ban.org. At the time this is being written, the current release is 0.8.4.

Fail2Ban With Asterisk


The following describes how to setup Fail2Ban to protect an Asterisk PBX from SIP brute force attempts and scans utilizing the iptables firewall.

SECURITY NOTE: fail2ban is rather limited in its ability to detect attacks against asterisk. 
More info http://forums.asterisk.org/viewtopic.php?p=159984
Consider a more comprehensive product like the free edition of SecAst www.generationd.com

Easy Install Script for Fail2ban version 0.8.4 / Red Hat


This script was written by Cédric Brohée in order to simplify and accelerate the integration of the solution in a basic Asterisk configuration on Red Hat.
Do not hesitate to read the bash script and make changes to match your own configuration.

Before running it, you will have to do chmod 755.

Download script with new dedicated sources :

Fail2ban.sh_030512.txt




Installing


Log into the system and su – root, or sudo -i to get a root shell on Ubuntu.

CentOS/Red Hat (this method may install an older version of fail2ban):

Install rpmforge or optionally fetch the fail2ban rpm directly from rpmforge.
Install fail2ban using yum:

yum install fail2ban

Debian/Ubuntu:

apt-get install fail2ban

Source installation:
Change directories to /usr/src:

cd /usr/src

Download and extract Fail2Ban (check for newer releases):

wget http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2/download
tar jxf fail2ban-0.8.4.tar.bz2

Enter the Fail2Ban directory you just extracted:

cd fail2ban-0.8.4

Make sure python and iptables are installed:

CentOS/Red Hat:

yum install python iptables

Debian/Ubuntu:

apt-get install python iptables

Install Fail2Ban:

python setup.py install

Install the Fail2Ban init script (for source installations):

Centos/Red Hat (if you installed via yum/rpm, the init script has already been installed):

cp /usr/src/fail2ban-0.8.4/files/redhat-initd /etc/init.d/fail2ban
chmod 755 /etc/init.d/fail2ban

For other distributions’ init scripts, please refer to documentation specific to them.



Configure Fail2Ban


We need to create a configuration for Fail2Ban so that it can understand attacks against Asterisk.

Create a new filter configuration for Asterisk:

touch /etc/fail2ban/filter.d/asterisk.conf

The contents of /etc/fail2ban/filter.d/asterisk.conf should be the following:

Generic (without using /var/log/asterisk/security)


# Fail2Ban configuration file
#
#
# $Revision: 250 $
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf


[Definition]

#_daemon = asterisk

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

# Asterisk 1.4 use the following failregex

failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password
            NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching peer found
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Peer is not supposed to register
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - ACL error (permit/deny)
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL
            NOTICE.* <HOST> failed to authenticate as '.*'$
            NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)
            NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
            NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
            NOTICE.* .*: Sending fake auth rejection for device .*\<sip:.*\@<HOST>\>;tag=.*

# In Asterisk 1.8 use the same as above, but after <HOST> add :.* before the single quote. This is because in Asterisk 1.8, the log file includes a port number which 1.4 did not.

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =



If you’re having issues with your system not banning properly when the “Registration from” section in your log file contains a quotation mark (“) as in this example:


[2011-04-07 17:53:11] NOTICE[7557] chan_sip.c: Registration from '"69106698"<sip:69106698@123.123.123.123>' failed for '123.123.123.123' - No matching peer found



Add the following line, with the others above, in asterisk.conf:

NOTICE.* .*: Registration from ‘\”.*\”.*’ failed for ‘<HOST>’ – No matching peer found

Recently noticed attacks:


[2011-06-21 17:53:11] NOTICE[7557] chan_sip.c: Registration from '"XXXXXXXXXX"<sip:XXXXXXXXXX@123.123.123.123>' failed for '123.123.123.123' - Wrong Password


Adding the following line will block these attempts:

NOTICE.* .*: Registration from ‘\”.*\”.*’ failed for ‘<HOST>’ – Wrong password

Using new /var/log/asterisk/security

For this you will need an Asterisk that comes with the new Asterisk Security Framework (Asterisk 10+). You will also need to enable the log output in logger.conf by adding or uncommenting the line “security => security”. Likewise, you willl also need to ensure the date format has been changed in logger.conf to “dateformat=%F %T”.


# Fail2Ban configuration file
#
#
# $Revision: 250 $
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf


[Definition]

#_daemon = asterisk

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

failregex = SECURITY.* SecurityEvent="FailedACL".*RemoteAddress=".+?/.+?/<HOST>/.+?".*
            SECURITY.* SecurityEvent="InvalidAccountID".*RemoteAddress=".+?/.+?/<HOST>/.+?".*
            SECURITY.* SecurityEvent="ChallengeResponseFailed".*RemoteAddress=".+?/.+?/<HOST>/.+?".*
            SECURITY.* SecurityEvent="InvalidPassword".*RemoteAddress=".+?/.+?/<HOST>/.+?".*

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =




Next edit /etc/fail2ban/jail.conf to include the following section so that it uses the new filter. This does a 3-day ban on the IP that performed the attack. It is recommend to set the bantime in the [DEFAULT] section so if affects all attacks. It is also recommend to turn on an iptables ban for ssh, httpd/apache, and ftp if they are running on the system. Be sure to edit the sendmail-whois action to send notifications to an appropriate address:


Generic (without using /var/log/asterisk/security)


[asterisk-iptables]

enabled  = true
filter   = asterisk
action   = iptables-allports[name=ASTERISK, protocol=all]
           sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban@example.org]
logpath  = /var/log/asterisk/messages
maxretry = 5
bantime = 259200



note: logpath = /var/log/asterisk/messages is for vanilla asterisk, use logpath = /var/log/asterisk/full for freepbx. You can check the name of the log file in logger.conf.

note: if fail2ban still failed to identify login attempts, try the syslog logging way.

Using new /var/log/asterisk/security


[asterisk-iptables]
enabled  = true
filter   = asterisk
action   = iptables-allports[name=ASTERISK, protocol=all]
           sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban@example.org]
logpath  = /var/log/asterisk/security
maxretry = 5
bantime = 259200



Don’t Ban Yourself


We don’t want to ban ourselves by accident. Edit /etc/fail2ban/jail.conf and edit the ignoreip option under the [DEFAULT] section to include your IP addresses or network, as well as any other hosts or networks you do not wish to ban. Note that the addresses must be separated by a SPACE character!

Asterisk Logging


We must change how Asterisk does its time stamp for logging. The default format does not work with Fail2Ban because the pattern Fail2Ban uses that would match this format has a beginning of line character (^), and Asterisk puts its date/time inside of []. The other formats that Fail2Ban supports, however, do not have this character and can be used with Asterisk.

To change this format, open /etc/asterisk/logger.conf and add the following line under [general] section (You may have to create this before the [logfiles] section). This causes the date and time to be formatted as Year-Month-Day Hour:Minute:Second, [2008-10-01 13:40:04] is an example.


 [general]
 dateformat=%F %T



Then reload the logger module for Asterisk. At the command line, run the following command:

asterisk -rx “logger reload”

If for some reason you do not want to change the date/time format for your normal asterisk logs (maybe you already have scripts that use it or something and do not want to edit them), you can do the following instead:

In /etc/asterisk/logger.conf, add the following line under the [logfiles] section for Asterisk to log NOTICE level events to the syslog (/var/log/messages) as well as its normal log file. These entries in syslog will have a Date/Time stamp that is usable by Fail2Ban.

syslog.local0 => notice

Be sure to reload the logger module for Asterisk — check above for the command to do so. If you chose this option, you will also have to change the/etc/fail2ban/jail.conf setting under the [asterisk-iptables] section for the logpath option to the following:

logpath = /var/log/messages

Turning it On


Now it is time to put fail2ban to work. There are a couple steps we need to do first.

Turn IPTABLES on


By default, iptables allows all traffic. So if we turn it on, it will not block any traffic until Fail2Ban creates deny rules for attackers. You should create your own firewall rules and setup for iptables, but that is beyond the scope of this guide. Just know that Fail2Ban, by default, inserts rules at the top of the chain, so they will override any rules you have configured in iptables. This is good because you may allow all sip traffic in and then the Fail2Ban will block individual hosts, after they have done an attack, before they are allowed by this rule again.

To start iptables, run the following as root:

/etc/init.d/iptables start

Depending on your install, you may or may not have the iptables init script installed. Please refer to an iptables install/setup guide for your distribution for more information.

Turn on Fail2Ban


To start Fail2Ban, run the following as root:

/etc/init.d/fail2ban start

Check It


If both started properly, issue the following command to view your iptables rules:

iptables -L -v

You should see something like the following for the INPUT chain (you will see more if you have other Fail2Ban filters enabled):

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2104K 414M fail2ban-ASTERISK all — any any anywhere anywhere

If you do not see something similar to that, then you have some troubleshooting to do; check out /var/log/fail2ban.log.

If you do not see all your rules, or if you see a different subset of rules after stopping and restarting fail2ban, you may be experiencing the issue described on this page on the Fail2ban talk:Community Portal and may wish to use the suggested fix:

fail2ban.action.action ERROR on startup/restart

I had multiple fail2ban.action.action ERROR on startup/restart. It seems there was a “race” condition with iptables. I solved the problem completely on my system by editing /usr/bin/fail2ban-client and adding a time.sleep(0.1)


def __processCmd(self, cmd, showRet = True):
	beautifier = Beautifier()
	for c in cmd:
		time.sleep(0.1)
		beautifier.setInputCmd(c)



Turn it on for good


If all is well up to this point, let’s make sure that fail2ban and iptables restart with the server by issuing the following commands.

Centos/Red Hat:

chkconfig iptables on
chkconfig fail2ban on

Debian/Ubuntu:

update-rc.d iptables defaults
update-rc.d fail2ban defaults

You should now be somewhat protected against SIP scans and brute force attacks!

Try a reboot


Once you have fail2ban working ok, make sure that it continues that way after rebooting the server. On some distributions (including Ubuntu daper) fail2ban won’t start after the system reboots because the /var/run/fail2ban directory gets deleted and needs to be re-created. This can be frustrating as there is also nothing that shows up in the logs to indicate what the problem is. If this happens, please see the link below for instructions on modifying the startup script so that it checks for and creates the /var/run/fail2ban directory if needed:

http://informationideas.com/news/2010/04/21/fail2ban-does-not-start-after-reboot/

Additional Information