Systemd service fail2ban cannot be created unless a command is given

I am trying to install from scratch Virtualmin in a Debian 9 virtual machine. Installation fails here. Nothing can do positive from now on.

▣□□ Phase 1 of 3: Setup
Downloading RPM-GPG-KEY-virtualmin-6                                    [ OK! ]
Downloading RPM-GPG-KEY-webmin                                          [ OK! ]
Installing Virtualmin 6 key                                             [ OK! ]
Installing Webmin key                                                   [ OK! ]
Updating apt metadata                                                   [ OK! ]
Downloading repository metadata                                         [ OK! ]
Disabling cdrom: repositories                                           [ OK! ]
Cleaning out old metadata                                               [ OK! ]

▣▣□ Phase 2 of 3: Installation
Installing Webmin                                                       [ OK! ]
Installing Usermin                                                      [ OK! ]
Installing fail2ban                                                     [ OK! ]
Removing nginx (if installed) before LAMP installation.                 [ OK! ]
Removing unneeded packages that could confict with LAMP stack.          [ OK! ]
Installing postfix                                                      [ OK! ]
Installing virtualmin-lamp-stack                                        [ OK! ]
Installing Virtualmin and plugins                                       [ OK! ]
29 Jan 22:15:07 ntpdate[20878]: the NTP socket is in use, exiting
Installing updates to Virtualmin-related packages                       [ OK! ]

▣▣▣ Phase 3 of 3: Configuration
[1/23] Configuring AWStats                                              [  ✔  ]
[2/23] Configuring Apache                                               [  ✔  ]
[3/23] Configuring Bind                                                 [  ✔  ]
[4/23] Configuring ClamAV                                               [  ✔  ]
[5/23] Configuring Dovecot                                              [  ✔  ]
[6/23] Configuring Firewalld                                            [  ✔  ]
[7/23] Configuring MySQL                                                [  ✔  ]
[8/23] Configuring NTP                                                  [  ✔  ]
[9/23] Configuring Net                                                  [  ✔  ]
[10/23] Configuring ProFTPd                                             [  ✔  ]
[11/23] Configuring Procmail                                            [  ✔  ]
[12/23] Configuring Quotas                                              [  ✔  ]
[13/23] Configuring SASL                                                [  ✔  ]
[14/23] Configuring Shells                                              [  ✔  ]
[15/23] Configuring SpamAssassin                                        [  ✔  ]
[16/23] Configuring Status                                              [  ✔  ]
[17/23] Configuring Upgrade                                             [  ✔  ]
[18/23] Configuring Usermin                                             [  ✔  ]
[19/23] Configuring Webalizer                                           [  ✔  ]
[20/23] Configuring Webmin                                              [  ✔  ]
[21/23] Configuring Fail2banFirewalld                                   ████▒▒▒Error: Systemd service fail2ban cannot be created unless a command is given
Error
-----
Systemd service fail2ban cannot be created unless a command is given
-----
▣▣▣ Cleaning up

[WARNING] The following errors occurred during installation:

  ◉ Postinstall configuration returned an error.
[WARNING] The last few lines of the log file were:
[2019/01/29 22:15:34] [INFO] - Succeeded
[2019/01/29 22:15:34] [INFO] - Configuring Status
[2019/01/29 22:15:36] [INFO] - Succeeded
[2019/01/29 22:15:36] [INFO] - Configuring Upgrade
[2019/01/29 22:15:37] [INFO] - Succeeded
[2019/01/29 22:15:37] [INFO] - Configuring Usermin
[2019/01/29 22:15:37] [INFO] - Succeeded
[2019/01/29 22:15:37] [INFO] - Configuring Webalizer
[2019/01/29 22:15:37] [INFO] - Succeeded
[2019/01/29 22:15:38] [INFO] - Configuring Webmin
[2019/01/29 22:15:50] [INFO] - Succeeded
[2019/01/29 22:15:50] [INFO] - Configuring Fail2banFirewalld
[2019-01-29 22:15:51 EET] [DEBUG] Cleaning up temporary files in /tmp/.virtualmin-9083.
Status: 
Active

Comments

Assigned: Unassigned »

Passing this along to Joe for review.

It looks like you're seeing the issue described in the post here:

https://www.virtualmin.com/node/53493

Could you try the solution there in the first post and see if that works for you?

If that does indeed resolve it, we'll have to look deeper into that, as that should have been resolved long ago, I'm not quite sure why that would be occurring.

I already read that post before reporting. Here are the results:

Solution 1 - It is not a solution

Using command "virtualmin-config-system --exclude"

root@server:~# virtualmin-config-system --exclude
Option exclude requires an argument
Usage:
    virtualmin config-system [options]

      Options:
        --help|-h          Print this summary of options and exit
        --list-bundles|-s  List available installation bundles
        --list-plugins|-p  List available plugins
        --bundle|-b        A bundle of plugins to execute
        --log|-l           Path to a file for logging actions
        --include|-i       One or more extra plugins to include
        --exclude|-x       One or more plugins to exclude
        --test|-t          Test services after configured (when available)

Command "virtualmin-config-system --list-plugins"

root@server:~# virtualmin-config-system --list-plugins
Available Plugins:
  AWStats            Apache             Bind               ClamAV
  Dovecot            Fail2ban           Fail2banFirewalld  Firewall
  Firewalld          Mailman            MySQL              NTP
  Net                Nginx              Postfix            PostgreSQL
  ProFTPd            Procmail           Quotas             SASL
  SELinux            Shells             SpamAssassin       Status
  Upgrade            Usermin            Virtualmin         Webalizer
  Webmin

Command "virtualmin-config-system --exclude Fail2banFirewalld" not working root@server:~# virtualmin-config-system --exclude Fail2banFirewalld Usage: virtualmin config-system [options]

  Options:
    --help|-h          Print this summary of options and exit
    --list-bundles|-s  List available installation bundles
    --list-plugins|-p  List available plugins
    --bundle|-b        A bundle of plugins to execute
    --log|-l           Path to a file for logging actions
    --include|-i       One or more extra plugins to include
    --exclude|-x       One or more plugins to exclude
    --test|-t  

Solution 2 - It is not a solution. I tried editing /usr/share/webmin/init/init-lib.php and using all combinations possible in that if statement. Here are all combinations used:

(!-r "$config{'init_dir'}/$_[0]" || &is_systemd_service($unit))
(!-r "$config{'init_dir'}/$_[0]" || !&is_systemd_service($unit))
!(-r "$config{'init_dir'}/$_[0]" || &is_systemd_service($unit))

Solution 3 - I did not find a file called S99fail2ban in any of rc.d directories. The only file is K01fail2ban

Those "tips" mentioned in that post are not solution to apply in this case. I couldn't manage installing Virtualmin in a VMware workstation 15 with Debian 64-bit. I would like to exclude the packages Fail2Ban, Fail2banFirewalld and Firewalld to see if I can install it, but I don't know. A lot of garbage remains behind with every installation failure.

I need a solution as soon as possible.

Doing a research fail2ban-firewalld is not a package in Debian. Only Fedora/CentOS/RHEL have this package. Under this circumstances I am wondering why there is a Virtualmin package named Fail2banFirewall?

For those like me who don't use Firewalld after a succeed installation just disable firewalld service. Do not remove it from system. You can use iptables as before (old school).

This is a bug in Debian 9 installation. Virtualmin is not enabling Firewalld service. Please do the following test and see the results:

Firewalld service disabled:

root@server:~# systemctl disable firewalld.service
Synchronizing state for firewalld.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d firewalld defaults
Executing /usr/sbin/update-rc.d firewalld disable
insserv: warning: current start runlevel(s) (empty) of script `firewalld' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `firewalld' overrides LSB defaults (0 1 6).
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
root@server:~# virtualmin config-system --include Fail2banFirewalld
[1/2] Configuring Firewalld                                             ███████Error: Systemd service firewalld cannot be created unless a command is given                                            ▒██████Error
-----
Systemd service firewalld cannot be created unless a command is given
-----

Firewalld service enabled:

root@server:~# systemctl enable firewalld.service
Synchronizing state for firewalld.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d firewalld defaults
insserv: warning: current start runlevel(s) (empty) of script `firewalld' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `firewalld' overrides LSB defaults (0 1 6).
Executing /usr/sbin/update-rc.d firewalld enable
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /lib/systemd/system/firewalld.service.
root@server:~# virtualmin config-system --include Fail2banFirewalld
[1/2] Configuring Firewalld                                             [  ✔  ]
[2/2] Configuring Fail2banFirewalld                                     [  ✔  ]

As you may see if Virtualmin is not enabling Firewalld installation will fail with error in Phase 3 - Step 21.

Also fail2ban service should be masked. If it is not masked it won't let you configure Fail2banFirewalld.

Anyone can get rid off Firewalld just stopping the service. Then in jail.local switch from firewalld to normal banning.