Fail2ban - Failed during configuration: File contains no section headers

Question

I'm working on setting up Fail2ban for my linux (debian) server. When I check the status of the fail2ban service I am getting this error:

● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2020-11-01 13:15:05 EST; 5s ago
     Docs: man:fail2ban(1)
  Process: 17851 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
  Process: 17852 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
 Main PID: 17852 (code=exited, status=255/EXCEPTION)
Nov 01 13:15:05 raspberrypi systemd[1]: Starting Fail2Ban Service...
Nov 01 13:15:05 raspberrypi systemd[1]: Started Fail2Ban Service.
Nov 01 13:15:05 raspberrypi fail2ban-server[17852]:  Failed during configuration: File contains no section headers.
Nov 01 13:15:05 raspberrypi fail2ban-server[17852]: file: '/etc/fail2ban/jail.local', line: 21
Nov 01 13:15:05 raspberrypi fail2ban-server[17852]: 'bantime = 1h\n'
Nov 01 13:15:05 raspberrypi fail2ban-server[17852]:  Async configuration of server failed
Nov 01 13:15:05 raspberrypi systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Nov 01 13:15:05 raspberrypi systemd[1]: fail2ban.service: Failed with result 'exit-code'.

I have a feeling this has something to do with my config file, here is the first 30 lines of it:

#
# WARNING: heavily refactored in 0.9.0 release.  Please review and
#          customize settings for your setup.
#
# Changes:  in most of the cases you should not modify this
#           file, but provide customizations in jail.local file,
#           or separate .conf files under jail.d/ directory, e.g.:
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwritten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]
bantime = 1h
#
# [sshd]
enabled = true
#
# See jail.conf(5) man page for more information
Comments: use '#' for comment lines and ';' (following a space) for inline comments
[INCLUDES]
#before = paths-distro.conf
before = paths-debian.conf
The DEFAULT allows a global definition of the options. They can be overridden
in each jail afterwards.
[DEFAULT]

MISCELLANEOUS OPTIONS

score 3 · Accepted Answer · answered Dec 19 '20 at 23:10

For the case still actual or someone would find it later.

Firstly, don't copy jail.conf into jail.local, use empty one.

Then, this is wrong:

# [sshd]
enabled = true

Before enabled is no section in your file (lines started with # are comments).

This would be correct jail.local file:

[DEFAULT]
# here you can overwrite some defaults:
[sshd]
enabled = true
[other-jail]
enabled = true
...

Fail2ban - Failed during configuration: File contains no section headers

Comments: use '#' for comment lines and ';' (following a space) for inline comments

The DEFAULT allows a global definition of the options. They can be overridden

in each jail afterwards.

MISCELLANEOUS OPTIONS

1 Answers1