ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Fail2Ban: Failed to access sock path

    Scheduled Pinned Locked Moved IT Discussion
    22 Posts 4 Posters 11.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gjacobseG
      gjacobse @JaredBusch
      last edited by

      @JaredBusch said in Fail2Ban: Failed to access sock path:

      @gjacobse said in Fail2Ban: Failed to access sock path:

      suro dnf rei fail2ban -y
      

      Don't use shorthand/abbreviations when you don't know what you are doing.

      If the command is not a readable word, it is likely an abbreviated command. Use the tab key. It is your friend.
      1e5067a4-ba3b-429b-afee-60e696ba74f3-image.png

      I search-
      And read information on ‘’’dnf’’’

      Syntax was reinstall or rei-

      Research was done. I know you have your opinion, and I have appreciated all your help, but don’t assume I don’t read and use the internet.

      JaredBuschJ 1 Reply Last reply Reply Quote 0
      • gjacobseG
        gjacobse @JaredBusch
        last edited by

        @JaredBusch said in Fail2Ban: Failed to access sock path:

        @gjacobse said in Fail2Ban: Failed to access sock path:

        I’ve checked and re-checked my conf files

        There should not be anything that you even touch in the fail2ban configuration files.

        You create your own jail files in /etc/fail2ban/jail.d

        The jail.conf file tells you that...
        b991e47a-be6b-4a2b-90a9-8dff38660df2-image.png

        So does the fail2ban.conf
        4c61a130-9a0e-4626-9ccc-0f009925d29a-image.png

        I didn’t-
        I read that. And didn’t alter it.

        Copied jail.conf to jail.local as many resources mentioned.

        JaredBuschJ 1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender
          last edited by

          if you move/rename your own modifications, will it start?

          1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @gjacobse
            last edited by

            @gjacobse said in Fail2Ban: Failed to access sock path:

            Copied jail.conf to jail.local as many resources mentioned.

            Don't do that either.

            Put only the things you want to change beyond default in a .local

            Start off by removing your custom files and restarting fail2ban

            gjacobseG 1 Reply Last reply Reply Quote 0
            • EddieJenningsE
              EddieJennings
              last edited by

              Immediately after installing fail2ban, would it start? If so, that makes me think one of two things.

              1. Some configuration did change, which broke it.
              2. There's a permissions issue with that directory.

              If I have some time, I'll spin up a VM, install fail2ban and see what "normal" looks like.

              1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch
                last edited by gjacobse

                My fail2ban jail file for my jump boxes.

                [jbusch@jump ~]$ cat /etc/fail2ban/jail.d/bundy_jump_jail.local 
                [DEFAULT]
                backend = systemd
                #
                # ACTIONS
                #
                
                # Some options used for actions
                
                # Destination email address used solely for the interpolations in
                # jail.{conf,local,d/*} configuration files.
                destemail = [email protected]
                
                # Sender email address used solely for some actions
                sender = [email protected]
                
                # "bantime" is the number of seconds that a host is banned.
                bantime  = -1
                
                # A host is banned if it has generated "maxretry" during the last "findtime"
                # seconds.
                findtime  = 120m
                
                # "maxretry" is the number of failures before a host get banned.
                maxretry = 5
                
                
                #
                # JAILS
                #
                
                #
                # SSH servers
                #
                
                [sshd]
                
                # To use more aggressive sshd modes set filter parameter "mode" in jail.local:
                # normal (default), ddos, extra or aggressive (combines all).
                # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
                mode   = ddos
                port    = ssh
                logpath = %(sshd_log)s
                backend = %(sshd_backend)s
                enabled = true
                action = %(action_mw)s
                

                BTW, running on Fedora 33.

                [jbusch@jump ~]$ cat /etc/fedora-release 
                Fedora release 33 (Thirty Three)
                
                gjacobseG 1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @gjacobse
                  last edited by

                  @gjacobse said in Fail2Ban: Failed to access sock path:

                  Research was done.

                  I'm sure you found hits on StackExchange, etc.

                  You found such workable information that you still didn't solve it.

                  Using abbrevations is bad form pretty much 100% of the time when troubleshooting.
                  All you are doing is adding complication.

                  1 Reply Last reply Reply Quote 0
                  • gjacobseG
                    gjacobse @JaredBusch
                    last edited by

                    @JaredBusch

                    Okay - had not considered that;

                    [root@NYNJ-AdGuard fail2ban]# rm jail.local fail2ban.local
                    rm: remove regular file 'jail.local'? y
                    rm: cannot remove 'fail2ban.local': No such file or directory
                    
                    [root@NYNJ-AdGuard fail2ban]# sudo systemctl restart fail2ban
                    [root@NYNJ-AdGuard fail2ban]# systemctl status fail2ban
                    ● fail2ban.service - Fail2Ban Service
                         Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
                         Active: active (running) since Mon 2020-12-07 14:56:29 UTC; 7s ago
                           Docs: man:fail2ban(1)
                        Process: 1365 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
                       Main PID: 1366 (f2b/server)
                          Tasks: 3 (limit: 518)
                         Memory: 10.8M
                            CPU: 164ms
                         CGroup: /system.slice/fail2ban.service
                                 └─1366 /usr/bin/python3 -s /usr/bin/fail2ban-server -xf start
                    
                    Dec 07 14:56:29 NYNJ-AdGuard systemd[1]: Starting Fail2Ban Service...
                    Dec 07 14:56:29 NYNJ-AdGuard systemd[1]: Started Fail2Ban Service.
                    Dec 07 14:56:29 NYNJ-AdGuard fail2ban-server[1366]: Server ready
                    [root@NYNJ-AdGuard fail2ban]# 
                    

                    So it is running now. Thank you, Ill make a note of that for the future.

                    So, now to deal with why it doesn’t seemingly kill attempts at sshd.

                    JaredBuschJ 2 Replies Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      I have no idea what the default setup is, but you did delete your jail file...so any customization you made is now gone.

                      1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @gjacobse
                        last edited by

                        @gjacobse said in Fail2Ban: Failed to access sock path:

                        So, now to deal with why it doesn’t seemingly kill attempts at sshd.

                        Use the jail I posted. It only looks at sshd

                        Most likely you need to set it to systemd as I use.

                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @JaredBusch
                          last edited by JaredBusch

                          @JaredBusch said in Fail2Ban: Failed to access sock path:

                          @gjacobse said in Fail2Ban: Failed to access sock path:

                          So, now to deal with why it doesn’t seemingly kill attempts at sshd.

                          Use the jail I posted. It only looks at sshd

                          Most likely you need to set it to systemd as I use.

                          if you do not have mail and whois setup, change the action from aciton_mw to action_

                          These are the actions:
                          From jail.conf
                          40dcaa4b-6d57-48ea-bbe7-d9b7ce964e8b-image.png

                          gjacobseG 1 Reply Last reply Reply Quote 0
                          • gjacobseG
                            gjacobse @JaredBusch
                            last edited by

                            @JaredBusch

                            [root@NYNJ-AdGuard ~]# cat /etc/fedora-release 
                            Fedora release 33 (Thirty Three)
                            [root@NYNJ-AdGuard ~]# 
                            
                            1 Reply Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch @gjacobse
                              last edited by

                              @gjacobse said in Fail2Ban: Failed to access sock path:

                              [root@NYNJ-AdGuard fail2ban]# rm jail.local fail2ban.local
                              rm: remove regular file 'jail.local'? y
                              rm: cannot remove 'fail2ban.local': No such file or directory
                              

                              Those two files do not belong in the same location.

                              1 Reply Last reply Reply Quote 0
                              • gjacobseG
                                gjacobse @JaredBusch
                                last edited by

                                @JaredBusch

                                Since that is a screen shot, it appears that some parts of the code is cut off.

                                I guess since I don't send emails, the only portion that is relevant is the first one...

                                JaredBuschJ 1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch @gjacobse
                                  last edited by

                                  @gjacobse said in Fail2Ban: Failed to access sock path:

                                  Since that is a screen shot, it appears that some parts of the code is cut off.

                                  You are not listening. I said previously posted.

                                  Thus, you need to look before that.

                                  There in the actual .local file I did post, you will see an action listed. In the settings of said action is one of those options.

                                  I posted that screenshot of with the intentional size because it contains the comment regarding what each does as well as the format.

                                  gjacobseG 1 Reply Last reply Reply Quote 0
                                  • gjacobseG
                                    gjacobse @JaredBusch
                                    last edited by

                                    @JaredBusch said in Fail2Ban: Failed to access sock path:

                                    @gjacobse said in Fail2Ban: Failed to access sock path:

                                    Since that is a screen shot, it appears that some parts of the code is cut off.

                                    You are not listening. I said previously posted.

                                    Thus, you need to look before that.

                                    There in the actual .local file I did post, you will see an action listed. In the settings of said action is one of those options.

                                    I posted that screenshot of with the intentional size because it contains the comment regarding what each does as well as the format.

                                    Actually, I was and am listening. When I you are working from a 6.5” diagonal screen as I have been, you likely miss a bit of information.

                                    That said - not that it likely makes any difference.

                                    # fail2ban-client status sshd
                                    Status for the jail: sshd
                                    |- Filter
                                    |  |- Currently failed: 24
                                    |  |- Total failed:     92
                                    |  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
                                    `- Actions
                                       |- Currently banned: 2
                                       |- Total banned:     2
                                       `- Banned IP list:   (IPs)
                                    
                                    
                                    1 Reply Last reply Reply Quote 0
                                    • 1
                                    • 2
                                    • 1 / 2
                                    • First post
                                      Last post