Fail2Ban: Failed to access sock path

gjacobse

@JaredBusch said in Fail2Ban: Failed to access sock path:

@gjacobse said in Fail2Ban: Failed to access sock path:

suro dnf rei fail2ban -y

Don't use shorthand/abbreviations when you don't know what you are doing.

If the command is not a readable word, it is likely an abbreviated command. Use the tab key. It is your friend.

I search-
And read information on ‘’’dnf’’’

Syntax was reinstall or rei-

Research was done. I know you have your opinion, and I have appreciated all your help, but don’t assume I don’t read and use the internet.

gjacobse

@JaredBusch said in Fail2Ban: Failed to access sock path:

@gjacobse said in Fail2Ban: Failed to access sock path:

I’ve checked and re-checked my conf files

There should not be anything that you even touch in the fail2ban configuration files.

You create your own jail files in /etc/fail2ban/jail.d

The jail.conf file tells you that...

So does the fail2ban.conf

I didn’t-
I read that. And didn’t alter it.

Copied jail.conf to jail.local as many resources mentioned.

Dashrender

if you move/rename your own modifications, will it start?

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

Copied jail.conf to jail.local as many resources mentioned.

Don't do that either.

Put only the things you want to change beyond default in a .local

Start off by removing your custom files and restarting fail2ban

EddieJennings

Immediately after installing fail2ban, would it start? If so, that makes me think one of two things.

1. Some configuration did change, which broke it.
2. There's a permissions issue with that directory.

If I have some time, I'll spin up a VM, install fail2ban and see what "normal" looks like.

JaredBusch

My fail2ban jail file for my jump boxes.

[jbusch@jump ~]$ cat /etc/fail2ban/jail.d/bundy_jump_jail.local 
[DEFAULT]
backend = systemd
#
# ACTIONS
#

# Some options used for actions

# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = [email protected]

# Sender email address used solely for some actions
sender = [email protected]

# "bantime" is the number of seconds that a host is banned.
bantime  = -1

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 120m

# "maxretry" is the number of failures before a host get banned.
maxretry = 5


#
# JAILS
#

#
# SSH servers
#

[sshd]

# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
mode   = ddos
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
enabled = true
action = %(action_mw)s

BTW, running on Fedora 33.

[jbusch@jump ~]$ cat /etc/fedora-release 
Fedora release 33 (Thirty Three)

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

Research was done.

I'm sure you found hits on StackExchange, etc.

You found such workable information that you still didn't solve it.

Using abbrevations is bad form pretty much 100% of the time when troubleshooting.
All you are doing is adding complication.

gjacobse

@JaredBusch

Okay - had not considered that;

[root@NYNJ-AdGuard fail2ban]# rm jail.local fail2ban.local
rm: remove regular file 'jail.local'? y
rm: cannot remove 'fail2ban.local': No such file or directory

[root@NYNJ-AdGuard fail2ban]# sudo systemctl restart fail2ban
[root@NYNJ-AdGuard fail2ban]# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
     Active: active (running) since Mon 2020-12-07 14:56:29 UTC; 7s ago
       Docs: man:fail2ban(1)
    Process: 1365 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
   Main PID: 1366 (f2b/server)
      Tasks: 3 (limit: 518)
     Memory: 10.8M
        CPU: 164ms
     CGroup: /system.slice/fail2ban.service
             └─1366 /usr/bin/python3 -s /usr/bin/fail2ban-server -xf start

Dec 07 14:56:29 NYNJ-AdGuard systemd[1]: Starting Fail2Ban Service...
Dec 07 14:56:29 NYNJ-AdGuard systemd[1]: Started Fail2Ban Service.
Dec 07 14:56:29 NYNJ-AdGuard fail2ban-server[1366]: Server ready
[root@NYNJ-AdGuard fail2ban]# 

So it is running now. Thank you, Ill make a note of that for the future.

So, now to deal with why it doesn’t seemingly kill attempts at sshd.

Dashrender

I have no idea what the default setup is, but you did delete your jail file...so any customization you made is now gone.

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

So, now to deal with why it doesn’t seemingly kill attempts at sshd.

Use the jail I posted. It only looks at sshd

Most likely you need to set it to systemd as I use.

JaredBusch

@JaredBusch said in Fail2Ban: Failed to access sock path:

@gjacobse said in Fail2Ban: Failed to access sock path:

So, now to deal with why it doesn’t seemingly kill attempts at sshd.

Use the jail I posted. It only looks at sshd

Most likely you need to set it to systemd as I use.

if you do not have mail and whois setup, change the action from aciton_mw to action_

These are the actions:
From jail.conf

gjacobse

@JaredBusch

[root@NYNJ-AdGuard ~]# cat /etc/fedora-release 
Fedora release 33 (Thirty Three)
[root@NYNJ-AdGuard ~]# 

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

[root@NYNJ-AdGuard fail2ban]# rm jail.local fail2ban.local
rm: remove regular file 'jail.local'? y
rm: cannot remove 'fail2ban.local': No such file or directory

Those two files do not belong in the same location.

gjacobse

@JaredBusch

Since that is a screen shot, it appears that some parts of the code is cut off.

I guess since I don't send emails, the only portion that is relevant is the first one...

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

Since that is a screen shot, it appears that some parts of the code is cut off.

You are not listening. I said previously posted.

Thus, you need to look before that.

There in the actual .local file I did post, you will see an action listed. In the settings of said action is one of those options.

I posted that screenshot of with the intentional size because it contains the comment regarding what each does as well as the format.

gjacobse

@JaredBusch said in Fail2Ban: Failed to access sock path:

@gjacobse said in Fail2Ban: Failed to access sock path:

Since that is a screen shot, it appears that some parts of the code is cut off.

You are not listening. I said previously posted.

Thus, you need to look before that.

There in the actual .local file I did post, you will see an action listed. In the settings of said action is one of those options.

I posted that screenshot of with the intentional size because it contains the comment regarding what each does as well as the format.

Actually, I was and am listening. When I you are working from a 6.5” diagonal screen as I have been, you likely miss a bit of information.

That said - not that it likely makes any difference.

# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 24
|  |- Total failed:     92
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 2
   |- Total banned:     2
   `- Banned IP list:   (IPs)