ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Fail2Ban: Failed to access sock path

    Scheduled Pinned Locked Moved IT Discussion
    22 Posts 4 Posters 11.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by gjacobse

      My fail2ban jail file for my jump boxes.

      [jbusch@jump ~]$ cat /etc/fail2ban/jail.d/bundy_jump_jail.local 
      [DEFAULT]
      backend = systemd
      #
      # ACTIONS
      #
      
      # Some options used for actions
      
      # Destination email address used solely for the interpolations in
      # jail.{conf,local,d/*} configuration files.
      destemail = [email protected]
      
      # Sender email address used solely for some actions
      sender = [email protected]
      
      # "bantime" is the number of seconds that a host is banned.
      bantime  = -1
      
      # A host is banned if it has generated "maxretry" during the last "findtime"
      # seconds.
      findtime  = 120m
      
      # "maxretry" is the number of failures before a host get banned.
      maxretry = 5
      
      
      #
      # JAILS
      #
      
      #
      # SSH servers
      #
      
      [sshd]
      
      # To use more aggressive sshd modes set filter parameter "mode" in jail.local:
      # normal (default), ddos, extra or aggressive (combines all).
      # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
      mode   = ddos
      port    = ssh
      logpath = %(sshd_log)s
      backend = %(sshd_backend)s
      enabled = true
      action = %(action_mw)s
      

      BTW, running on Fedora 33.

      [jbusch@jump ~]$ cat /etc/fedora-release 
      Fedora release 33 (Thirty Three)
      
      gjacobseG 1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch @gjacobse
        last edited by

        @gjacobse said in Fail2Ban: Failed to access sock path:

        Research was done.

        I'm sure you found hits on StackExchange, etc.

        You found such workable information that you still didn't solve it.

        Using abbrevations is bad form pretty much 100% of the time when troubleshooting.
        All you are doing is adding complication.

        1 Reply Last reply Reply Quote 0
        • gjacobseG
          gjacobse @JaredBusch
          last edited by

          @JaredBusch

          Okay - had not considered that;

          [root@NYNJ-AdGuard fail2ban]# rm jail.local fail2ban.local
          rm: remove regular file 'jail.local'? y
          rm: cannot remove 'fail2ban.local': No such file or directory
          
          [root@NYNJ-AdGuard fail2ban]# sudo systemctl restart fail2ban
          [root@NYNJ-AdGuard fail2ban]# systemctl status fail2ban
          ● fail2ban.service - Fail2Ban Service
               Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
               Active: active (running) since Mon 2020-12-07 14:56:29 UTC; 7s ago
                 Docs: man:fail2ban(1)
              Process: 1365 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
             Main PID: 1366 (f2b/server)
                Tasks: 3 (limit: 518)
               Memory: 10.8M
                  CPU: 164ms
               CGroup: /system.slice/fail2ban.service
                       └─1366 /usr/bin/python3 -s /usr/bin/fail2ban-server -xf start
          
          Dec 07 14:56:29 NYNJ-AdGuard systemd[1]: Starting Fail2Ban Service...
          Dec 07 14:56:29 NYNJ-AdGuard systemd[1]: Started Fail2Ban Service.
          Dec 07 14:56:29 NYNJ-AdGuard fail2ban-server[1366]: Server ready
          [root@NYNJ-AdGuard fail2ban]# 
          

          So it is running now. Thank you, Ill make a note of that for the future.

          So, now to deal with why it doesn’t seemingly kill attempts at sshd.

          JaredBuschJ 2 Replies Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            I have no idea what the default setup is, but you did delete your jail file...so any customization you made is now gone.

            1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @gjacobse
              last edited by

              @gjacobse said in Fail2Ban: Failed to access sock path:

              So, now to deal with why it doesn’t seemingly kill attempts at sshd.

              Use the jail I posted. It only looks at sshd

              Most likely you need to set it to systemd as I use.

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @JaredBusch
                last edited by JaredBusch

                @JaredBusch said in Fail2Ban: Failed to access sock path:

                @gjacobse said in Fail2Ban: Failed to access sock path:

                So, now to deal with why it doesn’t seemingly kill attempts at sshd.

                Use the jail I posted. It only looks at sshd

                Most likely you need to set it to systemd as I use.

                if you do not have mail and whois setup, change the action from aciton_mw to action_

                These are the actions:
                From jail.conf
                40dcaa4b-6d57-48ea-bbe7-d9b7ce964e8b-image.png

                gjacobseG 1 Reply Last reply Reply Quote 0
                • gjacobseG
                  gjacobse @JaredBusch
                  last edited by

                  @JaredBusch

                  [root@NYNJ-AdGuard ~]# cat /etc/fedora-release 
                  Fedora release 33 (Thirty Three)
                  [root@NYNJ-AdGuard ~]# 
                  
                  1 Reply Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @gjacobse
                    last edited by

                    @gjacobse said in Fail2Ban: Failed to access sock path:

                    [root@NYNJ-AdGuard fail2ban]# rm jail.local fail2ban.local
                    rm: remove regular file 'jail.local'? y
                    rm: cannot remove 'fail2ban.local': No such file or directory
                    

                    Those two files do not belong in the same location.

                    1 Reply Last reply Reply Quote 0
                    • gjacobseG
                      gjacobse @JaredBusch
                      last edited by

                      @JaredBusch

                      Since that is a screen shot, it appears that some parts of the code is cut off.

                      I guess since I don't send emails, the only portion that is relevant is the first one...

                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @gjacobse
                        last edited by

                        @gjacobse said in Fail2Ban: Failed to access sock path:

                        Since that is a screen shot, it appears that some parts of the code is cut off.

                        You are not listening. I said previously posted.

                        Thus, you need to look before that.

                        There in the actual .local file I did post, you will see an action listed. In the settings of said action is one of those options.

                        I posted that screenshot of with the intentional size because it contains the comment regarding what each does as well as the format.

                        gjacobseG 1 Reply Last reply Reply Quote 0
                        • gjacobseG
                          gjacobse @JaredBusch
                          last edited by

                          @JaredBusch said in Fail2Ban: Failed to access sock path:

                          @gjacobse said in Fail2Ban: Failed to access sock path:

                          Since that is a screen shot, it appears that some parts of the code is cut off.

                          You are not listening. I said previously posted.

                          Thus, you need to look before that.

                          There in the actual .local file I did post, you will see an action listed. In the settings of said action is one of those options.

                          I posted that screenshot of with the intentional size because it contains the comment regarding what each does as well as the format.

                          Actually, I was and am listening. When I you are working from a 6.5” diagonal screen as I have been, you likely miss a bit of information.

                          That said - not that it likely makes any difference.

                          # fail2ban-client status sshd
                          Status for the jail: sshd
                          |- Filter
                          |  |- Currently failed: 24
                          |  |- Total failed:     92
                          |  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
                          `- Actions
                             |- Currently banned: 2
                             |- Total banned:     2
                             `- Banned IP list:   (IPs)
                          
                          
                          1 Reply Last reply Reply Quote 0
                          • 1
                          • 2
                          • 2 / 2
                          • First post
                            Last post