Fail2Ban: Failed to access sock path

gjacobse

OS: Fedora 33
Host: VULTR

Ive run into this error when trying to enable / start file2ban. I have been reading a few sites; github, server fault, and of course ML.

I’ve checked and re-checked my conf files, and they appear correct.

Complete message:

Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

gjacobse

Web console: https://NYNJ-AdGuard:9090/

[[email protected] ~]# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Mon 2020-12-07 14:02:13 UTC; 42s ago
       Docs: man:fail2ban(1)
    Process: 1082 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
    Process: 1083 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
   Main PID: 1083 (code=exited, status=255/EXCEPTION)
        CPU: 138ms

Dec 07 14:02:12 NYNJ-AdGuard systemd[1]: Starting Fail2Ban Service...
Dec 07 14:02:12 NYNJ-AdGuard systemd[1]: Started Fail2Ban Service.
Dec 07 14:02:13 NYNJ-AdGuard fail2ban-server[1083]: 2020-12-07 14:02:13,088 fail2ban                [1083]: ERROR >Dec 07 14:02:13 NYNJ-AdGuard fail2ban-server[1083]: 2020-12-07 14:02:13,094 fail2ban                [1083]: ERROR >Dec 07 14:02:13 NYNJ-AdGuard systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Dec 07 14:02:13 NYNJ-AdGuard systemd[1]: fail2ban.service: Failed with result 'exit-code'.

EddieJennings

@gjacobse said in Fail2Ban: Failed to access sock path:

OS: Fedora 33
Host: VULTR

Ive run into this error when trying to enable / start file2ban. I have been reading a few sites; github, server fault, and of course ML.

I’ve checked and re-checked my conf files, and they appear correct.

Complete message:

Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

Is /var/run/fail2ban/fail2ban.sock a valid path / file?

gjacobse

@EddieJennings said in Fail2Ban: Failed to access sock path:

@gjacobse said in Fail2Ban: Failed to access sock path:

OS: Fedora 33
Host: VULTR

Ive run into this error when trying to enable / start file2ban. I have been reading a few sites; github, server fault, and of course ML.

I’ve checked and re-checked my conf files, and they appear correct.

Complete message:

Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

Is /var/run/fail2ban/fail2ban.sock a valid path / file?

No - /var/run/fail2ban is.

I ran

suro dnf rei fail2ban -y

And nothing changed.

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

suro dnf rei fail2ban -y

Don't use shorthand/abbreviations when you don't know what you are doing.

If the command is not a readable word, it is likely an abbreviated command. Use the tab key. It is your friend.

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

I’ve checked and re-checked my conf files

There should not be anything that you even touch in the fail2ban configuration files.

You create your own jail files in /etc/fail2ban/jail.d

The jail.conf file tells you that...

So does the fail2ban.conf

gjacobse

@JaredBusch said in Fail2Ban: Failed to access sock path:

@gjacobse said in Fail2Ban: Failed to access sock path:

suro dnf rei fail2ban -y

Don't use shorthand/abbreviations when you don't know what you are doing.

If the command is not a readable word, it is likely an abbreviated command. Use the tab key. It is your friend.

I search-
And read information on ‘’’dnf’’’

Syntax was reinstall or rei-

Research was done. I know you have your opinion, and I have appreciated all your help, but don’t assume I don’t read and use the internet.

gjacobse

@JaredBusch said in Fail2Ban: Failed to access sock path:

@gjacobse said in Fail2Ban: Failed to access sock path:

I’ve checked and re-checked my conf files

There should not be anything that you even touch in the fail2ban configuration files.

You create your own jail files in /etc/fail2ban/jail.d

The jail.conf file tells you that...

So does the fail2ban.conf

I didn’t-
I read that. And didn’t alter it.

Copied jail.conf to jail.local as many resources mentioned.

Dashrender

if you move/rename your own modifications, will it start?

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

Copied jail.conf to jail.local as many resources mentioned.

Don't do that either.

Put only the things you want to change beyond default in a .local

Start off by removing your custom files and restarting fail2ban

EddieJennings

Immediately after installing fail2ban, would it start? If so, that makes me think one of two things.

1. Some configuration did change, which broke it.
2. There's a permissions issue with that directory.

If I have some time, I'll spin up a VM, install fail2ban and see what "normal" looks like.

JaredBusch

My fail2ban jail file for my jump boxes.

[[email protected] ~]$ cat /etc/fail2ban/jail.d/bundy_jump_jail.local 
[DEFAULT]
backend = systemd
#
# ACTIONS
#

# Some options used for actions

# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = [email protected]

# Sender email address used solely for some actions
sender = [email protected]

# "bantime" is the number of seconds that a host is banned.
bantime  = -1

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 120m

# "maxretry" is the number of failures before a host get banned.
maxretry = 5


#
# JAILS
#

#
# SSH servers
#

[sshd]

# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
mode   = ddos
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
enabled = true
action = %(action_mw)s

BTW, running on Fedora 33.

[[email protected] ~]$ cat /etc/fedora-release 
Fedora release 33 (Thirty Three)

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

Research was done.

I'm sure you found hits on StackExchange, etc.

You found such workable information that you still didn't solve it.

Using abbrevations is bad form pretty much 100% of the time when troubleshooting.
All you are doing is adding complication.

gjacobse

@JaredBusch

Okay - had not considered that;

[[email protected] fail2ban]# rm jail.local fail2ban.local
rm: remove regular file 'jail.local'? y
rm: cannot remove 'fail2ban.local': No such file or directory

[[email protected] fail2ban]# sudo systemctl restart fail2ban
[[email protected] fail2ban]# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
     Active: active (running) since Mon 2020-12-07 14:56:29 UTC; 7s ago
       Docs: man:fail2ban(1)
    Process: 1365 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
   Main PID: 1366 (f2b/server)
      Tasks: 3 (limit: 518)
     Memory: 10.8M
        CPU: 164ms
     CGroup: /system.slice/fail2ban.service
             └─1366 /usr/bin/python3 -s /usr/bin/fail2ban-server -xf start

Dec 07 14:56:29 NYNJ-AdGuard systemd[1]: Starting Fail2Ban Service...
Dec 07 14:56:29 NYNJ-AdGuard systemd[1]: Started Fail2Ban Service.
Dec 07 14:56:29 NYNJ-AdGuard fail2ban-server[1366]: Server ready
[[email protected] fail2ban]# 

So it is running now. Thank you, Ill make a note of that for the future.

So, now to deal with why it doesn’t seemingly kill attempts at sshd.

Dashrender

I have no idea what the default setup is, but you did delete your jail file...so any customization you made is now gone.

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

So, now to deal with why it doesn’t seemingly kill attempts at sshd.

Use the jail I posted. It only looks at sshd

Most likely you need to set it to systemd as I use.

JaredBusch

@JaredBusch said in Fail2Ban: Failed to access sock path:

@gjacobse said in Fail2Ban: Failed to access sock path:

So, now to deal with why it doesn’t seemingly kill attempts at sshd.

Use the jail I posted. It only looks at sshd

Most likely you need to set it to systemd as I use.

if you do not have mail and whois setup, change the action from aciton_mw to action_

These are the actions:
From jail.conf

gjacobse

@JaredBusch

[[email protected] ~]# cat /etc/fedora-release 
Fedora release 33 (Thirty Three)
[[email protected] ~]# 

JaredBusch

@gjacobse said in Fail2Ban: Failed to access sock path:

[[email protected] fail2ban]# rm jail.local fail2ban.local
rm: remove regular file 'jail.local'? y
rm: cannot remove 'fail2ban.local': No such file or directory

Those two files do not belong in the same location.

gjacobse

@JaredBusch

Since that is a screen shot, it appears that some parts of the code is cut off.

I guess since I don't send emails, the only portion that is relevant is the first one...