ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Fail2Ban: Failed to access sock path

    IT Discussion
    4
    22
    4775
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gjacobse
      gjacobse last edited by

      OS: Fedora 33
      Host: VULTR

      Ive run into this error when trying to enable / start file2ban. I have been reading a few sites; github, server fault, and of course ML.

      I’ve checked and re-checked my conf files, and they appear correct.

      Complete message:

      Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
      
      EddieJennings JaredBusch 2 Replies Last reply Reply Quote 0
      • gjacobse
        gjacobse last edited by

        Web console: https://NYNJ-AdGuard:9090/
        
        [[email protected] ~]# systemctl status fail2ban
        ● fail2ban.service - Fail2Ban Service
             Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
             Active: failed (Result: exit-code) since Mon 2020-12-07 14:02:13 UTC; 42s ago
               Docs: man:fail2ban(1)
            Process: 1082 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
            Process: 1083 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
           Main PID: 1083 (code=exited, status=255/EXCEPTION)
                CPU: 138ms
        
        Dec 07 14:02:12 NYNJ-AdGuard systemd[1]: Starting Fail2Ban Service...
        Dec 07 14:02:12 NYNJ-AdGuard systemd[1]: Started Fail2Ban Service.
        Dec 07 14:02:13 NYNJ-AdGuard fail2ban-server[1083]: 2020-12-07 14:02:13,088 fail2ban                [1083]: ERROR >Dec 07 14:02:13 NYNJ-AdGuard fail2ban-server[1083]: 2020-12-07 14:02:13,094 fail2ban                [1083]: ERROR >Dec 07 14:02:13 NYNJ-AdGuard systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
        Dec 07 14:02:13 NYNJ-AdGuard systemd[1]: fail2ban.service: Failed with result 'exit-code'.
        
        1 Reply Last reply Reply Quote 0
        • EddieJennings
          EddieJennings @gjacobse last edited by

          @gjacobse said in Fail2Ban: Failed to access sock path:

          OS: Fedora 33
          Host: VULTR

          Ive run into this error when trying to enable / start file2ban. I have been reading a few sites; github, server fault, and of course ML.

          I’ve checked and re-checked my conf files, and they appear correct.

          Complete message:

          Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
          

          Is /var/run/fail2ban/fail2ban.sock a valid path / file?

          gjacobse 1 Reply Last reply Reply Quote 0
          • gjacobse
            gjacobse @EddieJennings last edited by gjacobse

            @EddieJennings said in Fail2Ban: Failed to access sock path:

            @gjacobse said in Fail2Ban: Failed to access sock path:

            OS: Fedora 33
            Host: VULTR

            Ive run into this error when trying to enable / start file2ban. I have been reading a few sites; github, server fault, and of course ML.

            I’ve checked and re-checked my conf files, and they appear correct.

            Complete message:

            Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
            

            Is /var/run/fail2ban/fail2ban.sock a valid path / file?

            No - /var/run/fail2ban is.

            I ran

            suro dnf rei fail2ban -y
            

            And nothing changed.

            JaredBusch 1 Reply Last reply Reply Quote 0
            • JaredBusch
              JaredBusch @gjacobse last edited by

              @gjacobse said in Fail2Ban: Failed to access sock path:

              suro dnf rei fail2ban -y
              

              Don't use shorthand/abbreviations when you don't know what you are doing.

              If the command is not a readable word, it is likely an abbreviated command. Use the tab key. It is your friend.
              1e5067a4-ba3b-429b-afee-60e696ba74f3-image.png

              gjacobse 1 Reply Last reply Reply Quote 1
              • JaredBusch
                JaredBusch @gjacobse last edited by

                @gjacobse said in Fail2Ban: Failed to access sock path:

                I’ve checked and re-checked my conf files

                There should not be anything that you even touch in the fail2ban configuration files.

                You create your own jail files in /etc/fail2ban/jail.d

                The jail.conf file tells you that...
                b991e47a-be6b-4a2b-90a9-8dff38660df2-image.png

                So does the fail2ban.conf
                4c61a130-9a0e-4626-9ccc-0f009925d29a-image.png

                gjacobse 1 Reply Last reply Reply Quote 0
                • gjacobse
                  gjacobse @JaredBusch last edited by

                  @JaredBusch said in Fail2Ban: Failed to access sock path:

                  @gjacobse said in Fail2Ban: Failed to access sock path:

                  suro dnf rei fail2ban -y
                  

                  Don't use shorthand/abbreviations when you don't know what you are doing.

                  If the command is not a readable word, it is likely an abbreviated command. Use the tab key. It is your friend.
                  1e5067a4-ba3b-429b-afee-60e696ba74f3-image.png

                  I search-
                  And read information on ‘’’dnf’’’

                  Syntax was reinstall or rei-

                  Research was done. I know you have your opinion, and I have appreciated all your help, but don’t assume I don’t read and use the internet.

                  JaredBusch 1 Reply Last reply Reply Quote 0
                  • gjacobse
                    gjacobse @JaredBusch last edited by

                    @JaredBusch said in Fail2Ban: Failed to access sock path:

                    @gjacobse said in Fail2Ban: Failed to access sock path:

                    I’ve checked and re-checked my conf files

                    There should not be anything that you even touch in the fail2ban configuration files.

                    You create your own jail files in /etc/fail2ban/jail.d

                    The jail.conf file tells you that...
                    b991e47a-be6b-4a2b-90a9-8dff38660df2-image.png

                    So does the fail2ban.conf
                    4c61a130-9a0e-4626-9ccc-0f009925d29a-image.png

                    I didn’t-
                    I read that. And didn’t alter it.

                    Copied jail.conf to jail.local as many resources mentioned.

                    JaredBusch 1 Reply Last reply Reply Quote 0
                    • Dashrender
                      Dashrender last edited by

                      if you move/rename your own modifications, will it start?

                      1 Reply Last reply Reply Quote 0
                      • JaredBusch
                        JaredBusch @gjacobse last edited by

                        @gjacobse said in Fail2Ban: Failed to access sock path:

                        Copied jail.conf to jail.local as many resources mentioned.

                        Don't do that either.

                        Put only the things you want to change beyond default in a .local

                        Start off by removing your custom files and restarting fail2ban

                        gjacobse 1 Reply Last reply Reply Quote 0
                        • EddieJennings
                          EddieJennings last edited by

                          Immediately after installing fail2ban, would it start? If so, that makes me think one of two things.

                          1. Some configuration did change, which broke it.
                          2. There's a permissions issue with that directory.

                          If I have some time, I'll spin up a VM, install fail2ban and see what "normal" looks like.

                          1 Reply Last reply Reply Quote 0
                          • JaredBusch
                            JaredBusch last edited by gjacobse

                            My fail2ban jail file for my jump boxes.

                            [[email protected] ~]$ cat /etc/fail2ban/jail.d/bundy_jump_jail.local 
                            [DEFAULT]
                            backend = systemd
                            #
                            # ACTIONS
                            #
                            
                            # Some options used for actions
                            
                            # Destination email address used solely for the interpolations in
                            # jail.{conf,local,d/*} configuration files.
                            destemail = [email protected]
                            
                            # Sender email address used solely for some actions
                            sender = [email protected]
                            
                            # "bantime" is the number of seconds that a host is banned.
                            bantime  = -1
                            
                            # A host is banned if it has generated "maxretry" during the last "findtime"
                            # seconds.
                            findtime  = 120m
                            
                            # "maxretry" is the number of failures before a host get banned.
                            maxretry = 5
                            
                            
                            #
                            # JAILS
                            #
                            
                            #
                            # SSH servers
                            #
                            
                            [sshd]
                            
                            # To use more aggressive sshd modes set filter parameter "mode" in jail.local:
                            # normal (default), ddos, extra or aggressive (combines all).
                            # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
                            mode   = ddos
                            port    = ssh
                            logpath = %(sshd_log)s
                            backend = %(sshd_backend)s
                            enabled = true
                            action = %(action_mw)s
                            

                            BTW, running on Fedora 33.

                            [[email protected] ~]$ cat /etc/fedora-release 
                            Fedora release 33 (Thirty Three)
                            
                            gjacobse 1 Reply Last reply Reply Quote 0
                            • JaredBusch
                              JaredBusch @gjacobse last edited by

                              @gjacobse said in Fail2Ban: Failed to access sock path:

                              Research was done.

                              I'm sure you found hits on StackExchange, etc.

                              You found such workable information that you still didn't solve it.

                              Using abbrevations is bad form pretty much 100% of the time when troubleshooting.
                              All you are doing is adding complication.

                              1 Reply Last reply Reply Quote 0
                              • gjacobse
                                gjacobse @JaredBusch last edited by

                                @JaredBusch

                                Okay - had not considered that;

                                [[email protected] fail2ban]# rm jail.local fail2ban.local
                                rm: remove regular file 'jail.local'? y
                                rm: cannot remove 'fail2ban.local': No such file or directory
                                
                                [[email protected] fail2ban]# sudo systemctl restart fail2ban
                                [[email protected] fail2ban]# systemctl status fail2ban
                                ● fail2ban.service - Fail2Ban Service
                                     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
                                     Active: active (running) since Mon 2020-12-07 14:56:29 UTC; 7s ago
                                       Docs: man:fail2ban(1)
                                    Process: 1365 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
                                   Main PID: 1366 (f2b/server)
                                      Tasks: 3 (limit: 518)
                                     Memory: 10.8M
                                        CPU: 164ms
                                     CGroup: /system.slice/fail2ban.service
                                             └─1366 /usr/bin/python3 -s /usr/bin/fail2ban-server -xf start
                                
                                Dec 07 14:56:29 NYNJ-AdGuard systemd[1]: Starting Fail2Ban Service...
                                Dec 07 14:56:29 NYNJ-AdGuard systemd[1]: Started Fail2Ban Service.
                                Dec 07 14:56:29 NYNJ-AdGuard fail2ban-server[1366]: Server ready
                                [[email protected] fail2ban]# 
                                

                                So it is running now. Thank you, Ill make a note of that for the future.

                                So, now to deal with why it doesn’t seemingly kill attempts at sshd.

                                JaredBusch 2 Replies Last reply Reply Quote 0
                                • Dashrender
                                  Dashrender last edited by

                                  I have no idea what the default setup is, but you did delete your jail file...so any customization you made is now gone.

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBusch
                                    JaredBusch @gjacobse last edited by

                                    @gjacobse said in Fail2Ban: Failed to access sock path:

                                    So, now to deal with why it doesn’t seemingly kill attempts at sshd.

                                    Use the jail I posted. It only looks at sshd

                                    Most likely you need to set it to systemd as I use.

                                    JaredBusch 1 Reply Last reply Reply Quote 0
                                    • JaredBusch
                                      JaredBusch @JaredBusch last edited by JaredBusch

                                      @JaredBusch said in Fail2Ban: Failed to access sock path:

                                      @gjacobse said in Fail2Ban: Failed to access sock path:

                                      So, now to deal with why it doesn’t seemingly kill attempts at sshd.

                                      Use the jail I posted. It only looks at sshd

                                      Most likely you need to set it to systemd as I use.

                                      if you do not have mail and whois setup, change the action from aciton_mw to action_

                                      These are the actions:
                                      From jail.conf
                                      40dcaa4b-6d57-48ea-bbe7-d9b7ce964e8b-image.png

                                      gjacobse 1 Reply Last reply Reply Quote 0
                                      • gjacobse
                                        gjacobse @JaredBusch last edited by

                                        @JaredBusch

                                        [[email protected] ~]# cat /etc/fedora-release 
                                        Fedora release 33 (Thirty Three)
                                        [[email protected] ~]# 
                                        
                                        1 Reply Last reply Reply Quote 0
                                        • JaredBusch
                                          JaredBusch @gjacobse last edited by

                                          @gjacobse said in Fail2Ban: Failed to access sock path:

                                          [[email protected] fail2ban]# rm jail.local fail2ban.local
                                          rm: remove regular file 'jail.local'? y
                                          rm: cannot remove 'fail2ban.local': No such file or directory
                                          

                                          Those two files do not belong in the same location.

                                          1 Reply Last reply Reply Quote 0
                                          • gjacobse
                                            gjacobse @JaredBusch last edited by

                                            @JaredBusch

                                            Since that is a screen shot, it appears that some parts of the code is cut off.

                                            I guess since I don't send emails, the only portion that is relevant is the first one...

                                            JaredBusch 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post