Fail2ban Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

Theking31 · Mai 7, 2024, 5:02

Alors attention, a prendre avec des pincettes car je ne suis pas un expert alors vaut mieux attendre ceux qui le sont…

Le probleme est que certains journaux peuvent ne pas exister ce qui plante le démarrage de fail2ban. Et la solution apportée dans certains forum et de mettre backend=systemd.

En l’occurence je n’ai pas http.error meme apres un redémarrage

sudo ls /var/www/html/log
alexaapi_node   gshd                  openvpn_DNS_Jeedom  ttscast_daemon
broadlink       jMQTTd                plugin              tvremote_daemon
camera_record   listener_execution    rfxcom              worxLandroidS_daemon
cron_execution  mqtt2d                scenario_execution  z2md
espeasy_node    MQTTDiscovery_daemon  scenarioLog         zwavejsd
fullyKiosK      mymodbus              tgw_1514

nano /etc/fail2ban/jail.d/jeedom.conf

[apache-botsearch]
backend = systemd
enabled  = true
port     = http,https
filter   = apache-botsearch
logpath   = /var/www/html/log/http*.error
maxretry = 6

[apache-overflows]
backend = systemd
enabled  = true
port     = http,https
filter   = apache-overflows
logpath   = /var/www/html/log/http*.error
maxretry = 2

[apache-noscript]
backend = systemd
enabled  = true
port     = http,https
filter   = apache-noscript
logpath   = /var/www/html/log/http*.error
maxretry = 1

sudo systemctl restart fail2ban
sudo systemctl status fail2ban

● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
    Drop-In: /usr/lib/systemd/system/fail2ban.service.d
             └─override.conf
     Active: active (running) since Tue 2024-05-07 18:54:02 CEST; 3s ago
       Docs: man:fail2ban(1)
    Process: 67385 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
   Main PID: 67387 (fail2ban-server)
      Tasks: 11 (limit: 14131)
     Memory: 31.1M
        CPU: 882ms
     CGroup: /system.slice/fail2ban.service
             └─67387 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

mai 07 18:54:02 Jeedom systemd[1]: Starting Fail2Ban Service...
mai 07 18:54:02 Jeedom systemd[1]: Started Fail2Ban Service.
mai 07 18:54:03 Jeedom fail2ban-server[67387]: Server ready

fail2ban-client status

Status
|- Number of jail:      4
`- Jail list:   apache-botsearch, apache-noscript, apache-overflows, sshd

Et on a bien tous les services
et on reboot pour vérifier…

github.com/fail2ban/fail2ban

[BR]: fail2ban does not start on some debian/ubuntu systems - backend should probably be set to systemd on all systemd-based distros

opened 05:45PM - 31 May 22 UTC

closed 12:27AM - 26 Apr 24 UTC

tobixen

bug

### Environment: - Fail2Ban master branch, as well as version 0.11.1 on Ubunt…u Focal and many others - OS, including release name/version : Ubuntu Focal. Allegedly, Ubuntu Xenial is also affected, as well as some Debian installations. - [x] Fail2Ban installed via OS/distribution mechanisms - [x] You have not applied any additional foreign patches to the codebase - [x] Some customizations were done to the configuration (provide details below is so) ### The issue: On modern systemd-based distros, like newer releases of Ubuntu, Debian, Archlinux, RHEL, Fedora, etc, services like sshd logs to the systemd journal. Optionally rsyslog or syslog can be installed and run, and logs will *also* be available i.e. in `/var/log/auth.log` or `/var/log/secure.log`. In the files `/etc/fail2ban/paths-{arch|fedora|opensuse}` there is a section like this: ``` syslog_backend = systemd sshd_backend = systemd dropbear_backend = systemd proftpd_backend = systemd pureftpd_backend = systemd wuftpd_backend = systemd postfix_backend = systemd dovecot_backend = systemd ``` ... and because of this, fail2ban works on arch, fedora (with derivatives) and opensuse. However, it fails on debian and ubuntu, unless the syslog package is installed and the service is running. Apparently this was reported as early as 2014 at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171 and it's also reported for Ubuntu 16.04 at https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/1696591 ... we're running Ubuntu and EL. On our baseimages with Ubuntu 16.04, fail2ban installs and runs because we have syslog running there, on Ubuntu 20.04 we've had to hand-tune configuration to get fail2ban run on the services above. On EL it also works due to the `paths-fedora.conf`-file. #### Steps to reproduce * Install Ubuntu 20.04 * Observe that the OS installation comes without any rsyslog/syslog package installed (I suppose YMMV, dependent on how it's installed) * Install fail2ban (`sudo apt-get install fail2ban`) * Enable the sshd jail: `echo -e "[sshd]\nenabled=true" | sudo tee /etc/fail2ban/jail.local` * Start up fail2ban: `sudo systemctl start fail2ban` * Observe that it's not running: `sudo systemctl status fail2ban` - the error message looks like `ERROR Failed during configuration: Have not found any log file for sshd jail`. #### Suggestion I suggest creating a `/etc/fail2ban/paths-systemd` containing only the lines `*_backend = systemd`, and make sure it's run from any operating system having systemd installed. ### Configuration, dump and another helpful excerpts #### Any customizations done to /etc/fail2ban/ configuration ``` $ sudo cat /etc/fail2ban/jail.local [sshd] enabled=true ```

Je le répète, je fais peut être de la merde, mais c’est toute ma vie ca
Et au pire faut bien apprendre !