ansible-fail2ban
ansible-fail2ban copied to clipboard
Oefenweb
Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
Previously ansible-fail2ban always worked for me on Debian. But now when using your unmodified role (even with just the default sshd jail) I always get:
"Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?"
But when I install manually with the same configurations it works. Tried multiple times with various settings, but can't figure out why it is not working:
root@proxmox:~# systemctl restart fail2ban; systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-08-13 16:28:50 PST; 8ms ago
Docs: man:fail2ban(1)
Process: 1190 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 1197 (fail2ban-server)
Tasks: 1 (limit: 4915)
Memory: 1.7M
CGroup: /system.slice/fail2ban.service
└─1197 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Aug 13 16:28:50 proxmox systemd[1]: Starting Fail2Ban Service...
Aug 13 16:28:50 proxmox systemd[1]: Started Fail2Ban Service.
root@proxmox:~# fail2ban-client -v status
Loading configs for fail2ban under /etc/fail2ban
Loading files: ['/etc/fail2ban/fail2ban.conf']
Loading files: ['/etc/fail2ban/fail2ban.local']
Loading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local']
Using socket file /var/run/fail2ban/fail2ban.sock
Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log
Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
Tested on Debian 10 buster
When cutting the fail2ban role to its bare essentials it works again:
root@proxmox:~# fail2ban-client -v status
Loading configs for fail2ban under /etc/fail2ban
Loading files: ['/etc/fail2ban/fail2ban.conf']
Loading files: ['/etc/fail2ban/fail2ban.conf']
Using socket file /var/run/fail2ban/fail2ban.sock
Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log
Status
|- Number of jail: 2
`- Jail list: proxmox, sshd
==== minimal fail2ban role ====
# tasks file for fail2ban
---
- name: Ensure, that fail2ban is installed on Debian.
apt:
name: fail2ban
state: present
update_cache: true
cache_valid_time: 3600
- name: update configuration file - /etc/fail2ban/jail.local
copy:
src: jail.local
dest: /etc/fail2ban/jail.local
notify: restart fail2ban
- name: copy filter
copy:
src: proxmox.conf
dest: /etc/fail2ban/filter.d/
notify: restart fail2ban
# jail.local
[sshd]
enabled = true
port = 22,722
maxretry = 3
[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
# proxmox.conf filter
[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =
# handlers file for fail2ban
---
- name: restart fail2ban
service:
name: fail2ban
state: restarted
Debian 10 is not supported yet. Changing fail2ban_socket and fail2ban_pidfile (/var/run/ -> /run/) propably fixes the problem (for you).
If you have some time feel free to add support for Debian 10
I have not tried it yet with /run/, but the defaults are still the same in Debian 10 fail2ban.conf:
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
# communicate with the server afterwards.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
# fail2ban server.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid
Hello!
I've tried it with renaming the paths from /var/run/... into /run/... at the fail2ban.conf file.
I also did this change at /usr/lib/tmpfiles.d/fail2ban-tmpfiles.conf
sudo fail2ban-client status
Status |- Number of jail: 10 `- Jail list: apache-auth, apache-badbots, apache-botsearch, apache-fakegooglebot, apache-modsecurity, apache-nohome, apache-noscript, apache-overflows, apache-shellshock, sshd
vagrant up --provision debian-10
seems to work just fine.
root@ansible-fail2ban-debian-10:~# sudo fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
root@ansible-fail2ban-debian-10:~# systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-03-31 10:55:22 UTC; 1min 47s ago
Docs: man:fail2ban(1)
Process: 1801 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 1802 (fail2ban-server)
Tasks: 3 (limit: 240)
Memory: 11.7M
CGroup: /system.slice/fail2ban.service
└─1802 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Mar 31 10:55:22 ansible-fail2ban-debian-10 systemd[1]: Starting Fail2Ban Service...
Mar 31 10:55:22 ansible-fail2ban-debian-10 systemd[1]: Started Fail2Ban Service.
Mar 31 10:55:23 ansible-fail2ban-debian-10 fail2ban-server[1802]: Server ready
root@ansible-fail2ban-debian-10:~# sudo fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
no role changes were needed
Hello! I got exactly the same error. Here is the piece of code in file fail2ban.conf:
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
# communicate with the server afterwards.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
# fail2ban server.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid
Fail2ban installed on Bitrix VM. I would be grateful for the help Best Regards, Anatoly
Hi everybody, I could solve with chmod, I think is the access permission on the directory:
chmod -x /var/run/
Hello,
@dammdev I tried chmod -x /var/run/ that did not work for me.
I just came across this issue. I am not sure what information is relevant. Let me know if any other information is needed.
I am on Ubuntu 22.04.
I had to start the service, the guide I was following stated "The service automatically starts.". I assume this is not true anymore? There may be more confusion because this is on a popular Akamai/Linode guide https://www.linode.com/docs/guides/using-fail2ban-to-secure-your-server-a-tutorial/
I will report an issue on the guide to get that removed.
I had to run:
sudo fail2ban-client start
after that sudo fail2ban-client status Worked as expected.
Thank you.
I think in recent versions /var/run should be /run. Not sure that it makes any difference tough.
I am curious if fail2ban is supported by Debian 12? I tried running it by typing sudo systemctl restart fail2ban
And it's giving this error Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
No, not yet. But feel free to add a PR.
I think i have found a work around. the problem stems from a missing line "sshd_backend = systemd" under /etc/fail2ban/paths-debian.conf file.
after adding it, fail2ban works like normal under Debian 12.
credits here : https://github.com/fail2ban/fail2ban/issues/3292#issuecomment-1932489993 https://superuser.com/questions/1830245/i-cant-get-fail2ban-working-on-debian-12
Also on Debian 12. sudo fail2ban-client start does cause /var/run/fail2ban/fail2ban.sock (and fail2ban.pid) to be created.
The pid points to /usr/bin/python3 /usr/bin/fail2ban-server --async -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid --loglevel INFO --logtarget /var/log/fail2ban.log --syslogsocket auto
Strangely, running sudo fail2ban-client status kills that process, showing the original error reported in this ticket:
# fail2ban-client status
2024-07-20 17:19:02,233 fail2ban [3399565]: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
