docker-fail2ban icon indicating copy to clipboard operation
docker-fail2ban copied to clipboard
verified publisher icon linuxserver

[BUG] monitoring systemd logs not working

Open machetto opened this issue 1 year ago • 4 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Current Behavior

If a jail's backend (sshd in my case) set to systemd, the following message appears:

ERROR Backend 'systemd' failed to initialize due to No module named 'systemd'.

The problems appears to be caused by not having systemd Python module in the Docker image.

Expected Behavior

It should start monitoring sshd systemd logs.

Steps To Reproduce

Create a file fail.d/sshd.local with the following content:

[sshd]
enabled = true
backend = systemd

Restart fail2ban

Environment

- OS: Debian 12
- How docker service was installed: using `apt-get` with instructions from docker website

CPU architecture

x86-64

Docker creation

services:
  fail2ban:
    image: lscr.io/linuxserver/fail2ban:latest
    container_name: fail2ban
    cap_add:
      - NET_ADMIN
      - NET_RAW
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - VERBOSITY=-vv #optional
    volumes:
      - ./config:/config
      - /var/log:/var/log:ro
    restart: unless-stopped

Container logs

2024-07-11 10:58:38,188 7089F9C7BB08 INFO  Starting Fail2ban v1.0.2
 2024-07-11 10:58:38,188 7089F8202B38 INFO  Observer start...
 2024-07-11 10:58:38,192 7089F9C7BB08 INFO  Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3'
 2024-07-11 10:58:38,192 7089F9C7BB08 INFO  Creating new jail 'sshd'
 2024-07-11 10:58:38,193 7089F9C7BB08 ERROR Backend 'systemd' failed to initialize due to No module named 'systemd'
 2024-07-11 10:58:38,193 7089F9C7BB08 ERROR Failed to initialize any backend for Jail 'sshd'
 2024-07-11 10:58:38,193 7089F9C7BB08 ERROR Command ['server-stream', [['set', 'syslogsocket', 'auto'], ['set', 'loglevel', 'INFO>
 2024-07-11 10:58:38,193 7089F8C02B38 ERROR NOK: ("Failed to initialize any backend for Jail 'sshd'",)
 2024-07-11 10:58:38,194 7089F8C02B38 INFO  Shutdown in progress...
 2024-07-11 10:58:38,194 7089F8C02B38 INFO  Observer stop ... try to end queue 5 seconds
 2024-07-11 10:58:38,214 7089F8202B38 INFO  Observer stopped, 0 events remaining.
 2024-07-11 10:58:38,254 7089F8C02B38 INFO  Stopping all jails
 2024-07-11 10:58:38,254 7089F8C02B38 INFO  Connection to database closed.

machetto avatar Jul 11 '24 11:07 machetto

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

github-actions[bot] avatar Jul 11 '24 11:07 github-actions[bot]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

LinuxServer-CI avatar Aug 10 '24 13:08 LinuxServer-CI

can confirm, same problem for me. everything logs to systemd and so no jails working

b2un0 avatar Aug 16 '24 20:08 b2un0

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

LinuxServer-CI avatar Sep 16 '24 13:09 LinuxServer-CI

Same problem for me on Raspberry Pi OS (bookworm). Related issue and possible solution:

  • https://github.com/fail2ban/fail2ban/issues/3292
  • https://github.com/fail2ban/fail2ban/issues/3292#issuecomment-1678844644

SuperMartas avatar Oct 26 '24 19:10 SuperMartas

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

LinuxServer-CI avatar Nov 26 '24 13:11 LinuxServer-CI

This issue is locked due to inactivity

LinuxServer-CI avatar Feb 25 '25 14:02 LinuxServer-CI