Fail2ban not working

mafioso12dk · 7 October 2020 08:11

I made a new installation with RealVCN, fail2ban, samba, nextcloud, rpi-monitor and chromium. I checked today if fail2ban is even working and that’s what I’ve got:

dietpi@DietPi:~$ fail2ban-client status dropbear
 Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

I checked the path /var/run/fail2ban and there is no file/folder fail2ban.sock

Anyone knows where is the problem?

Thank you in advance

Joulinar · 7 October 2020 11:00

Hi,

many thanks for your message. I guess your service is not running. Pls can you check

systemctl status fail2ban.service

If you see something like the following, a value within config file is missing

Oct 07 12:52:31 DietPi3 fail2ban-server[683]:  Failed during configuration: Bad value substitution: option 'filter' in section 'dropbear' contains an interpolation key 'mode' which is not a valid option name. Raw value: '%(__name__)s[mode=%(mode)s]'

A quick fix would be following

nano /etc/fail2ban/jail.conf

And add mode = normal before filter. Should looks like this

[DEFAULT]
enabled = true
ignoreip = 127.0.0.1/8
ignorecommand =
backend = systemd
mode = normal
filter = %(__name__)s[mode=%(mode)s]
findtime  = 600

Once done save the file and restart the service

systemctl restart fail2ban.service
systemctl status fail2ban.service

Status should be active (running) now

mafioso12dk · 7 October 2020 15:30

After status check I got this message:

dietpi@DietPi:~$ systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset:
 enabled)
   Active: failed (Result: exit-code) since Wed 2020-10-07 10:49:56 B
ST; 5h 34min ago
     Docs: man:fail2ban(1)
  Process: 487 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status
=0/SUCCESS)
  Process: 491 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited
, status=255/EXCEPTION)
 Main PID: 491 (code=exited, status=255/EXCEPTION)

But your method helped. Now it works. Thanks for help

Joulinar · 7 October 2020 15:40

ok good that it is working now.

MichaIng · 7 October 2020 16:18

Many thanks for reporting. But mafioso12dk does your service status still shows a failing state, or was this before the fix? In case check again, or the logs only:
journalctl -u fail2ban

Joulinar · 7 October 2020 17:45

MichaIng
It’s working now, if I understood correctly