Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

[chriswayg]

Previously ansible-fail2ban always worked for me on Debian. But now when using your unmodified role (even with just the default sshd jail) I always get:

"Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?"

But when I install manually with the same configurations it works. Tried multiple times with various settings, but can't figure out why it is not working:

root@proxmox:~# systemctl restart fail2ban; systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-08-13 16:28:50 PST; 8ms ago
     Docs: man:fail2ban(1)
  Process: 1190 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
 Main PID: 1197 (fail2ban-server)
    Tasks: 1 (limit: 4915)
   Memory: 1.7M
   CGroup: /system.slice/fail2ban.service
           └─1197 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Aug 13 16:28:50 proxmox systemd[1]: Starting Fail2Ban Service...
Aug 13 16:28:50 proxmox systemd[1]: Started Fail2Ban Service.

root@proxmox:~# fail2ban-client -v status 
 Loading configs for fail2ban under /etc/fail2ban 
   Loading files: ['/etc/fail2ban/fail2ban.conf']
   Loading files: ['/etc/fail2ban/fail2ban.local']
   Loading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local']
 Using socket file /var/run/fail2ban/fail2ban.sock
 Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log
 Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

Tested on Debian 10 buster

When cutting the fail2ban role to its bare essentials it works again:

root@proxmox:~# fail2ban-client -v status 
 Loading configs for fail2ban under /etc/fail2ban 
   Loading files: ['/etc/fail2ban/fail2ban.conf']
   Loading files: ['/etc/fail2ban/fail2ban.conf']
 Using socket file /var/run/fail2ban/fail2ban.sock
 Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log
Status
|- Number of jail:	2
`- Jail list:	proxmox, sshd

==== minimal fail2ban role ====

# tasks file for fail2ban
---
- name: Ensure, that fail2ban is installed on Debian.
  apt:
    name: fail2ban
    state: present
    update_cache: true
    cache_valid_time: 3600

- name: update configuration file - /etc/fail2ban/jail.local
  copy:
    src: jail.local
    dest: /etc/fail2ban/jail.local
  notify: restart fail2ban

- name: copy filter
  copy:
    src: proxmox.conf
    dest: /etc/fail2ban/filter.d/
  notify: restart fail2ban

# jail.local
[sshd]
enabled = true
port = 22,722
maxretry = 3

[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3

# proxmox.conf filter
[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =

# handlers file for fail2ban
---
- name: restart fail2ban
  service:
    name: fail2ban
    state: restarted

[tersmitten]

Debian 10 is not supported yet. Changing fail2ban_socket and fail2ban_pidfile (/var/run/ -> /run/) propably fixes the problem (for you).

If you have some time feel free to add support for Debian 10

[chriswayg]

I have not tried it yet with /run/, but the defaults are still the same in Debian 10 fail2ban.conf:

# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
#         not remove this file when Fail2ban runs. It will not be possible to
#         communicate with the server afterwards.
# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock

# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
#         fail2ban server.
# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid

[tersmitten]

Any updates on this?

[reaxn]

Hello!

I've tried it with renaming the paths from /var/run/... into /run/... at the fail2ban.conf file.
I also did this change at /usr/lib/tmpfiles.d/fail2ban-tmpfiles.conf

sudo fail2ban-client status

Status
|- Number of jail: 10
`- Jail list: apache-auth, apache-badbots, apache-botsearch, apache-fakegooglebot, apache-modsecurity, apache-nohome, apache-noscript, apache-overflows, apache-shellshock, sshd

[tersmitten]

vagrant up --provision debian-10

seems to work just fine.

root@ansible-fail2ban-debian-10:~# sudo fail2ban-client status
Status
|- Number of jail:	1
`- Jail list:	sshd
root@ansible-fail2ban-debian-10:~# systemctl status fail2ban.service 
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-03-31 10:55:22 UTC; 1min 47s ago
     Docs: man:fail2ban(1)
  Process: 1801 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
 Main PID: 1802 (fail2ban-server)
    Tasks: 3 (limit: 240)
   Memory: 11.7M
   CGroup: /system.slice/fail2ban.service
           └─1802 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Mar 31 10:55:22 ansible-fail2ban-debian-10 systemd[1]: Starting Fail2Ban Service...
Mar 31 10:55:22 ansible-fail2ban-debian-10 systemd[1]: Started Fail2Ban Service.
Mar 31 10:55:23 ansible-fail2ban-debian-10 fail2ban-server[1802]: Server ready

root@ansible-fail2ban-debian-10:~# sudo fail2ban-client status
Status
|- Number of jail:	1
`- Jail list:	sshd

no role changes were needed

[tersmitten]

https://github.com/Oefenweb/ansible-fail2ban/releases/tag/v3.3.11

[tersmitten]

It looks like it has something to do with your setup

[asvobodin]

Hello!
I got exactly the same error.
Here is the piece of code in file fail2ban.conf:

# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
#         not remove this file when Fail2ban runs. It will not be possible to
#         communicate with the server afterwards.
# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
#         fail2ban server.
# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid

Fail2ban installed on Bitrix VM.
I would be grateful for the help
Best Regards, Anatoly

[shmily3]

Maybe your logpath is wrong, you can check if there is a /var/log folder

[dammdev]

Hi everybody, I could solve with chmod, I think is the access permission on the directory:

chmod -x /var/run/

[tersmitten]

@dammdev Can you create a PR (targeting the affected OS versions)?

[edsprofile]

Hello,

@dammdev I tried chmod -x /var/run/ that did not work for me.

I just came across this issue. I am not sure what information is relevant. Let me know if any other information is needed.

I am on Ubuntu 22.04.

I had to start the service, the guide I was following stated "The service automatically starts.". I assume this is not true anymore? There may be more confusion because this is on a popular Akamai/Linode guide https://www.linode.com/docs/guides/using-fail2ban-to-secure-your-server-a-tutorial/

I will report an issue on the guide to get that removed.

I had to run:

sudo fail2ban-client start

after that sudo fail2ban-client status Worked as expected.

Thank you.

[tersmitten]

I think in recent versions /var/run should be /run. Not sure that it makes any difference tough.

[edmoncu]

I am curious if fail2ban is supported by Debian 12? I tried running it by typing
sudo systemctl restart fail2ban

And it's giving this error
Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

[tersmitten]

No, not yet. But feel free to add a PR.

[edmoncu]

No, not yet. But feel free to add a PR.

I think i have found a work around. the problem stems from a missing line "sshd_backend = systemd" under /etc/fail2ban/paths-debian.conf file.

after adding it, fail2ban works like normal under Debian 12.

credits here :
fail2ban/fail2ban#3292 (comment)
https://superuser.com/questions/1830245/i-cant-get-fail2ban-working-on-debian-12

[excalq]

Also on Debian 12. sudo fail2ban-client start does cause /var/run/fail2ban/fail2ban.sock (and fail2ban.pid) to be created.

The pid points to /usr/bin/python3 /usr/bin/fail2ban-server --async -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid --loglevel INFO --logtarget /var/log/fail2ban.log --syslogsocket auto

Strangely, running sudo fail2ban-client status kills that process, showing the original error reported in this ticket:

# fail2ban-client status                                                
2024-07-20 17:19:02,233 fail2ban                [3399565]: ERROR   Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?