Solved [Solved] ERROR Starting Fail2Ban after Installation

Aloha,

I need to preface by saying I'm new to FreeBSD. I'm setting up a FreeBSD 10.0-RELEASE (GENERIC) server that will be used as a local DNS server and a local Web (HTTP) server. The machine will allow remote shell sessions via OpenSSH. In initial efforts to secure the SSH server, I've installed the py-fail2ban binary.

I copied /usr/local/etc/fail2ban/jail.conf to /usr/local/etc/fail2ban/jail.local added
Code:
fail2ban_enable="YES"
to my /etc/rc.conf, then enabled ssh-iptables
Code:
[ssh-iptables]
enabled = true
in jail.local and adjusted the max retries and max attempts.

When I attempt to start fail2ban I'm alerted with the following error:
Code:
ERROR  There is no directory /var/run/fail2ban to contain the socket file /var/run/fail2ban/fail2ban.sock.

I don't have any messages in /var/log/messages, and fail2ban doesn't have a log in /var/log/. There is no man fail2ban and I haven't found anything in this forum or the fail2ban Web site. I'm hoping someone here can help me understand what the problem is and help me get the program running.
 
Re: ERROR Starting Fail2Ban after Installation

There are following binaries available:
Code:
wojtek@test:/var/run % ll /usr/local/bin/fail2*
-rwxr-xr-x  1 root  wheel  12600 Feb  4 19:29 /usr/local/bin/fail2ban-client*
-rwxr-xr-x  1 root  wheel  10847 Feb  4 19:29 /usr/local/bin/fail2ban-regex*
-rwxr-xr-x  1 root  wheel   4511 Feb  4 19:29 /usr/local/bin/fail2ban-server*
try them with --help switch

As far as I remember I had to create /var/run/fail2ban directory after installation. Try this also.
 
Re: ERROR Starting Fail2Ban after Installation

wszczep said:
There are following binaries available:
As far as I remember I had to create /var/run/fail2ban directory after installation. Try this also.

This worked for me. I created the directory /var/run/fail2ban and verified Fail2Ban was running with:
Code:
# sudo fail2ban-client status
Status
|- Number of jail:	1
`- Jail list:		ssh-iptables
Thank you.
 
Yes, you have to create /var/run/fail2ban. Also, FreeBSD doesn't use iptables so your config won't do anything. You'll probably want something like this in /usr/local/etc/fail2ban/jail.d/sshd.conf or a similar named file. If you just use the jail.d as a way to have config files to override the defaults, you won't need to have a jail.local file. It may save some trouble just having individual files for each server rather than having to compare and contrast default with your config anytime you upgrade.

Code:
[ssh-pf]

enabled  = true
filter   = bsd-sshd
action   = pf
logpath  = /var/log/auth.log
bantime  = 5400
findtime = 5400
maxretry = 3

[ssh-ddos]

enabled  = true
filter   = sshd-ddos
action   = pf
logpath  = /var/log/auth.log
bantime  = 5400
findtime = 5400
maxretry = 3

With that, you'll want to enable PF and add this to your /etc/pf.conf:
Code:
table <fail2ban> persist
block drop in log quick on $wan_ifs from <fail2ban> to any
 
junovitch said:
Yes, you have to create /var/run/fail2ban. Also, FreeBSD doesn't use iptables so your config won't do anything. You'll probably want something like this in /usr/local/etc/fail2ban/jail.d/sshd.conf or a similar named file. If you just use the jail.d as a way to have config files to override the defaults, you won't need to have a jail.local file. It may save some trouble just having individual files for each server rather than having to compare and contrast default with your config anytime you upgrade.

Thank you very much for informing me. I'm planning on reading up on PF and then I'll understand how I'll need to configure the jail(s).
 
lakona said:
Thank you very much for informing me. I'm planning on reading up on PF and then I'll understand how I'll need to configure the jail(s).

Not a problem. Also, since commenting I realized that /usr/local/etc/fail2ban/filter.d/sshd-ddos.conf contains only one rule and that rule is also in /usr/local/etc/fail2ban/filter.d/bsd-sshd.conf. To remove the duplication I've just gone down to using the latter rule set. This is the contents of my /usr/local/etc/fail2ban/jail.d/sshd.conf as of today.

Code:
[ssh-pf]

enabled  = true
filter   = bsd-sshd
action   = pf
logpath  = /var/log/auth.log
bantime  = 5400
findtime = 5400
maxretry = 3
 
junovitch said:
Not a problem. Also, since commenting I realized that /usr/local/etc/fail2ban/filter.d/sshd-ddos.conf contains only one rule and that rule is also in /usr/local/etc/fail2ban/filter.d/bsd-sshd.conf. To remove the duplication I've just gone down to using the latter rule set. This is the contents of my /usr/local/etc/fail2ban/jail.d/sshd.conf as of today.

Mahalo for the follow up.
 
Back
Top