search

Linuxfabrik / monitoring-plugins

220+ check plugins for Icinga and other Nagios-compatible monitoring applications. Each plugin is a standalone command line tool (written in Python) that provides a specific type of check.
https://linuxfabrik.ch
The Unlicense
220 stars 51 forks source link

fail2ban check always unknown on Ubuntu 16+20 #121

Closed NavidSassan closed 2 years ago

NavidSassan commented 4 years ago

In GitLab by @phyti1 on Sep 2, 2020, 16:44

When using the fail2ban check on Ubuntu 20 and Ubuntu 16 servers after doing apt install fail2ban on each server I get the following error: Problem while testing if the fail2ban server is alive. Status unknown. Output of

lib.base.shell_exec(cmd + ' ping')" on line 73 is: 
"Permission denied to socket: /var/run/fail2ban/fail2ban.sock, (you must be root)".

As a workaround I did chown nagios:root /var/run/fail2ban/fail2ban.sock which worked. Can this be resolved?

NavidSassan commented 4 years ago

You need to run the check using root permissions. For that you need to adjust your icinga2 command definition to something like /usr/bin/sudo /usr/lib64/nagios/plugins/fail2ban, and add a sudoers rule, for example in /etc/sudoers.d/icinga2-checks:

Defaults:nagios !requiretty
nagios    ALL = NOPASSWD: /usr/lib64/nagios/plugins/fail2ban

Make sure to adjust the path so it matches the actual location of the fail2ban check.

mxmehl commented 2 years ago

I experience the same issue, even with the sudoers line you proposed. The problems seems to be even when calling fail2ban-client directly via sudo.

$ /usr/lib64/nagios/plugins# sudo -u nagios /usr/lib64/nagios/plugins/fail2ban
Problem while testing if the fail2ban server is alive.

I tried to allow fail2ban-client specifically in the sudoers file: nagios ALL = NOPASSWD: /usr/bin/fail2ban-client

Without any success unfortunately:

sudo -u nagios fail2ban-client status
2022-08-16 15:00:10,401 fail2ban.configreader   [5617]: ERROR   Could not read config files: /etc/fail2ban/fail2ban.local
2022-08-16 15:00:10,402 fail2ban                [5617]: ERROR   Permission denied to socket: /var/run/fail2ban/fail2ban.sock, (you must be root)

It works when making nagios owner of the socket but that's not what I intend to do.

OS info: Debian 11

markuslf commented 2 years ago

I will have a look.

markuslf commented 2 years ago

I updated the README to describe more possible solutions: https://github.com/Linuxfabrik/monitoring-plugins/tree/main/check-plugins/fail2ban