search

linuxserver / docker-fail2ban

GNU General Public License v3.0
48 stars 7 forks source link

[BUG] monitoring systemd logs not working #27

Open machetto opened 1 month ago

machetto commented 1 month ago

Is there an existing issue for this?

Current Behavior

If a jail's backend (sshd in my case) set to systemd, the following message appears:

ERROR Backend 'systemd' failed to initialize due to No module named 'systemd'.

The problems appears to be caused by not having systemd Python module in the Docker image.

Expected Behavior

It should start monitoring sshd systemd logs.

Steps To Reproduce

Create a file fail.d/sshd.local with the following content:

[sshd]
enabled = true
backend = systemd

Restart fail2ban

Environment

- OS: Debian 12
- How docker service was installed: using `apt-get` with instructions from docker website

CPU architecture

x86-64

Docker creation

services:
  fail2ban:
    image: lscr.io/linuxserver/fail2ban:latest
    container_name: fail2ban
    cap_add:
      - NET_ADMIN
      - NET_RAW
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - VERBOSITY=-vv #optional
    volumes:
      - ./config:/config
      - /var/log:/var/log:ro
    restart: unless-stopped

Container logs

2024-07-11 10:58:38,188 7089F9C7BB08 INFO  Starting Fail2ban v1.0.2
 2024-07-11 10:58:38,188 7089F8202B38 INFO  Observer start...
 2024-07-11 10:58:38,192 7089F9C7BB08 INFO  Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3'
 2024-07-11 10:58:38,192 7089F9C7BB08 INFO  Creating new jail 'sshd'
 2024-07-11 10:58:38,193 7089F9C7BB08 ERROR Backend 'systemd' failed to initialize due to No module named 'systemd'
 2024-07-11 10:58:38,193 7089F9C7BB08 ERROR Failed to initialize any backend for Jail 'sshd'
 2024-07-11 10:58:38,193 7089F9C7BB08 ERROR Command ['server-stream', [['set', 'syslogsocket', 'auto'], ['set', 'loglevel', 'INFO>
 2024-07-11 10:58:38,193 7089F8C02B38 ERROR NOK: ("Failed to initialize any backend for Jail 'sshd'",)
 2024-07-11 10:58:38,194 7089F8C02B38 INFO  Shutdown in progress...
 2024-07-11 10:58:38,194 7089F8C02B38 INFO  Observer stop ... try to end queue 5 seconds
 2024-07-11 10:58:38,214 7089F8202B38 INFO  Observer stopped, 0 events remaining.
 2024-07-11 10:58:38,254 7089F8C02B38 INFO  Stopping all jails
 2024-07-11 10:58:38,254 7089F8C02B38 INFO  Connection to database closed.
github-actions[bot] commented 1 month ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

LinuxServer-CI commented 3 weeks ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

b2un0 commented 2 weeks ago

can confirm, same problem for me. everything logs to systemd and so no jails working