failed protocol test [FAIL2BAN] in Monit 5.23.0

Issue #624 resolved
Mikhail Grigorev
created an issue
# lsb_release -a
Distributor ID: Debian
Description:    Debian GNU/Linux 8.8 (jessie)
Release:        8.8
Codename:       jessie
# cat /etc/fail2ban/fail2ban.conf |grep socket
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
socket = /var/run/fail2ban/fail2ban.sock
# ls -la /var/run/fail2ban/fail2ban.sock
srwx------ 1 root root 0 Jun  5 08:36 /var/run/fail2ban/fail2ban.sock
# monit -V
This is Monit version 5.23.0
Built with ssl, with ipv6, with compression, with pam and with large files
Copyright (C) 2001-2017 Tildeslash Ltd. All Rights Reserved.
# cat /etc/monit/conf.d/fail2ban
check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
   start program = "/etc/init.d/fail2ban start"
   stop program = "/etc/init.d/fail2ban stop"
   if failed unixsocket /var/run/fail2ban/fail2ban.sock protocol fail2ban then alert
# monit status fail2ban
Monit 5.23.0 uptime: 10m

Process 'fail2ban'
  status                       Connection failed
  monitoring status            Monitored
  monitoring mode              active
  on reboot                    start
  pid                          16495
  parent pid                   1
  uid                          0
  effective uid                0
  gid                          0
  uptime                       4d 0h 48m
  threads                      15
  children                     0
  cpu                          0.1%
  cpu total                    0.1%
  memory                       0.0% [8.0 MB]
  memory total                 0.0% [8.0 MB]
  disk read                    0 B/s [213.7 MB total]
  disk write                   0 B/s [3.9 MB total]
  unix socket response time    FAILED to /var/run/fail2ban/fail2ban.sock type TCP protocol FAIL2BAN
  data collected               Fri, 09 Jun 2017 09:25:17
# tail -f /var/log/monit.log
[+05 Jun  9 09:20:10] error    : 'fail2ban' failed protocol test [FAIL2BAN] at /var/run/fail2ban/fail2ban.sock -- FAIL2BAN: PONG read error -- Resource temporarily unavailable

Comments (8)

  1. Tildeslash repo owner

    It seems that the ping test timed out when waiting for ping response.

    Which fail2ban version it is? (we have tested with fail2ban 0.9.3)

    You can use for example the following command to get the version:

    sudo fail2ban-client version
    

    Please can you test the ping using fail2ban CLI?:

    sudo fail2ban-client ping
    Server replied: pong
    
  2. Tildeslash repo owner

    thanks for data, we'll try to replicate the problem (it is possible the protocol version used by monit is not supported by fail2ban < 0.9.0)

  3. Tildeslash repo owner

    fixed Issue #624 ... fail2ban uses python pickle protocol for serialization, we used protocol version 4 for request/response, which is not available on fail2ban servers with older python releases. Modified the request to use protocol version 0 for maximum backward compatibility and checking response header only to support older and future pickle protocol versions.

    → <<cset f547f3510368>>

  4. Tildeslash repo owner

    The problem is fixed, you can test the monit development version if you want:

    wget https://bitbucket.org/tildeslash/monit/get/master.tar.gz
    tar -xzf master.tar.gz
    cd tildeslash*
    ./bootstrap
    ./configure
    make
    
  5. Log in to comment