Are you doing any of the caching options or just running the script normally in your snmp extend conf? Do you get good output if you run /etc/snmp/fail2ban manually?
If so, do you also get good out if you run the snmpget manually from your LibreNMS server?
Can’t locate JSON.pm in @INC (you may need to install the JSON module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl /5.20.2 /usr/local/share/perl/5.20.2 /usr/lib/x86_64-linux-gnu/perl5/5.20 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.20 /usr/s hare/perl/5.20 /usr/local/lib/site_perl .) at ./fail2ban line 80.
BEGIN failed–compilation aborted at ./fail2ban line 80.
I tried, but it cant find it in my repositories. I am running Debian Jessie
apt-get install libjson-perl
Reading package lists… Done
Building dependency tree
Reading state information… Done
Package libjson-perl is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
{“data”:{“total”:14,“jails”:{“fusionpbx-404”:“0”,“nginx-404”:“0”,“nginx-dos”:“8”,“ssh”:“2”,“freeswitch-dos-udp”:“0”,“freeswitch-ip-tcp”:“2”,“freeswitch-tcp”:“0”,“fusionpbx”:“0”,“fusionpbx-mac”:“0”,“freeswitch-udp”:“0”,“freeswitch-ip-udp”:“2”,“freeswitch-dos-tcp”:“0”}},“version”:“1”,“errorString”:“fail2ban-client exited with 0”,“error”:“0”}
So this is the output when I run this:
ERROR Unable to contact server. Is it running?
{"errorString":"fail2ban-client exited with 255","error":"255","version":"1","data":{"total":0,"jails":{}}}
That looks to me like your snmpd service is running with a service account rather than as root (probably snmp) and that that service account doesn’t seem to have access to run fail2ban-client. You’re going to have to resolve that somehow and that’ll depend on your environment.
If you have sudo on this server, one idea would be to give the snmp user root access to run the agent script by adding something like…
snmp ALL=(root) NOPASSWD: /etc/snmp/fail2ban
…to /etc/sudoers.
Then change the line in your snmpd.conf to extend fail2ban sudo /etc/snmp/fail2ban
Just an idea though, all of my fail2ban extends are on RHEL which luckily runs snmpd as root so I can’t really test. Be careful messing with sudoers.
It turns out, reading the fail2ban perl script reveals the intended usage.
It describes creating a cron job running the perl script as root with the -u flag, which updates a cache file. Running the fail2ban perl script with the -c flag reads the cache file and can be run by any user.
It’s super easy - only 4 steps
Make the script executable chmod +x /opt/librenms-agent/snmp/fail2ban
Create a symlink to the perl script cd /etc/snmp; ln -s /opt/librenms-agent/snmp/fail2ban
Create a cron job running as root to update the cache file every 3 minutes: echo "0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /etc/snmp/fail2ban -u" >> /var/spool/cron/crontabs/root
(Don’t forget to restart crond in whatever way it’s done in your distro)
Change your extend line in snmpd.conf to use the -c flag, so the script reads the cache file extend fail2ban /etc/snmp/fail2ban -c
FYI, this does work, thanks! But in case anyone else has this issue … on Debian and Ubuntu, the user is Debian-snmp (not snmp). Just to help out if I can.