Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BR]: Fail2ban not filtering ssh on Debian 12 due to journalctl controlling logs #3645

Closed
2 of 3 tasks
huornlmj opened this issue Dec 9, 2023 · 1 comment
Closed
2 of 3 tasks

[BR]: Fail2ban not filtering ssh on Debian 12 due to journalctl controlling logs #3645

huornlmj opened this issue Dec 9, 2023 · 1 comment
Labels
bug closed-as-duplicate

Comments

@huornlmj
Copy link

huornlmj commented Dec 9, 2023

Environment:

  • Fail2Ban version: 1.0.2-2
  • OS, including release name/version : Debian 12.
  • Fail2Ban installed via OS/distribution mechanisms
  • You have not applied any additional foreign patches to the codebase
  • Some customizations were done to the configuration (provide details below is so)

The issue:

Because Debian 12 uses journalctl for ssh logs and not auth.log, fail2ban refuses to start as there is no ssh log file to point it to.

Steps to reproduce

Install fail2ban on a Debian 12 system. Observe the following:

$ sudo systemctl status fail2ban.service
× fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Sat 2023-12-09 10:05:12 UTC; 7min ago
   Duration: 96ms
       Docs: man:fail2ban(1)
    Process: 65873 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
   Main PID: 65873 (code=exited, status=255/EXCEPTION)
        CPU: 71ms

Dec 09 10:05:12 localhost systemd[1]: Started fail2ban.service - Fail2Ban Service.
Dec 09 10:05:12 localhost fail2ban-server[65873]: 2023-12-09 10:05:12,592 fail2ban.configreader   [65873]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Dec 09 10:05:12 localhost fail2ban-server[65873]: 2023-12-09 10:05:12,599 fail2ban                [65873]: ERROR   Failed during configuration: Have not found any log file for sshd jail
Dec 09 10:05:12 localhost fail2ban-server[65873]: 2023-12-09 10:05:12,601 fail2ban                [65873]: ERROR   Async configuration of server failed
Dec 09 10:05:12 localhost systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Dec 09 10:05:12 localhost systemd[1]: fail2ban.service: Failed with result 'exit-code'.

Expected behavior

Have some way to get fail2ban work with journalctl logging.

Observed behavior

Doesn't work, doesn't start.

Relevant parts of /var/log/fail2ban.log file:

Relevant lines from monitored log files:

The fail2ban.log file is empty because the daemon won't start.
@huornlmj huornlmj added the bug label Dec 9, 2023
@sebres
Copy link
Contributor

sebres commented Dec 10, 2023

Dup of #3292
See #3292 (comment) for a solution.

@sebres sebres closed this as not planned Won't fix, can't repro, duplicate, stale Dec 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug closed-as-duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sebres @huornlmj