Fail2ban debian jessie package not working:
On fresh debian jessie with openssh-server
(tested in docker container):
root@2b29327677c8:/# cat /etc/debian_version
8.3
root@2b29327677c8:/# apt-get install fail2ban
root@2b29327677c8:/# apt-cache policy fail2ban
fail2ban:
Installed: 0.8.13-1
Candidate: 0.8.13-1
Version table:
*** 0.8.13-1 0
500 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
100 /var/lib/dpkg/status
root@2b29327677c8:/# service fail2ban start
Starting authentication failure monitor: fail2banERROR No file(s) found for glob /var/log/auth.log
ERROR Failed during configuration: Have not found any log file for ssh jail
failed!
Debian jessie do not have /var/log/auth.log
How to use fail2ban on debian jessie to watch ssh connections ?
Best Answer
It appears that fail2ban version 0.9.0 introduced a systemd journal backend:
However, Debian 8 (jessie) has fail2ban version 0.8.13 and the changelog as of package version 0.8.13-1 has no indication that this functionality would have been been backported either.
This seems like a bit of an oversight considering the use of systemd, but would explain your problems. (You can obviously still monitor anything that is written to plain log files.)