Debian – Fail2ban compatibility debian debian jessie systemd

debianfail2ban

Fail2ban debian jessie package not working:

On fresh debian jessie with openssh-server (tested in docker container):

root@2b29327677c8:/# cat /etc/debian_version 
8.3
root@2b29327677c8:/# apt-get install fail2ban
root@2b29327677c8:/# apt-cache policy fail2ban
fail2ban:
  Installed: 0.8.13-1
  Candidate: 0.8.13-1
  Version table:
 *** 0.8.13-1 0
        500 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
        100 /var/lib/dpkg/status

root@2b29327677c8:/# service fail2ban start
Starting authentication failure monitor: fail2banERROR  No file(s) found for glob /var/log/auth.log
ERROR  Failed during configuration: Have not found any log file for ssh jail
 failed!

Debian jessie do not have /var/log/auth.log

How to use fail2ban on debian jessie to watch ssh connections ?

Best Answer

It appears that fail2ban version 0.9.0 introduced a systemd journal backend:

systemd journal backend has been created. This has a dependency on python-systemd. To use journal match in filters there is a "journalmatch".

However, Debian 8 (jessie) has fail2ban version 0.8.13 and the changelog as of package version 0.8.13-1 has no indication that this functionality would have been been backported either.

This seems like a bit of an oversight considering the use of systemd, but would explain your problems. (You can obviously still monitor anything that is written to plain log files.)

Best Answer

Related Solutions

Debian – DEB ‘Provides:’ Field Ignored

Debian – apt-get don’t support https and can’t install the necessery package to do it

Related Topic