Bookworm, fail2ban and sshd

To: Debian Users <debian-user@lists.debian.org>
Subject: Bookworm, fail2ban and sshd
From: Charles Curley <charlescurley@charlescurley.com>
Date: Thu, 14 Mar 2024 16:01:54 -0600
Message-id: <[🔎] 20240314160154.2d65575c@hawk.localdomain>

I'm trying to set fail2ban up on bookworm. It refuses to run with the
default configuration (sshd only), reporting:

Failed during configuration: Have not found any log file for sshd jail

Near as I can figure, fail2ban expects sshd's log file to be
/var/log/auth.log. Which does not exist on my target machine.

On a brief inspection, machines that have new installations of bookworm
do not have /var/log/auth.log. Machines running bullseye or upgraded
from bullseye to bookworm have it.

Commenting out sshd's "enabled" line (in
/etc/fail2ban/jail.d/defaults-debian.conf) allows the daemon to start,
but it isn't doing anything useful.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Reply to:

Follow-Ups:
- Re: Bookworm, fail2ban and sshd
  - From: Andy Smith <andy@strugglers.net>
- Re: Bookworm, fail2ban and sshd
  - From: Curt <curty@free.fr>

Prev by Date: Re: logcheck(1) in bookworm 12.5 /etc/logcheck/logcheck.logfiles.d/syslog.logfiles
Next by Date: Re: logcheck(1) in bookworm 12.5 /etc/logcheck/logcheck.logfiles.d/syslog.logfiles
Previous by thread: keyboard and mouse just stuck
Next by thread: Re: Bookworm, fail2ban and sshd
Index(es):
- Date
- Thread