After sudo apt-get install fail2ban I can’t start the service.
osmc@osmc:/etc/fail2ban$ sudo systemctl status fail2ban -l
● fail2ban.service - LSB: Start/stop fail2ban
Loaded: loaded (/etc/init.d/fail2ban)
Active: active (exited) since Ned 2015-08-23 22:26:18 CEST; 15
Process: 22580 ExecStop=/etc/init.d/fail2ban stop (code=exited,
Process: 22590 ExecStart=/etc/init.d/fail2ban start (code=exite
Kol 23 22:26:18 osmc fail2ban: Starting authentication fai
lure monitor: fail2banERROR No file(s) found for glob /var/log/a
Kol 23 22:26:18 osmc fail2ban: ERROR Failed during config
uration: Have not found any log file for ssh jail
Kol 23 22:26:18 osmc fail2ban: failed!
What could be the problem?
There is no /var/log/auth.log on OSMC - OSMC uses systemd init which does not use traditional text based log files in /var/log. (They are stored in a database accessed via journalctl instead)
Where exactly did you install it from ? Did you add some additional repository in /etc/apt/sources.list ? Because I find it hard to believe that a version shipped in the Debian Jessie repository is not compatible with systemd when systemd is the default init system in Debian Jessie…
@DBMandrake: think its is actually that sad that it still uses legacy textlogs instead of journalctl been looking at my other small devices that are running jessie (upgraded from wheezy) and all of em still have that auth.log file and is still actively using it instead of journalctl
My sources are:
osmc@osmc:~$ cat /etc/apt/sources.list
deb http://ftp.debian.org/debian jessie main contrib non-free
deb Index of /debian jessie-updates main contrib non
deb http://security.debian.org/ jessie/updates main contrib non-f
deb http://apt.osmc.tv jessie main
The problem is fail2ban is expecting there to be a /var/log/auth.log - which doesn’t exist by default on a Debian Jessie install since systemd keeps its own log database which is accessed through journalctl.
The problem is with fail2ban not being being up to date with modern init systems, not with OSMC so I would suggest contacting the authors of fail2ban or doing a Google search to see if anyone else has found a workaround for using fail2ban with systemd init.
It’s possible that you might be able install some sort of syslog backward compatibility package to do redundant logging to /var/log/auth.log to work around fail2ban’s shortcomings but that is well out of the scope of what we can support here.
Thanks for explanation. I will try to search for a solution out of this forum.
I have the same problem here. Woulg be glad to read from you if you find anything interesting.
as in our repository latest version is 0.8.13-1 and from version 0.9 systemd is supported, I am using iptables solution found on:
For now looks good.
When newer version of fail2ban comes, I will switch to it.
i love being ignored but im gonna try and fail one last time screw fail2ban, screw iptables and use 2step verification…
I don’t like idea of 2-step verification.
It complicates my life.
For me iptables (fail2ban uses iptables as well) and a strong password is a decent solution.
I have contacted fail2ban maintainer Yaroslav Halchenko (firstname.lastname@example.org) who has suggested to me to install devel of neurodebian version from the following url:
Is it OK to install say fail2ban_0.9.3.orig.tar.gz version on RPI2, and how to do it from tar.gz file?
Are there any drawbacks?
or you could just get the deb file from there
OK, if I get the deb file from the site, how to install it?
sudo dpkg -i nameofdebfile.deb
If it has any dependencies that need satisfying (extract packages need to be downloaded) you may also need to run the following afterwards:
sudo apt-get update && sudo apt-get -f install
Thanks. I will try it after I create a backup.
Get the .deb file for debian stretch from here, then install it with:
sudo dpkg -i fail2ban*.deb
You’ll then need to fix the dependencies with:
sudo apt-get -f install
Next, there’s an extra dependency you’ll need, python3-systemd, so go ahead and install that:
sudo apt-get install python3-systemd
Finally, edit your /etc/fail2ban/jail.conf using your preferred editor telling it your preferred backend is systemd.
#backend = auto
backend = systemd
Last, but not least, start and enable fail2ban.
systemctl enable fail2ban
systemctl start fail2ban
This issue reappeared with fail2ban 0.9.6:
ERROR No file(s) found for glob /var/log/auth.log
It can be fixed by not only adding
backend = systemd to
jail.conf, but also adding
default_backend = systemd.
Details: fixes default backend handling (as default used value of `known/backe… by sebres · Pull Request #1750 · fail2ban/fail2ban · GitHub