fail2ban installation problem

kriticar · 23 August 2015 20:49

After sudo apt-get install fail2ban I can’t start the service.

osmc@osmc:/etc/fail2ban$ sudo systemctl status fail2ban -l
● fail2ban.service - LSB: Start/stop fail2ban
Loaded: loaded (/etc/init.d/fail2ban)
Active: active (exited) since Ned 2015-08-23 22:26:18 CEST; 15
min ago
Process: 22580 ExecStop=/etc/init.d/fail2ban stop (code=exited,
status=0/SUCCESS)
Process: 22590 ExecStart=/etc/init.d/fail2ban start (code=exite
d, status=0/SUCCESS)

Kol 23 22:26:18 osmc fail2ban[22590]: Starting authentication fai
lure monitor: fail2banERROR No file(s) found for glob /var/log/a
uth.log
Kol 23 22:26:18 osmc fail2ban[22590]: ERROR Failed during config
uration: Have not found any log file for ssh jail
Kol 23 22:26:18 osmc fail2ban[22590]: failed!

What could be the problem?

DBMandrake · 23 August 2015 21:10

There is no /var/log/auth.log on OSMC - OSMC uses systemd init which does not use traditional text based log files in /var/log. (They are stored in a database accessed via journalctl instead)

Where exactly did you install it from ? Did you add some additional repository in /etc/apt/sources.list ? Because I find it hard to believe that a version shipped in the Debian Jessie repository is not compatible with systemd when systemd is the default init system in Debian Jessie…

Toast · 24 August 2015 04:22

@DBMandrake: think its is actually that sad that it still uses legacy textlogs instead of journalctl been looking at my other small devices that are running jessie (upgraded from wheezy) and all of em still have that auth.log file and is still actively using it instead of journalctl

kriticar · 24 August 2015 05:40

My sources are:

osmc@osmc:~$ cat /etc/apt/sources.list
deb Index of /debian jessie main contrib non-free

deb Index of /debian jessie-updates main contrib non
-free

deb http://security.debian.org/ jessie/updates main contrib non-f
ree

deb http://apt.osmc.tv jessie main

osmc@osmc:~$

DBMandrake · 24 August 2015 21:02

The problem is fail2ban is expecting there to be a /var/log/auth.log - which doesn’t exist by default on a Debian Jessie install since systemd keeps its own log database which is accessed through journalctl.

The problem is with fail2ban not being being up to date with modern init systems, not with OSMC so I would suggest contacting the authors of fail2ban or doing a Google search to see if anyone else has found a workaround for using fail2ban with systemd init.

It’s possible that you might be able install some sort of syslog backward compatibility package to do redundant logging to /var/log/auth.log to work around fail2ban’s shortcomings but that is well out of the scope of what we can support here.

kriticar · 24 August 2015 21:14

Thanks for explanation. I will try to search for a solution out of this forum.

Regards.

lauf · 25 August 2015 10:01

Hi kriticar,

I have the same problem here. Woulg be glad to read from you if you find anything interesting.
BR

kriticar · 25 August 2015 13:45

Hi,

as in our repository latest version is 0.8.13-1 and from version 0.9 systemd is supported, I am using iptables solution found on:

For now looks good.
When newer version of fail2ban comes, I will switch to it.

Toast · 25 August 2015 14:19

i love being ignored but im gonna try and fail one last time screw fail2ban, screw iptables and use 2step verification…

kriticar · 25 August 2015 14:23

I don’t like idea of 2-step verification.
It complicates my life.
For me iptables (fail2ban uses iptables as well) and a strong password is a decent solution.

kriticar · 26 August 2015 14:34

I have contacted fail2ban maintainer Yaroslav Halchenko (debian@onerussian.com) who has suggested to me to install devel of neurodebian version from the following url:

http://neuro.debian.net/debian-devel/pool/main/f/fail2ban/

Is it OK to install say fail2ban_0.9.3.orig.tar.gz version on RPI2, and how to do it from tar.gz file?

Are there any drawbacks?

Toast · 26 August 2015 15:49

or you could just get the deb file from there

kriticar · 26 August 2015 20:56

OK, if I get the deb file from the site, how to install it?

DBMandrake · 26 August 2015 21:09

sudo dpkg -i nameofdebfile.deb

If it has any dependencies that need satisfying (extract packages need to be downloaded) you may also need to run the following afterwards:

sudo apt-get update && sudo apt-get -f install

kriticar · 27 August 2015 09:17

Thanks. I will try it after I create a backup.

yuusou · 29 September 2015 13:50

Get the .deb file for debian stretch from here, then install it with:

sudo dpkg -i fail2ban*.deb

You’ll then need to fix the dependencies with:

sudo apt-get -f install

Next, there’s an extra dependency you’ll need, python3-systemd, so go ahead and install that:

sudo apt-get install python3-systemd

Finally, edit your /etc/fail2ban/jail.conf using your preferred editor telling it your preferred backend is systemd.

#backend = auto
backend = systemd

Last, but not least, start and enable fail2ban.

systemctl enable fail2ban
systemctl start fail2ban

panni · 22 March 2018 17:25

This issue reappeared with fail2ban 0.9.6:
ERROR No file(s) found for glob /var/log/auth.log

It can be fixed by not only adding backend = systemd to jail.conf, but also adding default_backend = systemd.

Details: fixes default backend handling (as default used value of `known/backe… by sebres · Pull Request #1750 · fail2ban/fail2ban · GitHub