Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1037437: From fresh bookworm install default sshd jail in fail2ban won’t work without rsyslog installed
588 views
Skip to first unread message
Pèpié Trente Quatre
Jun 12, 2023, 5:10:04 PM6/12/23
to
Package: fail2ban
Version: 1.0.2-2
From fresh bookworm installation, In fail2ban, the sshd jail which is enable by default won’t work without rsyslog installed. The fail2ban service then fails to start.
José Miguel Gonçalves
Jul 7, 2023, 5:20:04 AM7/7/23
to
Hi,
As Debian opted by systemd journal as the default logging mechanism for
bookworm, maybe a better option would be to change the default
configuration in '/etc/fail2ban/jail.conf' to select journal as the
logging source, i.e., instead of setting 'backend = auto', set 'backend
= systemd'.
Best regards,
José Gonçalves
As Debian opted by systemd journal as the default logging mechanism for
bookworm, maybe a better option would be to change the default
configuration in '/etc/fail2ban/jail.conf' to select journal as the
logging source, i.e., instead of setting 'backend = auto', set 'backend
= systemd'.
Best regards,
José Gonçalves
Jeremy Davis
Jul 13, 2023, 6:20:06 PM7/13/23
to
FWIW it appears that this bug is essentially a duplicate of #770171:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
That seems like a sensible suggestion to me.
Can you confirm that the current default bookworm fail2ban config/regex
works with sshd with just this change (to 'backend' in
/etc/fail2ban/jail.conf)? Or are further adjustments required?
Regards,
Jeremy
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171
Can you confirm that the current default bookworm fail2ban config/regex
works with sshd with just this change (to 'backend' in
/etc/fail2ban/jail.conf)? Or are further adjustments required?
Regards,
Jeremy
José Miguel Gonçalves
Jul 13, 2023, 6:50:05 PM7/13/23
to
Hi Jeremy,
On 13/07/23 23:01, Jeremy Davis wrote:
> Can you confirm that the current default bookworm fail2ban
> config/regex works with sshd with just this change (to 'backend' in
> /etc/fail2ban/jail.conf)? Or are further adjustments required?
Yes, I can confirm that fail2ban sshd jail works fine using the default
config and just changing the 'backend' to 'systemd'.
Best regards,
José Gonçalves
On 13/07/23 23:01, Jeremy Davis wrote:
> Can you confirm that the current default bookworm fail2ban
> config/regex works with sshd with just this change (to 'backend' in
> /etc/fail2ban/jail.conf)? Or are further adjustments required?
config and just changing the 'backend' to 'systemd'.
Best regards,
José Gonçalves
Jeremy Davis
Jul 21, 2023, 2:10:05 AM7/21/23
to
As a follow up (in case anyone hits the same issue as me):
After setting 'backend = systemd' fail2ban refused to start!?
It turns out that when using 'backend = systemd', python3-systemd is a
hard requirement. It is a recommended package for fail2ban but I have
recommends disabled by default, so had to manually install it.
After setting 'backend = systemd' fail2ban refused to start!?
It turns out that when using 'backend = systemd', python3-systemd is a
hard requirement. It is a recommended package for fail2ban but I have
recommends disabled by default, so had to manually install it.
Richard Lewis
Jul 21, 2023, 4:00:06 AM7/21/23
to
i wonder if a missing python3-systemd is the only reason for this bug: fail2ban + sshd works fine with backend=auto for me, and i have recommends installed.
So rather than changing the default 'backend', debian should just promote python3-systemd to 'depends'.
0 new messages