LoginSignup
1
1
@turnturn(turn turn)

ラズパイでfail2banが起動しない

Last updated at Posted at 2024-01-26
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"

Raspberry Pi OSにfail2banをインストールしてみたものの以下のようなエラーが出て起動に失敗する。

$ sudo systemctl start fail2ban
$ sudo systemctl status fail2ban
fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset>
     Active: failed (Result: exit-code) since Fri 2024-01-26 20:42:16 JST;>
   Duration: 524ms
       Docs: man:fail2ban(1)
    Process: 1287 ExecStart=/usr/bin/fail2ban-server -xf start (code=exite>
   Main PID: 1287 (code=exited, status=255/EXCEPTION)
        CPU: 410ms

 1月 26 20:42:15 cactus systemd[1]: Started fail2ban.service - Fail2Ban Se>
 1月 26 20:42:16 cactus fail2ban-server[1287]: 2024-01-26 20:42:16,134 fai>
 1月 26 20:42:16 cactus fail2ban-server[1287]: 2024-01-26 20:42:16,198 fai>
 1月 26 20:42:16 cactus fail2ban-server[1287]: 2024-01-26 20:42:16,199 fai>
 1月 26 20:42:16 cactus systemd[1]: fail2ban.service: Main process exited,>
 1月 26 20:42:16 cactus systemd[1]: fail2ban.service: Failed with result '>

'>'以降省略...。

$ sudo fail2ban-server start
2024-01-26 20:46:05,106 fail2ban.configreader   [1308]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
2024-01-26 20:46:05,176 fail2ban                [1308]: ERROR   Failed during configuration: Have not found any log file for sshd jail
2024-01-26 20:46:05,184 fail2ban                [1308]: ERROR   Async configuration of server failed

調べた結果、OSに/var/log/auth.logなどを出力するrsyslogがインストールされていないためっだった。
rsyslogの代わりにsystemd journalを使うように設定すれば上手くいった。

$ sudo vi /etc/fail2ban/jail.conf
[DEFAULT]
backend = systemd

〜略

$ sudo systemctl start fail2ban
$ sudo systemctl status fail2ban

fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset>
     Active: active (running) since Fri 2024-01-26 20:47:30 JST; 3s ago
       Docs: man:fail2ban(1)
   Main PID: 1318 (fail2ban-server)
      Tasks: 7 (limit: 8740)
        CPU: 554ms
     CGroup: /system.slice/fail2ban.service
             └─1318 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

 1月 26 20:47:30 cactus systemd[1]: Started fail2ban.service - Fail2Ban Se>
 1月 26 20:47:30 cactus fail2ban-server[1318]: 2024-01-26 20:47:30,954 fai>
 1月 26 20:47:31 cactus fail2ban-server[1318]: Server ready

$ sudo fail2ban-server start
2024-01-26 20:50:13,722 fail2ban.configreader   [1350]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Server ready

(systemctlでfail2banは起動しているのでfail2ban-server startはいらない。起動メッセージ確認のため)

...そして一夜明けて

$ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 1
|  |- Total failed:     67
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 20
   |- Total banned:     20
   `- Banned IP list:   〜略

動いています。

1
1
2

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
1