$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
Raspberry Pi OSにfail2banをインストールしてみたものの以下のようなエラーが出て起動に失敗する。
$ sudo systemctl start fail2ban
$ sudo systemctl status fail2ban
fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset>
Active: failed (Result: exit-code) since Fri 2024-01-26 20:42:16 JST;>
Duration: 524ms
Docs: man:fail2ban(1)
Process: 1287 ExecStart=/usr/bin/fail2ban-server -xf start (code=exite>
Main PID: 1287 (code=exited, status=255/EXCEPTION)
CPU: 410ms
1月 26 20:42:15 cactus systemd[1]: Started fail2ban.service - Fail2Ban Se>
1月 26 20:42:16 cactus fail2ban-server[1287]: 2024-01-26 20:42:16,134 fai>
1月 26 20:42:16 cactus fail2ban-server[1287]: 2024-01-26 20:42:16,198 fai>
1月 26 20:42:16 cactus fail2ban-server[1287]: 2024-01-26 20:42:16,199 fai>
1月 26 20:42:16 cactus systemd[1]: fail2ban.service: Main process exited,>
1月 26 20:42:16 cactus systemd[1]: fail2ban.service: Failed with result '>
'>'以降省略...。
$ sudo fail2ban-server start
2024-01-26 20:46:05,106 fail2ban.configreader [1308]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
2024-01-26 20:46:05,176 fail2ban [1308]: ERROR Failed during configuration: Have not found any log file for sshd jail
2024-01-26 20:46:05,184 fail2ban [1308]: ERROR Async configuration of server failed
調べた結果、OSに/var/log/auth.logなどを出力するrsyslogがインストールされていないためっだった。
rsyslogの代わりにsystemd journalを使うように設定すれば上手くいった。
$ sudo vi /etc/fail2ban/jail.conf
[DEFAULT]
backend = systemd
〜略
$ sudo systemctl start fail2ban
$ sudo systemctl status fail2ban
fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset>
Active: active (running) since Fri 2024-01-26 20:47:30 JST; 3s ago
Docs: man:fail2ban(1)
Main PID: 1318 (fail2ban-server)
Tasks: 7 (limit: 8740)
CPU: 554ms
CGroup: /system.slice/fail2ban.service
└─1318 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
1月 26 20:47:30 cactus systemd[1]: Started fail2ban.service - Fail2Ban Se>
1月 26 20:47:30 cactus fail2ban-server[1318]: 2024-01-26 20:47:30,954 fai>
1月 26 20:47:31 cactus fail2ban-server[1318]: Server ready
$ sudo fail2ban-server start
2024-01-26 20:50:13,722 fail2ban.configreader [1350]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Server ready
(systemctlでfail2banは起動しているのでfail2ban-server startはいらない。起動メッセージ確認のため)
...そして一夜明けて
$ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 1
| |- Total failed: 67
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 20
|- Total banned: 20
`- Banned IP list: 〜略
動いています。