12
Setting up fail2ban on Debian 12 (lemmy.world)
submitted 7 months ago by root@lemmy.world to c/homelab@lemmy.ml
5 comments fedilink hide all child comments

I've used fail2ban in the past on Ubuntu, and it was very easy to setup.

Apparently on Debian, there is no /var/log/auth.log, and it does not use iptables, so fail2ban is not seeing the failed login attempts and jailing the purp.

Has anyone set this up successfully before? I see suggestions online to set backend = systemd, but this does not seem to be fixing the issue for me.

top 5 comments
sorted by: hot top controversial new old
[-] aniki@lemm.ee 3 points 7 months ago

If you're looking for an SSH jail I think the Arch docs are going to be relevant, as it looks like it's configured much differently with systemd.

https://wiki.archlinux.org/title/Fail2ban

[-] root@lemmy.world 2 points 7 months ago

Oooh, good point. I'm not even sure if I should be using this with cert only based auth

It does usually not make sense to use fail2ban with e.g sshd when only public key authentication or similar is enabled.

[-] tvcvt@lemmy.ml 2 points 7 months ago

I think you can deal with this by installing either rsyslog or syslog-ng and iptables. They all should be in the repos. Once you’ve go those set up it should supersede the equivalent systemd utilities.

[-] root@lemmy.world 1 points 7 months ago

Thank you, I might give this a try tomorrow. I thought I read something similar, but that it would require you to take care of log rotation as well otherwise they would just grow. Not sure how true that is.

[-] tvcvt@lemmy.ml 2 points 7 months ago

There’s a utility called logrotate that should take care of the log rotation for you.

Good luck getting it all set up.

this post was submitted on 20 Feb 2024
12 points (92.9% liked)

homelab

6460 readers
4 users here now

founded 4 years ago
MODERATORS
CMonster@lemmy.ml