homelab

6602 readers

1 users here now

founded 4 years ago

MODERATORS

[email protected]

Setting up fail2ban on Debian 12 (lemmy.world)

submitted 9 months ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

I've used fail2ban in the past on Ubuntu, and it was very easy to setup.

Apparently on Debian, there is no /var/log/auth.log, and it does not use iptables, so fail2ban is not seeing the failed login attempts and jailing the purp.

Has anyone set this up successfully before? I see suggestions online to set backend = systemd, but this does not seem to be fixing the issue for me.

top 5 comments

sorted by: hot top controversial new old

[–] [email protected] 3 points 9 months ago (1 children)

If you're looking for an SSH jail I think the Arch docs are going to be relevant, as it looks like it's configured much differently with systemd.

https://wiki.archlinux.org/title/Fail2ban

[–] [email protected] 2 points 9 months ago

Oooh, good point. I'm not even sure if I should be using this with cert only based auth

It does usually not make sense to use fail2ban with e.g sshd when only public key authentication or similar is enabled.

[–] [email protected] 2 points 9 months ago (1 children)

I think you can deal with this by installing either rsyslog or syslog-ng and iptables. They all should be in the repos. Once you’ve go those set up it should supersede the equivalent systemd utilities.

[–] [email protected] 1 points 9 months ago (1 children)

Thank you, I might give this a try tomorrow. I thought I read something similar, but that it would require you to take care of log rotation as well otherwise they would just grow. Not sure how true that is.

[–] [email protected] 2 points 9 months ago

There’s a utility called logrotate that should take care of the log rotation for you.

Good luck getting it all set up.