Search code examples
fail2ban

fail2ban refuses to work on Raspberrypi Zero 2 W

I have a RaspberryPi Zero 2 W. I installed fail2ban using the command sudo apt install fail2ban -y. I have been referring to the following resources: PiMyLifeUp, HowtoGeek as well as LinuxSize.

No matter what setting I do in /etc/fail2ban/jail.local, I always get the following error:

× fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Sun 2024-02-18 22:08:00 GMT; 6min ago
Duration: 711ms
Docs: man:fail2ban(1)
Process: 23922 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
Main PID: 23922 (code=exited, status=255/EXCEPTION)
CPU: 699ms

when I run the command: sudo systemctl status fail2ban.service.

Any suggestions on what to do? I have tried to look at resources on GitHub, particularly this one. Other resources I have tried to look at are: Resource1, Resource 2, GitHub Comment, and This GitHub issue.

I am not a programmer by any stretch of imagination. I am a novice. I am not sure if my .conf file is incorrectly set, or if I have to make any other changes. Most resources available online seem to be old as the file contents are different from what I see installed in my system.

Edit 1: The system is currently running Debian 6.1.76-1 (2024-02-01) armv6l. The fail2ban installed is verion 1.0.2-2.

Solution

  • There seems to be an unresolved problem with fail2ban in Debian. There is a bug report of it here.

    Basically, There is a bug with the Debian implementation of fail2ban, where the debian backend is now all systemd but fail2ban expects the old way for logging. Here's how you fix it.

    First, activate systemd as the backend by going to the defaults-debian.conf using the command: sudo nano /etc/fail2ban/defaults-debian.conf

    and adding backend = systemd under the [DEFAULTS] tag in the file. So it looks like:

     [DEFAULT]
   backend = systemd

    Next, go to /etc/fail2ban/filter.d/sshd.conf and find the line: journalmatch = _SYSTEMD_UNIT=ssh.service + _COMM=sshd

    add the word [Init] above it. So now it should look as:

    [Init]
   journalmatch = _SYSTEMD_UNIT=ssh.service + _COMM=sshd

    Done.

    Now restart the service with: sudo systemctl restart fail2ban, and then check with sudo systemctl status fail2ban.

    P.S: The link to the debian bug report was given to me by the kind folks over at reddit in the Debian subreddit.