Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Debian-based image for systemd backend #175

Open
ttionya opened this issue Oct 28, 2024 · 4 comments
Open

Add Debian-based image for systemd backend #175

ttionya opened this issue Oct 28, 2024 · 4 comments
Labels
kind/enhancement status/triage

Comments

@ttionya
Copy link

ttionya commented Oct 28, 2024

Description

Hello,

Debian 12 uses journal instead of rsyslog. fail2ban supports enabling journal support by setting backend=systemd. However, this project uses Alpine, which does not support the systemd backend.

Could you please add a Debian-based image? Thank you.
@ttionya ttionya changed the title Add Debian-based image for systemd Add Debian-based image for systemd backend Oct 28, 2024
@JMarcosHP
Copy link

+1 for this, currently there is no support for systemd backend and systemd-journald which is needed for sshd on Debian 12 and up to get fail2ban working with ssh to get the failed attempts.

@Byh0ki
Copy link

Byh0ki commented Nov 4, 2024

Duplicate of #97

@ilanni2460
Copy link

+1

This function is also what we need, and we hope it can be added.

@JMarcosHP
Copy link

My workaround for this was to switch to the forked docker image on gitlab, this is my compose.yml file:

services:
  fail2ban:
#    image: crazymax/fail2ban:latest
    build:
      context: https://gitlab.com/byh0ki-org/containers/fail2ban.git
      dockerfile: Dockerfile
    container_name: fail2ban
    cap_add:
      - NET_ADMIN
      - NET_RAW
    network_mode: host
    #labels:
    #  - com.centurylinklabs.watchtower.enable=false  #exclude from watchtower auto-update
    environment:
      - PUID=${APPUSER_PUID}  #UID of a user on your system
      - PGID=${APPUSER_PGID}  #GID of the user group on your system
      - TZ=${TIME_ZONE_VALUE}  #your linux timezone
      - F2B_LOG_TARGET=STDOUT
      - F2B_LOG_LEVEL=INFO
      - F2B_DB_PURGE_AGE=30d
    volumes:
      - ./data:/data
      - /var/log/auth.log:/ssh/auth.log:ro
    restart: always

Also I enabled syslog to get the ssh logs on the /var/log/auth.log file again in debian:

/etc/rsyslog.d/ssh.conf

auth,authpriv.*                 /var/log/auth.log

/etc/ssh/sshd_config

SyslogFacility AUTH
LogLevel INFO

Then I mounted /var/log/auth.log in ssh/auth.log on the fail2ban container (see compose file).

This is my ssh jail:

[sshd]
enabled = true
port = 630
logpath = /ssh/auth.log
filter = sshd[mode=aggressive]
chain = INPUT
action = iptables[type=allports, port=630, protocol=tcp, chain=INPUT]
         cloudflare-apiv4
         %(action_abuseipdb)s[abuseipdb_apikey="c0b0f9058268820ef333dd8e0538992a10895e6b679cb8e202f7ee89d26e92128a65ddd457714fa8", abuseipdb_category="4,18,22", bantime="%(bantime)s"]
         telegram
actionban = /data/action.d/abuseipdb-fail2ban-report.sh \
    "<abuseipdb_apikey>" "<matches>" "<ip>" "<abuseipdb_category>" "<bantime>"
maxretry = 3
bantime = -1
findtime = 86400

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement status/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ilanni2460 @Byh0ki @ttionya @JMarcosHP