I'm trying to set fail2ban up on bookworm. It refuses to run with the default configuration (sshd only), reporting:
Failed during configuration: Have not found any log file for sshd jail Near as I can figure, fail2ban expects sshd's log file to be /var/log/auth.log. Which does not exist on my target machine. On a brief inspection, machines that have new installations of bookworm do not have /var/log/auth.log. Machines running bullseye or upgraded from bullseye to bookworm have it. Commenting out sshd's "enabled" line (in /etc/fail2ban/jail.d/defaults-debian.conf) allows the daemon to start, but it isn't doing anything useful. -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
