问题描述

服务器Ubuntu 20.04开启fail2ban失败，通过journactltl -f查看日志发现错误ERROR Failed during configuration: Have not found any log file for sshd jail。大致的原因就是fail2ban找不到sshd的日志文件。

Sep 09 09:52:17 test systemd[1]: Starting Fail2Ban Service...
Sep 09 09:52:17 test systemd[1]: Started Fail2Ban Service.
Sep 09 09:52:17 test fail2ban-server[370030]: 2024-09-09 09:52:17,874 fail2ban                [370030]: ERROR   Failed during configuration: Have not found any log file for sshd jail
Sep 09 09:52:17 test fail2ban-server[370030]: 2024-09-09 09:52:17,881 fail2ban                [370030]: ERROR   Async configuration of server failed
Sep 09 09:52:17 test systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Sep 09 09:52:17 test systemd[1]: fail2ban.service: Failed with result 'exit-code'.

解决方法(TL;DR:)

执行下边指令：

echo -e "[sshd]\nbackend=systemd\nenabled=true" | sudo tee /etc/fail2ban/jail.local

之后再次重启fail2ban服务即可！

如果上述方法不行的话，可以试试以下方法(debian 12):

• apt install python3-systemd
• include backend=systemd in the jail.local as above
• and since Debian 12 is well and truly systemd (by default) now: it should have fail2ban log to systemd journal instead of the logfile. (logtarget = SYSTEMD-JOURNAL) in the [DEFAULT] section.

参考文章

[BR]: fail2ban does not start on some debian/ubuntu systems - backend should probably be set to systemd on all systemd-based distros #3292