11-09-2021, 11:14 AM
(11-09-2021, 02:51 AM)vongillus Wrote: I think that you should make sure that rsyslog writes to a ramdisk and not persistent storage like eMMC or SD card. This to prevent too many write cycle on flash storage. Check may be if other logs are not already available on the default Mobian which would be compatible with fail2ban.
Thank you!
That was a good hint: As I found out, there's no need to install rsyslog (even though that does work); all you need to do is to copy the file /etc/fail2ban/jail.conf as jail.local, open that newly created file /etc/fail2ban/jail.local and change "backend = auto" to "backend = systemd".
Then fail2ban works.
However, after proceeding further, a troubling question occurred to me:
If I use a key instead of a password and ban ssh from accepting passwords altogether ("PasswordAuthentication no" in etc/ssh/sshd_config) is there any benefit at all in using fail2ban? Or was the whole installation completely futile? Would it even be better to purge it?