No file(s) found for glob /var/log/auth.log

[robert1112]

Hi

Thanks for your sharing. I just successfully install the container but when I want to start it, I got the error No file(s) found for glob /var/log/auth.log

I am new to container and Fail2Ban. How can I solve this? Thanks.

[ninjalf2]

I am getting the same error.

OS: CentOS 7.6.1810 Kernel: 3.10.0-957.5.1.el7.x86_64

[SuperITMan]

@robert1112 @ninjalf2 I took a quick look on your issue and I found this: https://unix.stackexchange.com/questions/268357/how-to-configure-fail2ban-with-systemd-journal

According to this post, it seems that you don't have syslog or rsyslog on your system which causes that you don't have the auth.log file. This log file is used by my default config for fail2ban to protect your ssh connection.

You can see my jail.local config:

[ssh]
enabled  = true
port = ssh
filter = sshd
# Change this path if needed or remove all config to disable the ssh protection
logpath = /var/log/auth.log 
maxretry = 5

Don't hesitate to replace my default jail.local config with yours by adding the argument

-v /path/to/jail.local:/etc/fail2ban/jail.local

If you think that the default config could be improved, don't hesitate to propose a better config 😊

[robert1112]

Hi @SuperITMan

First Thank you for your support. I will take a look and take time understanding it. (I am new to Docker and Fail2Ban.)

Is it possible for you to share what pro and con of having Fail2Ban installed as a dock conatiner versus installed on the host? Thank you so much.