I thought I’d share my experiences with setting up fail2ban on macOS High Sierra.
Some of you may know Apple has, for a large part, transitioned from cleartext logging to unified binary logging (https://developer.apple.com/documentation/os/logging). That means many key system daemons such as sshd log very little, if anything, to good ole’ system.log anymore. External tools like fail2ban can’t read the binary format directly, so some ”middleware” is needed. Fortunately the systm has a log command which can be used to read the binary logs and even stream events to a cleartext log file. I created the following command which I run as a script under daemondo. It creates a separate log file for sshd events which monitor with fail2ban to get relevant sshd log entries. sudo log stream --predicate '(process == "sshd")' --style syslog --level info --type=log >> /var/log/logstreams/sshd.log I would like to also log and monitor smbd logins but so far haven’t found a way to do that. Streaming the smbd process logs doesn’t appear to log logins. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users