I thought I’d share my experiences with setting up fail2ban on macOS High 
Sierra. 

Some of you may know Apple has, for a large part, transitioned from cleartext 
logging to unified binary logging 
(https://developer.apple.com/documentation/os/logging). That means many key 
system daemons such as sshd log very little, if anything, to good ole’ 
system.log anymore.

External tools like fail2ban can’t read the binary format directly, so some 
”middleware” is needed. Fortunately the systm has a log command which can be 
used to read the binary logs and even stream events to a cleartext log file.

I created the following command which I run as a script under daemondo. It 
creates a separate log file for sshd events which monitor with fail2ban to get 
relevant sshd log entries.

sudo log stream --predicate '(process == "sshd")' --style syslog --level info 
--type=log >> /var/log/logstreams/sshd.log

I would like to also log and monitor smbd logins but so far haven’t found a way 
to do that. Streaming the smbd process logs doesn’t appear to log logins.



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to