From edf70990cae06c39dc3c88a2b8496fd7be5bf67c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C4=83rcziem=20=E2=84=A2?=
 <118485377+spalencsar@users.noreply.github.com>
Date: Mon, 6 Oct 2025 11:25:29 +0200
Subject: [PATCH] Fix Fail2ban log path for openSUSE - use /var/log/messages
 instead of %(sshd_log)s variable

---
 lib/security.sh | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/lib/security.sh b/lib/security.sh
index 12be9e5..e02acb6 100644
--- a/lib/security.sh
+++ b/lib/security.sh
@@ -51,7 +51,23 @@ maxretry = 3
 [sshd]
 enabled = true
 port = ${DEFAULT_SSH_PORT:-22}
-logpath = %(sshd_log)s
+EOF
+
+    # Add distribution-specific log path for SSH
+    case $DISTRO in
+        ubuntu|debian|fedora|arch)
+            echo "logpath = /var/log/auth.log" | sudo tee -a /etc/fail2ban/jail.local
+            ;;
+        opensuse)
+            # openSUSE uses /var/log/messages for SSH logs
+            echo "logpath = /var/log/messages" | sudo tee -a /etc/fail2ban/jail.local
+            ;;
+        *)
+            echo "logpath = /var/log/auth.log" | sudo tee -a /etc/fail2ban/jail.local
+            ;;
+    esac
+
+    sudo tee -a /etc/fail2ban/jail.local > /dev/null <<EOF
 
 [dropbear]
 enabled = false