[CentOS] Fail2ban & logrotate [was: Update on spam, postfix, fail2ban, centos 6]
Bob Hoffman
bob at bobhoffman.comMon Jun 18 14:07:41 UTC 2012
- Previous message: [CentOS] Fail2ban & logrotate [was: Update on spam, postfix, fail2ban, centos 6]
- Next message: [CentOS] Fail2ban & logrotate [was: Update on spam, postfix, fail2ban, centos 6]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 6/18/2012 9:53 AM, Leonard den Ottolander wrote: > Hello Bob, > > On Sun, 2012-06-17 at 23:41 -0400, Bob Hoffman wrote: >> /etc/fail2ban/jail.conf >> change line 39 to >> backend = gamin >> >> Without this fail2ban will ignore log rotations by logrotate and stay on >> the old file in your jails. > Polling doesn't work with python>= 2.6. I haven't tested if you will > actually get a warning when using backend = polling, but there's some > code in asyncserver.py disables polling. Using backend = auto will fall > back to using pyInotify. This backend causes the issue with fail2ban not > noticing the log files having been rotated. Might be an issue with too > few events being passed to fail2ban. Couldn't quite work it out yet. > > I have reported the issue: > https://bugzilla.redhat.com/show_bug.cgi?id=833056 > >> with more than one jail you can (and will) get chances of errors when >> starting fail2ban. Some people seem to attribute it centos 6 >> having an older version of netfilter. The program goes to fast for >> iptables and chokes setting up the chains. > This issue is known in Debian's bug tracker which also provides a > reference to a patch that you might want to check out. > > I have reported the issue: > https://bugzilla.redhat.com/show_bug.cgi?id=833046 > >> You have to have debug with at least 'info' to see these errors. > They are reported as errors, so I think you might be mistaken here. If > not then there's a bug with the error reporting :p . > >> When >> stopping you will get a ton of these errors too, but they seem >> to have no effect on anything. > Those errors are caused by the chains to be removed not actually being > there. > >> add sleep command into the following > That won't work with the current version. The code has changed > significantly. See the patch mentioned in the bugzilla entry above. > >> The whole log thing is borked. >> if you try to use fail2ban.log, fail2ban itself will choke on it. > Haven't run into this one yet. Perhaps you can report that via > https://bugzilla.redhat.com/ (you can find EPEL under Fedora). > > Regards, > Leonard. > Leonard, The debian and redhat issues seem to be worlds apart. I know as I tried all the fixes and found debian fixes a dead end. Gamin is the only polling that allowed fail2ban to work. No other polling worked after rotate. The errors on shutdown are the same as the errors for startup, when not using sleep. I get one for each jail it kills in iptables. the sleep command that I presented does prevent the issue on startup. I tried about 10 different ones until that one hit. It does work with centos 6, so far mine is running well. However, since that last updates a few weeks ago I have not restarted it, so will check on it. The log file issue is due to all three programs wanting to look in a different place for the logfile. You have to pick one and change all other references. Why fail2ban dies looking for fail2ban.log, but works fine looking for a log file named 'fail2ban' has to be something in their code somewhere. I don't know if this is any bug I would submit to redhat, it seemed to be fail2ban's issue...and each issue I had has been going on for years according to the huge number of pages I went too...including fail2ban's own documents of these various issues. Now I am afraid to restart it...lol....
- Previous message: [CentOS] Fail2ban & logrotate [was: Update on spam, postfix, fail2ban, centos 6]
- Next message: [CentOS] Fail2ban & logrotate [was: Update on spam, postfix, fail2ban, centos 6]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list