New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fail2ban ignores action.d config after server reboot #1011
Comments
Using debian start scripts, I can see that fail2ban should be the last service which is started on my system (S99)
For instance, I can't find a reason why fail2ban's behaviour is different after a server reboot. |
Since 0.9.1 the loading of config files are totally revised, so I can no more track all changes since very old v0.8.6, what affects this problem. |
As far as I can see debian jessie will be released with fail2ban 0.8.13, which would already be too old then. I could wait another 3 years until 0.9.1 hopefully makes it into debian stable. |
We have no influence on debian maintainer, but you have an alternative to install a newer version of this package from another maintainers or even directly a master from github. Just backup your configs in /etc/fail2ban, uninstall previous and install new version, profit... |
A trustworthy upstream debian repository for debian stable and oldstable would be nice for that. I pretty much love the way PostgreSQL is rolling out their releases ages before distro maintainers do. I see what I can do. However, setting up a test system just for that seems a bit of overhead to me. I don't want to run some setup program which potentially copies files somewhere, where I can't find them again for a clean uninstall (which a .deb would provide). Can I somehow build a deb for wheezy from the git repository? |
I upload backports of fresh releases also to NeuroDebian, so check there - should be as trustworthy as upstream or stock Debian :-) On April 7, 2015 9:30:15 AM EDT, Thomas Mayer notifications@github.com wrote:
Sent from a phone which beats iPhone. |
Re @sebres 's "We have no influence on debian maintainer" -- well -- we do, since it is the same yours truly me ;) But we might have limited to no influence over non-critical bugs in stable releases in stock debian repositories. It feels that the issue is of that kind, and in general should have been reported to the Debian maintainer (i.e. me) via |
I have applied the changes of #1006 on my server and set
in the mail-whois-common.conf (or mail-whois-common.local alternatively).
That worked fine until I performed a server reboot.
How to reproduce
Result: I get an attachment in the email again, which should be avoided via #1006 config
Then comes the strange part:
Result: All is fine and I get a perfectly formatted email without attachment. This can only happen with the changes from #1006
As far as I can see, fail2ban ignores my config after a reboot, but it respects my config after restarting the fail2ban service.
Suggestion: There should not be a difference between reboot and restart of the service.
Please note that my fail2ban version is rather old: v0.8.6 which comes from debian wheezy.
The problem seems to be reproducable. I tried several times.
I also found out that performing a
seems to be equivalent to
in terms of this issue.
The text was updated successfully, but these errors were encountered: