On Tue, 07 Jul 2015, Vincent Lefevre wrote: > On 2015-07-06 23:11:27 -0400, Yaroslav Halchenko wrote: > > On Tue, 07 Jul 2015, Vincent Lefevre wrote: > > > The problem is that fail2ban doesn't offer any protection at all > > > because it fails silently. So, instead of possibly having one thing > > > broken, one has everything broken!!! There should be a way for the > > > user to know (without any special action on his part) that fail2ban > > > could not start.
> > brr -- didn't you get a log stating that it failed to start and a reason > > for the failure stated (as you quoted above)? > This is only in the logs. The user isn't supposed to look at the > logs each time he boots his machine to check whether some service > has refused to start by design. it is also on console whenever you are trying to start a misconfigured service (I have tuned up jail.conf to point to a nonexisting file): hopa# service fail2ban start Job for fail2ban.service failed. See 'systemctl status fail2ban.service' and 'journalctl -xn' for details. hopa# /etc/init.d/fail2ban start [....] Starting fail2ban (via systemctl): fail2ban.serviceJob for fail2ban.service failed. See 'systemctl status fail2ban.service' and 'journalctl -xn' for details. failed! does it report a successful start for you? if not -- I would close it (again) since I see no problem. Would apache2 start for you if you have misconfigured one of its hosted domains? the only possible related enhancement I can see is extending config specification to allow for "automatic enable for sections if log files exist", but it needs to be explicit: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407404 https://github.com/fail2ban/fail2ban/issues/55 if you feel that this is what you want then I would just merge this one into 407404. if you care to send a PR against upstream -- it might get in ;) -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Research Scientist, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
