Well, I guess I should have dug around a bit more: selinux was preventing fail2ban from reading in the chrooted named directory. nm, but thanks. :)
- bill > On Jul 19, 2020, at 11:20 AM, Bill Babcock <[email protected]> wrote: > > Hi Folks, > > I upgraded a system recently and with that also upgraded to fail2ban 0.10.5 > from 0.9.4. > I discovered that running fail2ban from systemd failed if I had the > named-refused-* rules enabled with this error: > > fail2ban-server[1161]: 2020-07-18 16:06:29,230 fail2ban > [1161]: ERROR Failed during configuration: Have not found any log file for > named-refused-tcp jail > > (I also have the udp rule and it likewise fails and I know the caution of > using that.) > However if I run the command by hand (as user root), it starts up fine and > can find the log file. > I'm running chrooted named and this worked fine in 0.9.4 (and as I say when I > run '/usr/bin/python -s /usr/bin/fail2ban-server -xf start' by hand). > > So after searching without much success I was hoping someone might have a > suggestion on how to address this. > My other rules appear to be working correctly and don't prevent startup via > systemctl. > > Thanks, > > - bill > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
