[contribteam] [Bug 11586] fail2ban server fails to start

Mon, 17 May 2021 06:42:10 -0700 

https://bugs.koozali.org/show_bug.cgi?id=11586

Graeme Fleming <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |CONFIRMED
                 CC|                            |[email protected]
     Ever confirmed|0                           |1

--- Comment #4 from Graeme Fleming <[email protected]> ---
Installed on RC1 with same issues re the log file names in the templates &
missing sshd-ddos.conf file.

I copied the sshd-ddos.conf file from a working 9.2 server as did NickR.

Having made NickR's edits to the templates & running the expand-template
routine the jail.conf file is now correct and the service starts correctly.

Cheking the daemon.log file I also observed that the qpsmtpd jail was not
created/started.

As Rod commented "The code in the qpsmtpd fail2ban template checks this entry.
/etc/e-smith/templates/etc/fail2ban/jail.conf"

In this file 30Service20qpsmtpd, so:

my $status = $smtpd{'status'} || 'disabled';
my $f2b = $qpsmtpd{'Fail2Ban'} || 'enabled';
return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
my @ports = ();
push @ports, ($smtpd{'TCPPort'} || '25');
push @ports, ($ssmtpd{'TCPPort'} || '465')
  if (($ssmtpd{'status'} || 'disabled') eq 'enabled');
my $port = join (",", @ports);

I modified the template code to the following:

my $status = $sqpsmtpd{'status'} || 'disabled';
my $f2b = $qpsmtpd{'Fail2Ban'} || 'enabled';
return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
my @ports = ();
push @ports, ($qpsmtpd{'TCPPort'} || '25');
push @ports, ($sqpsmtpd{'TCPPort'} || '465')
  if (($sqpsmtpd{'status'} || 'disabled') eq 'enabled');
my $port = join (",", @ports);

This works in as much as I now have a working qpsmtpd jail configured under F2B
but I don't know if the servie changes I made are the best way to acheive this
.. do we need to be pushing the service port settings here?

If there is a better way then please let me know.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

Reply via email to