Hi Zbyszek, sorry that I've not followed up on the original report you submitted...
it is indeed an interesting approach please send a patch for init.d script so it would allow it to operate as root by default, and if /etc/default/fail2ban defines "the user" to operate as -- it uses it to start the daemon one of the issues to keep in mind that /etc/init.d/fail2ban creates (if absent) /var/run/fail2ban which inherits the root ownership ... proper ownership should be enforced for the actual user (root or fail2ban) running the daemon/client so they could talk to each other. then we would need clear description on how to add such a user (I am not sure if we should add it while installing the package) and which actions are usable and how unfortunately I am not sure if release team would agree to accept it since this is not per se security related. squeeze-backports would be more realistic target On Thu, 10 Mar 2011, Zbigniew Jędrzejewski-Szmek wrote: > Hi, > if you'd be willing to merge something like this, I'd be happy to > provide whatever help I can. If this would be useful, I can prepare > a more complete patch (including /etc/init.d/fail2ban and > /etc/logrotate.d/fail2ban changes). > Best, > Zbyszek -- =------------------------------------------------------------------= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
