Public bug reported:
The /etc/logrotate.d/fail2ban script shipped with Ubuntu's fail2ban package is
missing "|| true" at the end of the flushlogs command. This causes logrotate to
fail during boot if it runs before fail2ban is fully started, resulting in a
systemd "degraded" state.
Ubuntu version:
Ubuntu 24.04.3 LTS
Package version:
fail2ban 1.0.2-3ubuntu0.1
What I expected:
Logrotate should complete successfully even if fail2ban isn't running yet.
What happened instead:
Logrotate fails with error:
fail2ban [788]: ERROR Failed to access socket path:
/var/run/fail2ban/fail2ban.sock
error: error running non-shared postrotate script for /var/log/fail2ban.log
System shows "State: degraded" with logrotate.service as failed unit.
Ubuntu's current script:
postrotate
fail2ban-client flushlogs 1>/dev/null
endscript
Upstream version (since December 2013):
postrotate
fail2ban-client flushlogs 1>/dev/null || true
endscript
Reference:
https://github.com/fail2ban/fail2ban/blob/master/files/fail2ban-logrotate
The || true ensures the script doesn't fail when fail2ban isn't running, which
can happen during boot due to service timing.
** Affects: fail2ban (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2136998
Title:
fail2ban logrotate script missing "|| true" causing boot failures
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/2136998/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
