mirror of https://github.com/fail2ban/fail2ban
Merge pull request #1618 from sebres/_0.10/systemd-service
sebres
commit
b856e1dadc
10
ChangeLog
10
ChangeLog
|
|
@ -29,6 +29,16 @@ TODO: implementing of options resp. other tasks from PR #1346
|
||||||
environment (without lock)
|
environment (without lock)
|
||||||
* Fixed sporadically error in testCymruInfoNxdomain, because of unsorted values
|
* Fixed sporadically error in testCymruInfoNxdomain, because of unsorted values
|
||||||
* Misleading errors logged from ignorecommand in success case on retcode 1 (gh-1194)
|
* Misleading errors logged from ignorecommand in success case on retcode 1 (gh-1194)
|
||||||
|
* fail2ban.service - systemd service updated (gh-1618):
|
||||||
|
- starting service in normal mode (without forking)
|
||||||
|
- does not restart if service exited normally (exit-code 0, e.g. stopped via fail2ban-client)
|
||||||
|
- does not restart if service can not start (exit-code 255, e.g. wrong configuration, etc.)
|
||||||
|
- service can be additionally started/stopped with commands (fail2ban-client, fail2ban-server)
|
||||||
|
- automatically creates `/var/run/fail2ban` directory before start fail2ban
|
||||||
|
(systems with virtual resp. memory-based FS for `/var/run`), see gh-1531
|
||||||
|
- if fail2ban running as systemd-service, for logging to the systemd-journal,
|
||||||
|
the `logtarget` could be set to STDOUT
|
||||||
|
- value `logtarget` for system targets allowed also in lowercase (stdout, stderr, syslog, etc.)
|
||||||
|
|
||||||
### New Features
|
### New Features
|
||||||
* IPv6 support:
|
* IPv6 support:
|
||||||
|
|
|
||||||
|
|
@ -297,6 +297,7 @@ class Fail2banCmdLine():
|
||||||
def exit(code=0):
|
def exit(code=0):
|
||||||
logSys.debug("Exit with code %s", code)
|
logSys.debug("Exit with code %s", code)
|
||||||
# because of possible buffered output in python, we should flush it before exit:
|
# because of possible buffered output in python, we should flush it before exit:
|
||||||
|
logging.shutdown()
|
||||||
sys.stdout.flush()
|
sys.stdout.flush()
|
||||||
sys.stderr.flush()
|
sys.stderr.flush()
|
||||||
# exit
|
# exit
|
||||||
|
|
|
||||||
|
|
@ -530,17 +530,19 @@ class Server:
|
||||||
# @param target the logging target
|
# @param target the logging target
|
||||||
|
|
||||||
def setLogTarget(self, target):
|
def setLogTarget(self, target):
|
||||||
|
# check reserved targets in uppercase, don't change target, because it can be file:
|
||||||
|
systarget = target.upper()
|
||||||
with self.__loggingLock:
|
with self.__loggingLock:
|
||||||
# don't set new handlers if already the same
|
# don't set new handlers if already the same
|
||||||
# or if "INHERITED" (foreground worker of the test cases, to prevent stop logging):
|
# or if "INHERITED" (foreground worker of the test cases, to prevent stop logging):
|
||||||
if self.__logTarget == target:
|
if self.__logTarget == target:
|
||||||
return True
|
return True
|
||||||
if target == "INHERITED":
|
if systarget == "INHERITED":
|
||||||
self.__logTarget = target
|
self.__logTarget = target
|
||||||
return True
|
return True
|
||||||
# set a format which is simpler for console use
|
# set a format which is simpler for console use
|
||||||
fmt = "%(asctime)s %(name)-24s[%(process)d]: %(levelname)-7s %(message)s"
|
fmt = "%(asctime)s %(name)-24s[%(process)d]: %(levelname)-7s %(message)s"
|
||||||
if target == "SYSLOG":
|
if systarget == "SYSLOG":
|
||||||
# Syslog daemons already add date to the message.
|
# Syslog daemons already add date to the message.
|
||||||
fmt = "%(name)s[%(process)d]: %(levelname)s %(message)s"
|
fmt = "%(name)s[%(process)d]: %(levelname)s %(message)s"
|
||||||
facility = logging.handlers.SysLogHandler.LOG_DAEMON
|
facility = logging.handlers.SysLogHandler.LOG_DAEMON
|
||||||
|
|
@ -559,9 +561,9 @@ class Server:
|
||||||
"Syslog socket file: %s does not exists"
|
"Syslog socket file: %s does not exists"
|
||||||
" or is not a socket" % self.__syslogSocket)
|
" or is not a socket" % self.__syslogSocket)
|
||||||
return False
|
return False
|
||||||
elif target == "STDOUT":
|
elif systarget == "STDOUT":
|
||||||
hdlr = logging.StreamHandler(sys.stdout)
|
hdlr = logging.StreamHandler(sys.stdout)
|
||||||
elif target == "STDERR":
|
elif systarget == "STDERR":
|
||||||
hdlr = logging.StreamHandler(sys.stderr)
|
hdlr = logging.StreamHandler(sys.stderr)
|
||||||
else:
|
else:
|
||||||
# Target should be a file
|
# Target should be a file
|
||||||
|
|
|
||||||
|
|
@ -5,12 +5,16 @@ After=network.target iptables.service firewalld.service
|
||||||
PartOf=iptables.service firewalld.service
|
PartOf=iptables.service firewalld.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=forking
|
Type=simple
|
||||||
ExecStart=/usr/bin/fail2ban-client -x start
|
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
|
||||||
|
ExecStart=/usr/bin/fail2ban-server -xf start
|
||||||
|
# if should be logged in systemd journal, use following line or set logtarget to stdout in fail2ban.local
|
||||||
|
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=stdout start
|
||||||
ExecStop=/usr/bin/fail2ban-client stop
|
ExecStop=/usr/bin/fail2ban-client stop
|
||||||
ExecReload=/usr/bin/fail2ban-client reload
|
ExecReload=/usr/bin/fail2ban-client reload
|
||||||
PIDFile=/var/run/fail2ban/fail2ban.pid
|
PIDFile=/var/run/fail2ban/fail2ban.pid
|
||||||
Restart=always
|
Restart=on-failure
|
||||||
|
RestartPreventExitStatus=0 255
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,9 @@ pidfile path
|
||||||
logging level
|
logging level
|
||||||
.HP
|
.HP
|
||||||
\fB\-\-logtarget\fR <FILE>|STDOUT|STDERR|SYSLOG
|
\fB\-\-logtarget\fR <FILE>|STDOUT|STDERR|SYSLOG
|
||||||
|
logging target
|
||||||
|
.br
|
||||||
|
Note. If fail2ban running as systemd-service, for logging to the systemd-journal, the logtarget could be set to STDOUT
|
||||||
.HP
|
.HP
|
||||||
\fB\-\-syslogsocket\fR auto|<FILE>
|
\fB\-\-syslogsocket\fR auto|<FILE>
|
||||||
.TP
|
.TP
|
||||||
|
|
|
||||||
|
|
@ -130,7 +130,9 @@ The items that can be set are:
|
||||||
verbosity level of log output: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG, TRACEDEBUG, HEAVYDEBUG or corresponding numeric value (50-5). Default: ERROR (equal 40)
|
verbosity level of log output: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG, TRACEDEBUG, HEAVYDEBUG or corresponding numeric value (50-5). Default: ERROR (equal 40)
|
||||||
.TP
|
.TP
|
||||||
.B logtarget
|
.B logtarget
|
||||||
log target: filename, SYSLOG, STDERR or STDOUT. Default: STDERR
|
log target: filename, SYSLOG, STDERR or STDOUT. Default: STDOUT if not set in fail2ban.conf/fail2ban.local
|
||||||
|
.br
|
||||||
|
Note. If fail2ban running as systemd-service, for logging to the systemd-journal, the logtarget could be set to STDOUT
|
||||||
.br
|
.br
|
||||||
Only a single log target can be specified.
|
Only a single log target can be specified.
|
||||||
If you change logtarget from the default value and you are using logrotate -- also adjust or disable rotation in the
|
If you change logtarget from the default value and you are using logrotate -- also adjust or disable rotation in the
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue