You are not logged in.
Hi,
I installed fail2ban.
All is fun with this service:
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service
[Service]
#CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW
#ReadOnlyDirectories=/
#ReadWriteDirectories=/var/run/fail2ban /var/lib/fail2ban /var/spool/postfix/maildrop /tmp /var/log/fail2ban
Type=forking
ExecStart=/usr/bin/fail2ban-client -x start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=always
[Install]
WantedBy=multi-user.target
but if you uncomment the capabilityboundingset, readonlydirectories and readwritedirectories, fail2ban does not start:
# systemctl status fail2ban -l
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Tue 2015-11-03 18:07:47 CET; 10s ago
Docs: man:fail2ban(1)
Main PID: 2790 (code=exited, status=0/SUCCESS)
Nov 03 18:07:47 mercuri systemd[1]: fail2ban.service: Control process exited, code=exited status=226
Nov 03 18:07:47 mercuri systemd[1]: Failed to start Fail2Ban Service.
Nov 03 18:07:47 mercuri systemd[1]: fail2ban.service: Unit entered failed state.
Nov 03 18:07:47 mercuri systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Nov 03 18:07:47 mercuri systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart.
Nov 03 18:07:47 mercuri systemd[1]: Stopped Fail2Ban Service.
Nov 03 18:07:47 mercuri systemd[1]: fail2ban.service: Start request repeated too quickly.
Nov 03 18:07:47 mercuri systemd[1]: Failed to start Fail2Ban Service.
Nov 03 18:07:47 mercuri systemd[1]: fail2ban.service: Unit entered failed state.
Nov 03 18:07:47 mercuri systemd[1]: fail2ban.service: Failed with result 'start-limit'.
So, what are the correct parameters in that service? Thanks,
Owning one OpenRC (artoo way) and other three systemd machines
Offline