Bug 985567
Summary: | RFE: backport systemd journal support (or update to 0.9.0), make journal default datasource | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matthew Miller <mattdm> |
Component: | fail2ban | Assignee: | Orion Poplawski <orion> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | axel.thimm, daniel, herrold, jonathan.underwood, orion, sauchter, zbyszek |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | https://github.com/fail2ban/fail2ban/issues/318 | ||
Whiteboard: | |||
Fixed In Version: | 0.9-3 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-27 15:26:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matthew Miller
2013-07-17 19:00:39 UTC
I'm building fail2ban-0.9-0.1.gitd529151.fc20 now. I've not yet made the journal the default - I'd like to get more testing on that first. I have added a requires on systemd-python to bring in journal support though. I'm okay with more testing. Maybe turn it on in Rawhide after the branch? Just depends on when things are ready. I can't get systemd backend to work at the moment. See the URL/upstream bug. So, what's the status here? I've packaged a git snapshot of the upcoming 0.9 release in F20+ that can use the systemd back end, and that seems to work. I have not done extensive testing though so feedback is welcome. 0.9 hopefully will released not too far from now. I don't want to make systemd the default backend with out more testing. apologies for the massive 0.9.0 delay. We've finally done a upstream release. Up to you now Orion I'm hung up on some test failures, but will get 0.9 built soon. I'd like to get some testing on that, then push 0.9 to F20, then perhaps enable systemd by default for rawhide. I'm not sure how much I want to deviate from upstream in this regard though. Built without tests for now. Sorry about the test failures.
> how much I want to deviate from upstream in this regard though.
Given there's non-linux systems using fail2ban we'll probably not do it by default. You could do a /etc/fail2ban/jail.d/00-systemd.conf with the following however.
[sshd]
backend=systemd
[otherjournaljail]
backend=systemd
We're considering spliting fail2ban into many sub-packages. One would be a fail2ban-systemd package with: /etc/fail2ban/jail.d/00-systemd.conf: [DEFAULT] backend=systemd This would be installed by default, but could be removed. Daniel - Is it important for the file to be 00-systemd.conf for ordering purposes, or could it be fedora-systemd.conf? > Daniel - Is it important for the file to be 00-systemd.conf for ordering purposes, or could it be fedora-systemd.conf? The files in .d/* directory are parsed in order by filename. fedora-systemd.conf will work just as well. We've pretty much documented that .conf files are for packagers/distro maintainers and users can overide with .local files if desired. > We're considering spliting fail2ban into many sub-packages. are you considering a filter and action sub-packages? Considering how independent these are from the core that maybe something we can support upstream too. |