| 1 |
Hi, |
| 2 |
|
| 3 |
I'm trying to get fail2ban to work on the host and keep getting error |
| 4 |
messages like: |
| 5 |
|
| 6 |
|
| 7 |
,---- |
| 8 |
| Jan 08 21:13:04 [/etc/init.d/fail2ban] You have to create an init script for each container: |
| 9 |
| Jan 08 21:13:04 [/etc/init.d/fail2ban] ln -s lxc /etc/init.d/lxc.container |
| 10 |
| Jan 08 21:13:05 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start |
| 11 |
`---- |
| 12 |
|
| 13 |
|
| 14 |
After 'ln -s lxc /etc/init.d/lxc.container', it says: |
| 15 |
|
| 16 |
|
| 17 |
,---- |
| 18 |
| Jan 08 21:17:08 [/etc/init.d/fail2ban] Unable to find a suitable configuration file. |
| 19 |
| Jan 08 21:17:08 [/etc/init.d/fail2ban] If you set up the container in a non-standard |
| 20 |
| Jan 08 21:17:08 [/etc/init.d/fail2ban] location, please set the CONFIGFILE variable. |
| 21 |
| Jan 08 21:17:09 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start |
| 22 |
`---- |
| 23 |
|
| 24 |
|
| 25 |
Naming the link 'lxc.acheron', with 'acheron' being the name of the |
| 26 |
container, gives the first error message again. The containers' |
| 27 |
configuration is at the default location: |
| 28 |
|
| 29 |
|
| 30 |
,---- |
| 31 |
| heimdali init.d # ls -la /etc/lxc/acheron/config |
| 32 |
| -rw-r--r-- 1 root root 967 5. Jan 01:14 /etc/lxc/acheron/config |
| 33 |
| heimdali init.d # |
| 34 |
`---- |
| 35 |
|
| 36 |
|
| 37 |
What am I missing? |
| 38 |
|
| 39 |
Shorewall is used on the host, exim is running in the container, and I |
| 40 |
want fail2ban (on the host) to look into the logfile of the exim which |
| 41 |
runs in the container: |
| 42 |
|
| 43 |
|
| 44 |
,---- |
| 45 |
| heimdali fail2ban # cat paths-overrides.local |
| 46 |
| exim_main_log = /etc/lxc/acheron/rootfs/var/log/exim/exim_main.log |
| 47 |
| heimdali fail2ban # |
| 48 |
`---- |
| 49 |
|
| 50 |
|
| 51 |
I don't want to run fail2ban in the container because the container must |
| 52 |
not mess with the firewall settings of the host. If a container can do |
| 53 |
that, then what's the point of having containers in the first place? |
| 54 |
|
| 55 |
|
| 56 |
BTW, why does Gentoo put containers under /etc? Containers aren't |
| 57 |
configuration files ... |
| 58 |
|
| 59 |
|
| 60 |
-- |
| 61 |
Again we must be afraid of speaking of daemons for fear that daemons |
| 62 |
might swallow us. Finally, this fear has become reasonable. |
Archives