1 |
Hi, |
2 |
|
3 |
I'm trying to get fail2ban to work on the host and keep getting error |
4 |
messages like: |
5 |
|
6 |
|
7 |
,---- |
8 |
| Jan 08 21:13:04 [/etc/init.d/fail2ban] You have to create an init script for each container: |
9 |
| Jan 08 21:13:04 [/etc/init.d/fail2ban] ln -s lxc /etc/init.d/lxc.container |
10 |
| Jan 08 21:13:05 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start |
11 |
`---- |
12 |
|
13 |
|
14 |
After 'ln -s lxc /etc/init.d/lxc.container', it says: |
15 |
|
16 |
|
17 |
,---- |
18 |
| Jan 08 21:17:08 [/etc/init.d/fail2ban] Unable to find a suitable configuration file. |
19 |
| Jan 08 21:17:08 [/etc/init.d/fail2ban] If you set up the container in a non-standard |
20 |
| Jan 08 21:17:08 [/etc/init.d/fail2ban] location, please set the CONFIGFILE variable. |
21 |
| Jan 08 21:17:09 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start |
22 |
`---- |
23 |
|
24 |
|
25 |
Naming the link 'lxc.acheron', with 'acheron' being the name of the |
26 |
container, gives the first error message again. The containers' |
27 |
configuration is at the default location: |
28 |
|
29 |
|
30 |
,---- |
31 |
| heimdali init.d # ls -la /etc/lxc/acheron/config |
32 |
| -rw-r--r-- 1 root root 967 5. Jan 01:14 /etc/lxc/acheron/config |
33 |
| heimdali init.d # |
34 |
`---- |
35 |
|
36 |
|
37 |
What am I missing? |
38 |
|
39 |
Shorewall is used on the host, exim is running in the container, and I |
40 |
want fail2ban (on the host) to look into the logfile of the exim which |
41 |
runs in the container: |
42 |
|
43 |
|
44 |
,---- |
45 |
| heimdali fail2ban # cat paths-overrides.local |
46 |
| exim_main_log = /etc/lxc/acheron/rootfs/var/log/exim/exim_main.log |
47 |
| heimdali fail2ban # |
48 |
`---- |
49 |
|
50 |
|
51 |
I don't want to run fail2ban in the container because the container must |
52 |
not mess with the firewall settings of the host. If a container can do |
53 |
that, then what's the point of having containers in the first place? |
54 |
|
55 |
|
56 |
BTW, why does Gentoo put containers under /etc? Containers aren't |
57 |
configuration files ... |
58 |
|
59 |
|
60 |
-- |
61 |
Again we must be afraid of speaking of daemons for fear that daemons |
62 |
might swallow us. Finally, this fear has become reasonable. |