| 1 |
see https://bugs.gentoo.org/show_bug.cgi?id=536320 |
| 2 |
|
| 3 |
|
| 4 |
lee <lee@××××××××.de> writes: |
| 5 |
|
| 6 |
> Hi, |
| 7 |
> |
| 8 |
> I'm trying to get fail2ban to work on the host and keep getting error |
| 9 |
> messages like: |
| 10 |
> |
| 11 |
> |
| 12 |
> ,---- |
| 13 |
> | Jan 08 21:13:04 [/etc/init.d/fail2ban] You have to create an init script for each container: |
| 14 |
> | Jan 08 21:13:04 [/etc/init.d/fail2ban] ln -s lxc /etc/init.d/lxc.container |
| 15 |
> | Jan 08 21:13:05 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start |
| 16 |
> `---- |
| 17 |
> |
| 18 |
> |
| 19 |
> After 'ln -s lxc /etc/init.d/lxc.container', it says: |
| 20 |
> |
| 21 |
> |
| 22 |
> ,---- |
| 23 |
> | Jan 08 21:17:08 [/etc/init.d/fail2ban] Unable to find a suitable configuration file. |
| 24 |
> | Jan 08 21:17:08 [/etc/init.d/fail2ban] If you set up the container in a non-standard |
| 25 |
> | Jan 08 21:17:08 [/etc/init.d/fail2ban] location, please set the CONFIGFILE variable. |
| 26 |
> | Jan 08 21:17:09 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start |
| 27 |
> `---- |
| 28 |
> |
| 29 |
> |
| 30 |
> Naming the link 'lxc.acheron', with 'acheron' being the name of the |
| 31 |
> container, gives the first error message again. The containers' |
| 32 |
> configuration is at the default location: |
| 33 |
> |
| 34 |
> |
| 35 |
> ,---- |
| 36 |
> | heimdali init.d # ls -la /etc/lxc/acheron/config |
| 37 |
> | -rw-r--r-- 1 root root 967 5. Jan 01:14 /etc/lxc/acheron/config |
| 38 |
> | heimdali init.d # |
| 39 |
> `---- |
| 40 |
> |
| 41 |
> |
| 42 |
> What am I missing? |
| 43 |
> |
| 44 |
> Shorewall is used on the host, exim is running in the container, and I |
| 45 |
> want fail2ban (on the host) to look into the logfile of the exim which |
| 46 |
> runs in the container: |
| 47 |
> |
| 48 |
> |
| 49 |
> ,---- |
| 50 |
> | heimdali fail2ban # cat paths-overrides.local |
| 51 |
> | exim_main_log = /etc/lxc/acheron/rootfs/var/log/exim/exim_main.log |
| 52 |
> | heimdali fail2ban # |
| 53 |
> `---- |
| 54 |
> |
| 55 |
> |
| 56 |
> I don't want to run fail2ban in the container because the container must |
| 57 |
> not mess with the firewall settings of the host. If a container can do |
| 58 |
> that, then what's the point of having containers in the first place? |
| 59 |
> |
| 60 |
> |
| 61 |
> BTW, why does Gentoo put containers under /etc? Containers aren't |
| 62 |
> configuration files ... |
| 63 |
|
| 64 |
-- |
| 65 |
Again we must be afraid of speaking of daemons for fear that daemons |
| 66 |
might swallow us. Finally, this fear has become reasonable. |
Archives