fedora-users October 2011 archive
Main Archive Page > Month Archives  > fedora-users archives
fedora-users: Re: fail2ban vs. logrotate

Re: fail2ban vs. logrotate

From: Mikkel L. Ellertson <mellertson_at_nospam>
Date: Tue Oct 25 2011 - 15:12:42 GMT
To: users@lists.fedoraproject.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/25/2011 09:07 AM, Andre Speelmans wrote:
>> I was referring to the fail2ban RPM. This has to be a problem for
>> just about any installation that uses logrotate.
>
> Most daemons seem to use their own logfile and therefore can use their
> own logrotate configuration script in /etc/logrotate.d.
>
> But /var/log/secure is not handled by a specific daemon and thus is
> taken care of in the standard logrotate configuration. I don't know
> what effects it would give if you try to override it in a more
> specific configuration script. Might even not be possible. Or perhaps
> it is, hehe.
>
It is handled by syslogd.

> Anyway I think that when you depend on /var/log/secure (or any generic
> logfile), you can't do anything, except informing the users to change
> their configuration.
> To that extent you can either make it copy-truncate or add a
> postrotate script to restart/reload fail2ban.
>
It looks like you would have to modify the syslog logrotate script
and add a second command in the postrotate section after it restarts
syslogd. Does fail2ban accept a SIGHUP to close and reopen the log file?

Mikkel
- --

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6m0ekACgkQqbQrVW3JyMRk8gCggt47/wBV7UqswW6D3U4Xrnx2
60oAn3oquksi9g4NKoSGDc7hHYtZtyTV
=KQvl
-----END PGP SIGNATURE-----
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines