fuzzix.org

Jaws was never my scene and I don't like Star Wars
Subscribe

FreeBSD, fail2ban and newsyslog

Just a short note on FreeBSD's newsyslog and fail2ban, since I couldn't find this information on the interwebtubes.

Fail2ban does not respond to HUP/USR1 (or any other) signal to notify config or log changes. This sort of thing is achieved using fail2ban-client.

Newsyslog is geared towards the sending of signals, since that's what a *nix daemon would traditionally expect. Recently patched and working in newsyslog is the R flag, which allows you to provide a path to some executable instead of a PID file. Config for fail2ban in /etc/newsyslog.conf now looks like this:

# logfilename         mode count size when  flags [/pid_file] [sig_num]
/var/log/fail2ban.log 600  5     500  $W0D5 JR    /usr/local/bin/fail2ban-logrotate.sh

Contents of /usr/local/bin/fail2ban-logrotate.sh are simply:

#!/bin/sh

/usr/local/bin/fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null

Something doesn't sit right about this approach but it appears to do the business. Better ideas welcome in the comments.

OpenBSD's newsyslog appears to allow any free form command as long as it's wrapped in double quotes. Handy.

by fuzzix on Mon, 13 Jan 2014 12:45.

Comments

Scotter
Thu, 26 Jun 2014 08:53

Thanks, been looking for a solution to this found about 18 months!


Dmytro Lavryk
Wed, 02 Mar 2016 08:38

Great idea! Thank you!


Perth
Wed, 26 Oct 2016 02:14

Thank you!


Comment on this post

Text only, no HTML, * denotes a required field.

Name *
Email Address *
Website
Mystery box, leave it alone!