SubscribeFreeBSD, fail2ban and newsyslog
Just a short note on FreeBSD's newsyslog and fail2ban, since I couldn't find this information on the interwebtubes.
Fail2ban does not respond to HUP/USR1 (or any other) signal to notify config or log changes. This sort of thing is achieved using fail2ban-client.
Newsyslog is geared towards the sending of signals, since that's what a *nix daemon would traditionally expect. Recently patched and working in newsyslog is the R flag, which allows you to provide a path to some executable instead of a PID file. Config for fail2ban in /etc/newsyslog.conf now looks like this:
# logfilename mode count size when flags [/pid_file] [sig_num]
/var/log/fail2ban.log 600 5 500 $W0D5 JR /usr/local/bin/fail2ban-logrotate.sh
Contents of /usr/local/bin/fail2ban-logrotate.sh are simply:
#!/bin/sh
/usr/local/bin/fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null
Something doesn't sit right about this approach but it appears to do the business. Better ideas welcome in the comments.
OpenBSD's newsyslog appears to allow any free form command as long as it's wrapped in double quotes. Handy.
Comments
Thu, 26 Jun 2014 09:53
Wed, 02 Mar 2016 09:38
Wed, 26 Oct 2016 03:14
Comment on this post
Text only, no HTML, * denotes a required field.