The startup script of fail2ban suppresses error messages from fail2ban-client. This leaves you clueless and searching for what the problem might be. Reproducible: Always Steps to Reproduce: heimdali init.d # ./fail2ban start * Caching service dependencies ... [ ok ] * Starting fail2ban ... * Failed to start fail2ban [ !! ] * ERROR: fail2ban failed to start heimdali init.d # tail /var/log/everything/current [...] Jan 11 16:10:07 [/etc/init.d/fail2ban] You have to create an init script for each container: Jan 11 16:10:07 [/etc/init.d/fail2ban] ln -s lxc /etc/init.d/lxc.container Jan 11 16:10:07 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start heimdali init.d # ln -s lxc lxc.acheron heimdali init.d # ./fail2ban stop * WARNING: fail2ban is already stopped heimdali init.d # ./fail2ban start * Caching service dependencies ... [ ok ] * Starting fail2ban ... * Failed to start fail2ban [ !! ] * ERROR: fail2ban failed to start heimdali init.d # ./fail2ban stop * WARNING: fail2ban is already stopped heimdali init.d # fail2ban-client start ERROR Failed during configuration: File contains no section headers. file: '/etc/fail2ban/paths-overrides.local', line: 1 'exim_main_log = /etc/lxc/acheron/rootfs/var/log/exim/exim_main.log\n' Actual Results: see above Expected Results: either fail2ban should start, or an error message should be printed or logged Please remove the redirection of the output of fail2ban-client to /dev/null from /etc/init.d/fail2ban, or replace it with a redirection to the system log. heimdali init.d # diff -u fail2ban my-fail2ban --- fail2ban 2015-01-08 20:49:39.989875693 +0100 +++ my-fail2ban 2015-01-11 16:32:13.828326302 +0100 @@ -38,19 +38,19 @@ # bug 347477 rm -rf /run/fail2ban/fail2ban.sock || return 1 fi - ${FAIL2BAN} start &> /dev/null + ${FAIL2BAN} start eend $? "Failed to start fail2ban" } stop() { ebegin "Stopping fail2ban" - ${FAIL2BAN} stop &> /dev/null + ${FAIL2BAN} stop eend $? "Failed to stop fail2ban" } reload() { ebegin "Reloading fail2ban" - ${FAIL2BAN} reload > /dev/null + ${FAIL2BAN} reload eend $? "Failed to reload fail2ban" }
For clarification: When there is an error (with the configuration of fail2ban), no error is reported anywhere other than that starting fail2ban failed. The actual error message one needs to see is being redirected to /dev/null, which is a bad idea.
Did you send that patch upstream yet?
(In reply to Jeroen Roovers from comment #2) > Did you send that patch upstream yet? Nope --- should I, and where would I send it to?
(In reply to lee from comment #3) > (In reply to Jeroen Roovers from comment #2) > > Did you send that patch upstream yet? > > Nope --- should I, and where would I send it to? https://github.com/fail2ban/fail2ban/issues
Fixed in 0.9.2-r1.
Reported upstream: https://github.com/fail2ban/fail2ban/pull/1311