Sergey G. Brester
Sergey G. Brester
> and recognized that **all** directory and file permissions **on Linux** are set to 0755 (-rwxr-xr-x) Hmm... Which directories and files did you mean exactly? Really **all** files on your...
Hmm... What are the default permission for files inside /etc/fail2ban (or subfolders)? Maybe some default ACLs set (`getfacl /etc/fail2ban/filter.d/`)? Or what do you see if you'd simply create a file...
Found in folder where I created the merged build, that all config files are indeed with o+x, however only for owner (e. g. 744 and not as you show 755)....
will be fixed within new release (I adjusted the build-scripts to control it)
I don't think the chain can have more than 1 hook (must be verified yet), so firstly the idea were: - either to use the same set in both chains...
Yep, as assumed 2 hooks seem to be impossible, PoC: ```bash # nft add table inet f2b-table # nft -- add chain inet f2b-table f2b-chain \{ type filter hook \{...
Just to provide a workaround for possibility to share common set for 2 actions (with different hooks): ```ini [jail] banaction = nftables action = %(action_)s[actname="-inp", chain="f2b-chain", chain_hook="input"] %(action_)s[actname="-fwd", chain="f2b-chain-fwd", chain_hook="forward",...
By the way, we don't starting daemon by forking anymore... where it is possible it'd be started in foreground (with `-f` parameter), see for example: https://github.com/fail2ban/fail2ban/blob/6fce23e7baa484c7d1f9b0c9a11986f3916c41dd/files/fail2ban.service.in#L11 Only old init.d scripts...
> Considering that Debian 12 has been the stable Debian version for 7 months, it's probably a good idea to pull that fix in. Probably. @fail2ban/maintainers, @sylvestre what do you...
As my forecast said, it is happening here - #3891 (after update a jail sees nothing, because default backend has become `systemd`, so monitoring journal, whereas the jail was intended...