FS#31409 - [sshguard] new systemd service silently stops working when no syslog daemon is running
Attached to Project:
Community Packages
Opened by Abdó Roig-Maranges (abdo) - Tuesday, 04 September 2012, 14:56 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Thursday, 15 November 2012, 08:54 GMT
Opened by Abdó Roig-Maranges (abdo) - Tuesday, 04 September 2012, 14:56 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Thursday, 15 November 2012, 08:54 GMT
|
Details
Description:
sshguard systemd service file watches /var/log/auth.log. However systemd replaces syslog with the journal. Although both can run together, systemd is perfectly happy without syslog. This means no auth.log. As it is now, sshguard.service neither depends on syslog nor uses the journal, so on systems without syslog, sshguard stands there silently doing nothing. sshguard should use the journal, which is part of systemd and is always there. When I installed systemd, I hacked together a service file that watches the journal for sshd messages and feeds them to sshguard. See the attachment. I'm not sure if it is the best way to do it though... maybe some systemd expert can help? Additional info: * package version(s) 1.5-4 Steps to reproduce: Run sshguard service an a systemd installation without syslog daemon running, and observe it doing nothing. 
sshguard-systemd.tar.gz
(0.5 KiB)
|
This task depends upon
Closed by Massimiliano Torromeo (mtorromeo)
Thursday, 15 November 2012, 08:54 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#31733
Thursday, 15 November 2012, 08:54 GMT
Reason for closing: Duplicate
Additional comments about closing:
If I have to choose, I would rather make it depend on syslog if there is no cleaner solution.
You can always use your service file and ignore the one dispatched with the sshguard package if you prefer but if we put syslog as a dependency you cannot choose not to install it.
journalctl -f SYSLOG_IDENTIFIER=sshd SYSLOG_IDENTIFIER=imapd | /usr/sbin/sshguard -l - -b /var/db/sshguard/blacklist.db $@
or, maybe easier, just forget about filtering and feed everything to sshguard
journalctl -f | /usr/sbin/sshguard -l - -b /var/db/sshguard/blacklist.db $@
I do strongly believe the sshguard service should use the journal by default. It seems more right to me, once you commit to the systemd way, as then syslog becomes an extra optional layer over the journal. Also running without syslog doesn't sound that rare, one may want to keep the journal on ram and get rid of syslog writes on disk, for example. In the future it may even be the default. Using sshguard with the journal, enables both sysloggers and non-sysloggers to use the same service file. Oherwise, non-sysloggers must write their own, as I did. What I suggested seems rather clean to me. It is a shell one-liner after all. I don't quite like having to use an external shell script, but having to run syslog and keeping duplicate logs (journal + syslog) just for sshguard seems much worse.
Anyway, personal preferences aside, the problem with the current state of things is that someone who gets rid of syslog and blindly trusts the service file will end up with a non-functional sshguard without warning.
Oh, and just to clarify, I didn't meant a package dependency on syslog, I meant a systemd dependency on a syslog daemon. This way syslog would not be installed by force, but sshguard should refuse to start if no syslog daemon is running.
I think its worth to test/check sshguard-journalctl is its really working as it should.