ClearOS Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0009541ClearOSapp-attack-detector - Attack Detectorpublic2016-07-08 06:512017-05-01 07:13
Assigned To 
PlatformOSOS Version
Product Version7.2.0 
Target VersionFixed in Version 
Summary0009541: Restarting the firewall wipes all f2b chains and rules
DescriptionIf you install and start app-attack-detector all the usual fail2ban (f2b) iptables rules and chains are created. If you restart the firewall they all get deleted and not not recreated. This is a standard f2b issue. You need to drop a 10-f2b type of rule (perhaps with a higher number so it runs later) into /etc/clearos/firewall.d with the systemd equivalent of "service fail2ban reload" in it. This will recreate the rules and chains on each firewall restart.
Steps To ReproduceInstall and start app-attack-detector with some rules enabled.
Restart the firewall.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
NickH (reporter)
2016-07-08 07:08

Actually the "service fail2ban reload" is not ideal as you don't want to reload it if you have it disabled but there is not a condrestart option so you'd need to do your own pidof test (or some other means) to check if it was running in the first place before reloading.
NickH (reporter)
2016-07-09 07:07

If fail2ban is not running then doing a reload is safe as it does not start the process, but throws an error because it is not running.

pidof does not work, probably because it is a python process rather than a process in its own right.

The following works but would be better converted to systemd format:

[ -e /run/fail2ban/ ] && service fail2ban reload
NickH (reporter)
2016-10-20 07:18

I've just got 7.x up and running. Using the systemctl command:

systemctl reload fail2ban.service

in /etc/clearos/firewall.d/20-something does not work. The process just hangs. Appending a "&" allows it to work:

systemctl reload fail2ban.service &

I have not yet checked out a conditional command to see if fail2ban is already running. Really it should not be reloaded if it is not running.
NickH (reporter)
2017-04-19 12:05
edited on: 2017-05-01 07:11

Please can this be escalated? To me it is more than a minor bug and it makes the app useless. In my VM, the firewall clearly restarts at least once during boot up so the app is immediately useless as its firewall chains are wiped during the boot up.

There is currently a job ticket, 553549, where app-attack-detector would really help - if it worked.

NickH (reporter)
2017-05-01 07:13

In 7.x the following works in my /etc/clearos/firewall.d/30-fail2ban:
[ -e /var/run/fail2ban/ ] && systemctl reload fail2ban.service &

- Issue History
Date Modified Username Field Change
2016-07-08 06:51 NickH New Issue
2016-07-08 07:08 NickH Note Added: 0003601
2016-07-09 07:07 NickH Note Added: 0003631
2016-08-17 09:47 pbaldwin Status new => acknowledged
2016-10-20 07:18 NickH Note Added: 0004051
2017-04-19 12:05 NickH Note Added: 0005401
2017-05-01 07:12 NickH Note Edited: 0005401 View Revisions
2017-05-01 07:13 NickH Note Added: 0005471