Apr/100
Fail2ban does not start after reboot
This problem was identified with the following configuration:
Ubuntu 8.04
fail2ban
Problem: After fail2ban install, everything works fine, but after reboot fail2ban does not start. Manual /etc/init.d/fail2ban restart fails also.
Cause: Fail2ban looks for fail2ban.sock in
/var/run/fail2ban/
During reboot, that directory is removed. Fail2ban assumes it is there and fails on restart.
Solution: Make sure the directory exists during start of fail2ban. Edit the init.d for fail2ban to fix this.
sudo vi /etc/init.d/fail2ban
Find the do_start option.
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
do_status && return 1
if [ -e "$SOCKFILE" ]; then
log_failure_msg "Socket file $SOCKFILE is present"
[ "$1" = "force-start" ] \
&& log_success_msg "Starting anyway as requested" \
|| return 2
DAEMON_ARGS="$DAEMON_ARGS -x"
fi
start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
$DAEMON_ARGS start > /dev/null\
|| return 2
return 0
}
Add the following after the if statement.
# Assure that /var/run/fail2ban exists
[ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban
Finally, it should look like this
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
do_status && return 1
if [ -e "$SOCKFILE" ]; then
log_failure_msg "Socket file $SOCKFILE is present"
[ "$1" = "force-start" ] \
&& log_success_msg "Starting anyway as requested" \
|| return 2
DAEMON_ARGS="$DAEMON_ARGS -x"
fi
# Assure that /var/run/fail2ban exists
[ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban
start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
$DAEMON_ARGS start > /dev/null\
|| return 2
return 0
}
Now restart and it should work.
sudo /etc/init.d/fail2ban restart
Just for kicks, see how /var/run has the newly created fail2ban directory.
sudo ls /var/run
Apr/100
Changing Mysql data directory require change to AppArmor
After a bit of googling and hair-pulling, I realized that if I just changed the datadir directive in my.cnf will cause mysql start to fail on Ubuntu. The other thing is to add permissions to apparmor for mysql to access the new data directories.
Steps
1. sudo vi /etc/apparmor.d/usr.sbin.mysqld
2. Add
/newdir/ r,
/newdir/** rwk,
3. sudo /etc/init.d/apparmor restart
4. sudo /etc/init.d/mysql restart
If that still does not work, check the nix permissions to be sure mysql is owner and group for the new directory recursively.