[SRU] fail2ban fails to start after reboot

This bug was fixed in the package fail2ban - 0.8.2-3

---------------
fail2ban (0.8.2-3) unstable; urgency=low

  * Changes propagated from upstream trunk (future 0.8.3):
    - Fixed "fail2ban-client get <jail> logpath". Bug #1916986.
    - Changed some log level.
    - Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to
      Dennis Winter.
    - Fixed PID file while started in daemon mode. Thanks to Christian
      Jobic who submitted a similar patch (closes: #479703)
    - Added gssftpd filter. Thanks to Kevin Zembower.
    - Process failtickets as long as failmanager is not empty.
  * Assure that /var/run/fail2ban exists upon start (LP: #222804, #223706)

 -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 07 May 2008 06:55:47 +0100

Please add this update to the Ubuntu archive for download. I removed fail2ban on my system and then reinstalled it. Fail2Ban v0.8.2 with the bug is still downloading, as of 05/16/08.

This appears to still not be fixed, as of this writing.

Agreed, my systems have not seen this bug fixed yet either.

Here's my patch for this, for those who can't wait for 0.8.2-3 to be released.

Note that this is only the second ever patch I've written, so if it is wrong, please point me to resources to help me improve.

There is also a further fail2ban bug #234122 for which I have written a patch, which alters the default jail.conf so that it no longer assumes iptables is installed (fail2ban does not depend on iptables, so the default enabled ssh jail should use banaction=hostsdeny instead).

David, Matt:

It looks like this fix has been released in Debian unstable. It doesn't look like this is going to make it into hardy, unless someone manages to get it through the SRU process:

https://wiki.ubuntu.com/StableReleaseUpdates

In the meantime, I've simply downloaded the Debian package and installed it:

http://packages.debian.org/sid/fail2ban

-Forest

I see no reason this shouldn't meet the SRU requirements. Particularly, this one:
- Bugs which represent severe regressions from the previous release of Ubuntu. This includes packages which are totally unusuable, like being uninstallable or crashing on startup.

A program which doesn't start at all without manual intervention is a pretty severe regression, IMO. Not to mention that Hardy is an LTS release.

Ok, so what do we do now? It's still is not fixed..... It works for me when I install, but when I reboot the server it's broken.

Set to HIGH, because this is a security tool, and you can feel that it's working, but not !

This is actually fixed in 0.8.2-3 in Intrepid, so I'm marking it as Fix Released as per the bug triage process. If you want it in Hardy, someone needs to add a milestone I think, and I don't know how to do that

As Matt LaPlante pointed out above, this should be eligible for a SRU, as the bug is a regression from a previous version

ISSUE: fail2ban does not restart after reboot because of /var/run being a tmpfs, so no pid file can be created. I have attached the debdiff which fixes this issue. This has been backported from intrepid.

TEST CASE:

1. Install fail2ban
2. Reboot
3. Restart fail2ban after reboot see if it starts.

ACK from motu-sru.

On Ubuntu 8.04.1 I downloaded and installed the package for Intrepid Ibex and now it works.

http://fr.archive.ubuntu.com/ubuntu/pool/universe/f/fail2ban/fail2ban_0.8.3-2_all.deb

I'm not sure why this keeps getting marked fix released, it IS NOT fixed, the bug is filed against Hardy.

David - It is marked 'Fix Released' because it is fixed in Intrepid. However, there is a separate status for Hardy, which is still set to 'Confirmed'.

Chuck,
According to https://launchpad.net/ubuntu/hardy/+queue?queue_state=4&queue_text=fail2ban, your upload was rejected on 2008-09-03. Please sort it out and re-upload. If you cannot take care of that reasonably quickly (the sru process started more than 3 months ago!), please tell us so that someone else can do the work. Thanks.

What is needed to get this simple fix into Hardy 8.04.2? This is just annoying, on every server this has to be changed on install. Please fix ASAP.

Apparently nothing will get this fixed. Short of a developer having to do this on their own server.

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Rocco
Sent: Sunday, October 19, 2008 10:57 AM
To: <email address hidden>
Subject: [Bug 222804] Re: [SRU] fail2ban fails to start after reboot

What is needed to get this simple fix into Hardy 8.04.2? This is just
annoying, on every server this has to be changed on install. Please fix
ASAP.

--
[SRU] fail2ban fails to start after reboot
https://bugs.launchpad.net/bugs/222804
You received this bug notification because you are a direct subscriber
of the bug.

This is due to an incorrectly done patch being ACK'ed earlier. The archive admins were right to reject it:

+fail2ban (0.8.2-2ubuntu1) hardy-proposed; urgency=low

Version should be -2ubuntu0.1 from -2.

+
+ * debian/fail2ban.init: fail2ban doesnt restart after reboot because
+ of /var/run (LP: #22804)
Bug number is incorrect (222804).

Please make these corrections and re-upload

~motu-sru

John

I will take care of this tonight if nobody else has done already.

John,

Please find revised debdiff attached. All I have done is correct the bug report number and version number in the changelog, as requested. I've credited Chuck Short as he did the original patch.

Thanks for stepping up to the plate on this, Chris. Ack from ~motu-sru for Chris's debdiff.

Sponsored Chris' fix in hardy-proposed.

Accepted into hardy-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

The fix in fail2ban 0.8.2-2ubuntu0.1 works for me. Thanks.

+1
Also work for me.
Thanks

fail2ban 0.8.2-2ubuntu0.1 works fine for me to! Thanks a lot!

Copied to hardy-updates.

Guys, on Ubuntu 8.04.4 LTS updated today, this is still not corrected! Is there any problem with the proposed patch?

@spyder, Ensure you have hardy-updates repository enabled, this should allow you to update to 0.8.2-2ubuntu0.1 which contains the fix.