Hi, I'm trying to get fail2ban to work on the host and keep getting error messages like:
,---- | Jan 08 21:13:04 [/etc/init.d/fail2ban] You have to create an init script for each container: | Jan 08 21:13:04 [/etc/init.d/fail2ban] ln -s lxc /etc/init.d/lxc.container | Jan 08 21:13:05 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start `---- After 'ln -s lxc /etc/init.d/lxc.container', it says: ,---- | Jan 08 21:17:08 [/etc/init.d/fail2ban] Unable to find a suitable configuration file. | Jan 08 21:17:08 [/etc/init.d/fail2ban] If you set up the container in a non-standard | Jan 08 21:17:08 [/etc/init.d/fail2ban] location, please set the CONFIGFILE variable. | Jan 08 21:17:09 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start `---- Naming the link 'lxc.acheron', with 'acheron' being the name of the container, gives the first error message again. The containers' configuration is at the default location: ,---- | heimdali init.d # ls -la /etc/lxc/acheron/config | -rw-r--r-- 1 root root 967 5. Jan 01:14 /etc/lxc/acheron/config | heimdali init.d # `---- What am I missing? Shorewall is used on the host, exim is running in the container, and I want fail2ban (on the host) to look into the logfile of the exim which runs in the container: ,---- | heimdali fail2ban # cat paths-overrides.local | exim_main_log = /etc/lxc/acheron/rootfs/var/log/exim/exim_main.log | heimdali fail2ban # `---- I don't want to run fail2ban in the container because the container must not mess with the firewall settings of the host. If a container can do that, then what's the point of having containers in the first place? BTW, why does Gentoo put containers under /etc? Containers aren't configuration files ... -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
