Skip to content

bug report: Configuring fail2ban logrotate rotate count and interval Error #4522

Closed
#4523
Closed
bug report: Configuring fail2ban logrotate rotate count and interval Error#4522
#4523
Labels
area/scriptskind/bug/reportA report about a bugservice/security/fail2ban
@SpeedyGonzaless

Description

@SpeedyGonzaless
SpeedyGonzaless
opened on Jul 10, 2025

📝 Preliminary Checks

  • I tried searching for an existing issue and followed the debugging docs advice, but still need assistance.

👀 What Happened?

I am trying to run docker mail server with disabled FAIL2BAN, but it fails on startup with these 2 last logs:

2025-07-10 17:01:55+02:00 TRACE start-mailserver.sh: Configuring fail2ban logrotate rotate count and interval
2025-07-10 17:01:56,407 WARN exited: mailserver (exit status 1; not expected)

I have checked source code

function __setup__security__fail2ban() {
  if [[ ${ENABLE_FAIL2BAN} -eq 1 ]]; then
    _log 'debug' 'Enabling and configuring Fail2Ban'

    if [[ -e /tmp/docker-mailserver/fail2ban-fail2ban.cf ]]; then
      _log 'trace' 'Custom fail2ban-fail2ban.cf found'
      cp /tmp/docker-mailserver/fail2ban-fail2ban.cf /etc/fail2ban/fail2ban.local
    fi

    if [[ -e /tmp/docker-mailserver/fail2ban-jail.cf ]]; then
      _log 'trace' 'Custom fail2ban-jail.cf found'
      cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.d/user-jail.local
    fi

    if [[ ${FAIL2BAN_BLOCKTYPE} != 'reject' ]]; then
      _log 'trace' "Setting fail2ban blocktype to 'drop'"
      echo -e '[Init]\nblocktype = drop' >/etc/fail2ban/action.d/nftables-common.local
    fi

    echo '[Definition]' >/etc/fail2ban/filter.d/custom.conf
  else
    _log 'debug' 'Fail2Ban is disabled'
    rm -f /etc/logrotate.d/fail2ban
  fi
  _log 'trace' 'Configuring fail2ban logrotate rotate count and interval'
  [[ ${LOGROTATE_COUNT} -ne 4 ]]          && sedfile -i "s|rotate 4$|rotate ${LOGROTATE_COUNT}|" /etc/logrotate.d/fail2ban
  [[ ${LOGROTATE_INTERVAL} != "weekly" ]] && sedfile -i "s|weekly$|${LOGROTATE_INTERVAL}|"       /etc/logrotate.d/fail2ban
}

and do I understand correctly that when ENABLE_FAIL2BAN is disabled you delete rm -f /etc/logrotate.d/fail2ban and then try to change this file? Was there any reason to try to change logrotate rules when FAIL2BAN is disabled?

👟 Reproduction Steps

No response

🐋 DMS Version

15.0.2

💻 Operating System and Architecture

Debian 11

⚙️ Container configuration files



📜 Relevant log output


2025-07-10 17:01:55+02:00 TRACE start-mailserver.sh: Configuring fail2ban logrotate rotate count and interval
2025-07-10 17:01:56,407 WARN exited: mailserver (exit status 1; not expected)

Metadata
Metadata
Assignees
No one assigned
    Labels
    area/scriptskind/bug/reportA report about a bugservice/security/fail2ban
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions