Koozali.org: home of the SME Server

mailman and fail2ban services becoming disabled

Offline holck

  • ****
  • 317
  • +1/-0
mailman and fail2ban services becoming disabled
« on: May 21, 2022, 10:30:18 PM »
When I do a signal-event post-upgrade, my mailman and fail2ban services seem to become disabled even though they are marked enabled in the configuration db.

I guess it has to do with the script /etc/e-smith/events/actions/fix-startup, see the fragment below. The script goes through all the services, and if, e.g. for mailman, the file /lib/systemd/system/multi-user.target.wants/mailman.service exists, runs the command
Code: [Select]
# systemctl disable mailman.serviceOn my server, I have both /lib/systemd/system/multi-user.target.wants/mailman.service and /lib/systemd/system/multi-user.target.wants/fail2ban.service

/etc/e-smith/events/actions/fix-startup
Code: [Select]
foreach my $service (@d)
{
my $sv=$service->{'name'};
next if $sv eq 'bootstrap-console';
$sv=  $equivalent->{$sv} || $sv;
foreach (qw(multi-user sme-server))
{
  if (-e "/lib/systemd/system/$_.target.wants/$sv.service")
  {
    system(qw(systemctl disable), $sv);
  }
  elsif (-e "/etc/systemd/system/$_.target.wants/$sv.service")
  {
    system(qw(systemctl disable), $sv);
  }
  elsif (-e "/etc/init.d/$sv")
  {
    my $dropoutput = `/usr/sbin/chkconfig $sv off 2>/dev/null`;
  }
}
}
« Last Edit: May 21, 2022, 10:41:17 PM by holck »
......

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: mailman and fail2ban services becoming disabled
« Reply #1 on: May 22, 2022, 01:07:00 AM »
are those manual installation or from contribs?

as usual
/sbin/e-smith/audittools/templates

also might be interesting to get output of

# /etc/e-smith/events/actions/systemd-default





we do not use multi-user target on SME so the wants link you point are unrelated to your issue.   we use our own target sme-server.target

Offline holck

  • ****
  • 317
  • +1/-0
Re: mailman and fail2ban services becoming disabled
« Reply #2 on: May 22, 2022, 08:49:23 AM »
Hello, thanks for helping with this

Both mailman and fail2ban are installed as contribs:
Code: [Select]
# rpm -V mailman
S.5....T.  c /etc/mailman/templates/da/subscribeack.txt
.M....G..  c /usr/lib/mailman/Mailman/mm_cfg.py
......G..    /usr/lib/mailman/Mailman/mm_cfg.pyc
..5....T.    /usr/lib/mailman/messages/da/LC_MESSAGES/mailman.po
warning: Duplicate username or UID for user apache
.M.......    /var/lock/mailman
.M.......    /var/run/mailman

# rpm -V smeserver-mailman

# rpm -V fail2ban-server
S.5....T.  c /etc/fail2ban/fail2ban.conf
S.5....T.  c /etc/fail2ban/jail.conf
S.5....T.  c /etc/logrotate.d/fail2ban

# rpm -V smeserver-fail2ban
S.5....T.  c /var/log/fail2ban/daemon.

# /etc/e-smith/events/actions/systemd-default
Removed symlink /etc/systemd/system/multi-user.target.wants/mailman.service.


......

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: mailman and fail2ban services becoming disabled
« Reply #3 on: May 22, 2022, 11:49:55 AM »
i assume Sme is up to date

config getprop mailman status
config getprop fail2ban status

systemctl cat mailman

systemctl status mailman


systemctl cat fail2ban


systemctl status fail2ban

Offline holck

  • ****
  • 317
  • +1/-0
Re: mailman and fail2ban services becoming disabled
« Reply #4 on: May 22, 2022, 12:21:58 PM »
Code: [Select]
# yum update
Loaded plugins: fastestmirror, post-transaction-actions, priorities, smeserver
Loading mirror speeds from cached hostfile
 * base: mirror.one.com
 * smeaddons: ibsgaarden.dk
 * smeextras: ibsgaarden.dk
 * smeos: ibsgaarden.dk
 * smeupdates: ibsgaarden.dk
 * updates: mirror.one.com

base                                                                                                              | 3.6 kB  00:00:00     
remi-safe                                                                                                         | 3.0 kB  00:00:00     
smeaddons                                                                                                         | 2.9 kB  00:00:00     
smeextras                                                                                                         | 3.1 kB  00:00:00     
smeos                                                                                                             | 3.1 kB  00:00:00     
smeupdates                                                                                                        | 2.9 kB  00:00:00     
updates                                                                                                           | 2.9 kB  00:00:00     
No packages marked for update
Both my mailman and fail2ban are enabled in the configuration database now, because I set it manually yesterday.
Code: [Select]
# /sbin/e-smith/config getprop mailman status
enabled
# /sbin/e-smith/config getprop fail2ban status
enabled
Code: [Select]
# systemctl cat mailman
# /usr/lib/systemd/system/mailman.service
[Unit]
Description=GNU Mailing List Manager
After=syslog.target network.target

[Service]
ExecStartPre=/usr/lib/mailman/bin/mailman-update-cfg
ExecStartPre=/usr/bin/install -m644 -o root -g root /usr/lib/mailman/cron/cronta
ExecStartPre=/bin/touch /var/log/mailman/error
ExecStartPre=/bin/chown mailman:mailman /var/log/mailman/error
ExecStartPre=/bin/chmod 660 /var/log/mailman/error
ExecStart=/usr/lib/mailman/bin/mailmanctl -s start
ExecReload=/usr/lib/mailman/bin/mailmanctl restart
ExecStop=/usr/lib/mailman/bin/mailman-update-cfg
ExecStop=/usr/lib/mailman/bin/mailmanctl stop
ExecStop=/bin/sh -c 'echo -e "# DO NOT EDIT THIS FILE!\n#\n# Contents of this fi
Type=forking

[Install]
WantedBy=multi-user.target
Code: [Select]
# systemctl status mailman
● mailman.service - GNU Mailing List Manager
   Loaded: loaded (/usr/lib/systemd/system/mailman.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2022-05-21 20:38:32 CEST; 15h ago
 Main PID: 19301 (mailmanctl)
   CGroup: /system.slice/mailman.service
           ├─19301 /usr/bin/python2 /usr/lib/mailman/bin/mailmanctl -s start
           ├─19302 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Arc...
           ├─19303 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Bou...
           ├─19304 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Com...
           ├─19305 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Inc...
           ├─19306 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=New...
           ├─19307 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Out...
           ├─19308 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Vir...
           └─19309 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Ret...

May 21 20:38:31 sme10.ibsgaarden.dk systemd[1]: Starting GNU Mailing List Ma....
May 21 20:38:32 sme10.ibsgaarden.dk mailmanctl[19299]: Starting Mailman's mas...
May 21 20:38:32 sme10.ibsgaarden.dk systemd[1]: Started GNU Mailing List Man....
Hint: Some lines were ellipsized, use -l to show in full.
Code: [Select]
# systemctl cat fail2ban
# /usr/lib/systemd/system/fail2ban.service
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
PartOf=firewalld.service

[Service]
Type=simple
Environment="PYTHONNOUSERSITE=1"
ExecStartPre=/bin/mkdir -p /run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255

[Install]
WantedBy=multi-user.target
Code: [Select]
# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2022-05-21 10:07:22 CEST; 1 day 2h ago
     Docs: man:fail2ban(1)
 Main PID: 9459 (fail2ban-server)
   CGroup: /system.slice/fail2ban.service
           └─9459 /usr/bin/python2 -s /usr/bin/fail2ban-server -xf start

May 21 10:07:22 sme10.ibsgaarden.dk systemd[1]: Starting Fail2Ban Service...
May 21 10:07:22 sme10.ibsgaarden.dk systemd[1]: Started Fail2Ban Service.
May 21 10:07:23 sme10.ibsgaarden.dk fail2ban-server[9459]: Server ready
« Last Edit: May 22, 2022, 03:00:14 PM by holck »
......

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: mailman and fail2ban services becoming disabled
« Reply #5 on: May 22, 2022, 03:20:18 PM »
you are missing dropin files for both contribs to add WantedBy=sme-server.target


what says

rpm -q smeserver-fail2ban
rpm -q smeserver-mailman

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: mailman and fail2ban services becoming disabled
« Reply #6 on: May 22, 2022, 03:52:20 PM »
/etc/e-smith/events/actions/fix-startup is not related, it is for services still using legacy sysvinit. mostly contribs that have not been correctly migrated to systemd. 

it only act on services listed in rc7.d

Offline holck

  • ****
  • 317
  • +1/-0
Re: mailman and fail2ban services becoming disabled
« Reply #7 on: May 23, 2022, 08:33:03 AM »
Code: [Select]
$ rpm -q smeserver-fail2ban
smeserver-fail2ban-0.1.18-25.el7.sme.noarch
$ rpm -q smeserver-mailman
smeserver-mailman-1.5.0-11.el7.sme.noarch
......

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: mailman and fail2ban services becoming disabled
« Reply #8 on: May 23, 2022, 08:29:37 PM »
while they should have this dropin file, i do not have it neither on my installs and it is shown as enabled.

so things to check would be :
systemctl get-default


and
ll /etc/rc.d/rc7.d/

example from one of my install


however i had the fail2ban 13 release. updated it.post upgrade and  rebooted. still enabled. 

also to note your mailman is not up todate. should be 15

Code: [Select]
# systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2022-05-21 21:50:28 EDT; 1 day 11h ago
     Docs: man:fail2ban(1)
 Main PID: 1784 (f2b/server)
   Memory: 19.3M
   CGroup: /system.slice/fail2ban.service
           └─1784 /usr/bin/python2 -s /usr/bin/fail2ban-server -xf start

Offline holck

  • ****
  • 317
  • +1/-0
Re: mailman and fail2ban services becoming disabled
« Reply #9 on: May 23, 2022, 09:16:34 PM »
Thanks again for all  the effort you've put into SME, and still continuing :-)

Code: [Select]
# systemctl get-default
sme-server.target

# ll /etc/rc.d/rc7.d
total 0
lrwxrwxrwx 1 root root 28 Jul  6  2021 S80squeezeboxserver -> /etc/init.d/squeezeboxserver (broken link)
lrwxrwxrwx 1 root root 32 Apr 12 09:42 S98mailman -> /etc/rc.d/init.d/e-smith-service

My mailman version comes from the rpm versioned "mailman-2.1.15-30.el7_9.2.x86_64".
« Last Edit: May 23, 2022, 09:21:07 PM by holck »
......

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: mailman and fail2ban services becoming disabled
« Reply #10 on: May 24, 2022, 12:24:28 AM »
update smeserver-mailman to release 15 should fix your issue because of the old rc7.d link


delete the dead link S80squeezeboxserver as you are there too