thank a lot we will see later, I need exterior views on other questions @filippo_carletti @giacomo @devteam
I'm looking to have something workable following the kiss vision, the less needed admin action. In short you install the service apache (for example) and the apache fail2ban jail is activated.
For that in my template, I'm looking after the status of apache and also after the status of each jail
The status of each jail is important because we cannot activate all jails at the same time (some are redundant, other not wanted, the time grows for starting the fail2ban service following the number of jails) and at the end I want to let the choice to the admin if he wants this jail or not.
My issue concerns how expand the templates and restart the service of fail2ban when you install a new rpm, OR change the status of a service (runlevel-adjust) OR if you change the port of a service (event firewall-adjust).
With all modules installed, fail2ban takes 13 second for restarting, around 8-10 seconds for reloading its configuration...this is where is my problem.
If I use the runlevel-adjust AND the firewall-adjust in the same time, the template and the service will be expanded/restarted two times when I install a rpm and 25 seconds can be a really long time to wait.
Therefore I see few solutions
- Launch the event nethserver-fail2ban-save manually after each module installation. I don't like this solution.
- If the action 'shorewall' is used, all ports are blocked to the attacker, I don't need to specify the port number, so expanding/restarting the template/service of fail2ban when you change a tcp port is useless...I can avoid the 'firewall-adjust' event and use only the runlevel-adjust.
my other question is relative to the db properties I made, for now I did a lot of db but with fall back options in the templates, I wonder I didn't make too much. Generally speaking I make only visible properties for the status, others are hidden, but it needs to read the documentation if you want find them.
Of course at the end, a panel could be made...