Fail2ban triggers backup-config run every night


(Filippo Carletti) #1

The configuration backup (backup-config) is created only if the configuration has been changed.
Fail2ban “continuously” modify its database to keep tracks of bans.
As a result, the backup is updated every night if fail2ban is active.
This behavior renders the history of backups less useful.

While I could fix this excluding fail2ban db from the config backup, I’d like to move it away from the configuration database directory, because it doesn’t contain configurations.

I excluded the db in a test system, to confirm that the backup is created only if the config has changed.

I’d like to evaluate the option of moving the fail2ban db to a different path.
If this option is hard to implement, we could enhance the fail2ban package to exclude the db as I did.

# cat /etc/backup-config.d/custom.exclude 

(Stéphane de Labrusse) #2

let’s think of it, dashboard card created

(Stéphane de Labrusse) #3

I use already a specific folder to store the json file, let’s use it for the new database, the cons is to use the db command the path is a quite long, but I use it only to debug, so …

[root@ns7loc13 ~]# db /var/lib/nethserver/fail2ban/fail2ban show

Please someone to verify this issue