The configuration backup (backup-config) is created only if the configuration has been changed.
Fail2ban “continuously” modify its database to keep tracks of bans.
As a result, the backup is updated every night if fail2ban is active.
This behavior renders the history of backups less useful.
While I could fix this excluding fail2ban db from the config backup, I’d like to move it away from the configuration database directory, because it doesn’t contain configurations.
I excluded the db in a test system, to confirm that the backup is created only if the config has changed.
I’d like to evaluate the option of moving the fail2ban db to a different path.
If this option is hard to implement, we could enhance the fail2ban package to exclude the db as I did.
# cat /etc/backup-config.d/custom.exclude /var/lib/nethserver/db/fail2ban