Issue creating systemd service files
Tomasz Torcz
tomek at pipebreaker.pl
Wed Mar 6 07:48:53 UTC 2013
On Tue, Mar 05, 2013 at 07:48:04PM -0800, David Highley wrote:
> We are attempting to create systemd files for an ssh port monitoring
> process. When we enable and attempt to start the service we get multiple
> executions of the daemon and systemctl does not return until we do a
> control-c. The init script and our attempt at replacement:
> ============ sshdfilter.service ===================
>
> [Unit]
> Description=sshdfilter Daemon
> Documentation=file://usr/share/doc/sshdfilter-1.5.7/INSTALL.Fedora
> DefaultDependencies=no
>
> [Service]
> Type=forking
> PIDFile=/var/run/sshdfilter.SSHD.pid
> ExecStart=/sbin/sshdfilter
> NotifyAccess=all
>
> [Install]
> WantedBy=multi-user.target
>
Couple of comments:
- Why DefaultDependencies=no? It is almost certainly wrong
- NotifyAccess= make sense only with Type=notify; I doubt sshdfilter
has systemd notification bits implemented
(real paths should be /run and /usr/sbin, but it doesn't really matter
for your case).
> ============ sshdfilter.socket ===================
>
> [Unit]
> Description=sshdfilter Named Pipe
> Documentation=file:///usr/share/doc/sshdfilter-1.5.7/INSTALL.Fedora
> DefaultDependencies=no
> After=syslog.target
>
> [Socket]
> ListenFIFO=/var/run/sshdfilter.fifo
> SocketMode=0644
again, DefDeps are no-no.
syslog is always available
To debug further, you should provide "systemctl status" outputs for
socket and service units.
Oh, and there is always "tallow" program for blocking brute force ssh - it
reads journal directly. It is very bare, though, for example it has not support
for IPv6 blocking.
--
Tomasz Torcz Morality must always be based on practicality.
xmpp: zdzichubg at chrome.pl -- Baron Vladimir Harkonnen
More information about the devel
mailing list