On Tue, Mar 05, 2013 at 07:48:04PM -0800, David Highley wrote: > We are attempting to create systemd files for an ssh port monitoring > process. When we enable and attempt to start the service we get multiple > executions of the daemon and systemctl does not return until we do a > control-c. The init script and our attempt at replacement: > ============ sshdfilter.service =================== > > [Unit] > Description=sshdfilter Daemon > Documentation=file://usr/share/doc/sshdfilter-1.5.7/INSTALL.Fedora > DefaultDependencies=no > > [Service] > Type=forking > PIDFile=/var/run/sshdfilter.SSHD.pid > ExecStart=/sbin/sshdfilter > NotifyAccess=all > > [Install] > WantedBy=multi-user.target > Couple of comments: - Why DefaultDependencies=no? It is almost certainly wrong - NotifyAccess= make sense only with Type=notify; I doubt sshdfilter has systemd notification bits implemented (real paths should be /run and /usr/sbin, but it doesn't really matter for your case). > ============ sshdfilter.socket =================== > > [Unit] > Description=sshdfilter Named Pipe > Documentation=file:///usr/share/doc/sshdfilter-1.5.7/INSTALL.Fedora > DefaultDependencies=no > After=syslog.target > > [Socket] > ListenFIFO=/var/run/sshdfilter.fifo > SocketMode=0644 again, DefDeps are no-no. syslog is always available To debug further, you should provide "systemctl status" outputs for socket and service units. Oh, and there is always "tallow" program for blocking brute force ssh - it reads journal directly. It is very bare, though, for example it has not support for IPv6 blocking. -- Tomasz Torcz Morality must always be based on practicality. xmpp: zdzichubg@xxxxxxxxx -- Baron Vladimir Harkonnen -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
