I believe that currently the only way to get the systemd python bindings installed on Clear Linux is to bundle-add ansible. Could you just add this to the base distro or add a separate bundle for it?
Adding it to the base (
os-core) would make every ClearLinux OS system to install
python whether they needed it or not, so that is not an option.
So, this should be a separate bundle. May I ask what this is actually needed for?
One package that uses it is fail2ban. But any python application that wants access to the systemd libraries needs it. By the way, it would be nice to also have a bundle for fail2ban (https://github.com/fail2ban/fail2ban).
ClearLinux ships by default with
tallow - a light-weight alternative to
fail2ban that doesn’t require python. It’s extensible and uses the journal API without the need for python bindings. Try and see if that fits your needs, since, you already have it installed and running on your system.
Can tallow be configured to monitor logs from services other than sshd? That’s what fail2ban offers that tallow appears to be missing.
tallow follows the
journal. Everything that logs to the journal can therefore be monitored.
We have added configurations for
sshd because, that’s the obvious use case. But we also add one for
dovecot here: https://github.com/clearlinux/tallow/blob/3ffb46e8e7abfdc6032cb7ff7ddc26eb5a1f7a48/data/dovecot.json
I’ve actually made a
nginx tallow rule for my personal stuff at some point. These can be added to servers at runtime (they’re JSON formatted). The docs aren’t up 2 date to reflect this feature, yet, since it’s relatively (few months) new.
If you have any good ideas about new rulesets, please, propose them or post them to the github project - https://github.com/clearlinux/tallow
@puneetse was so kind to write out this man page explaining the pattern format: