I can open douane-configurator and see the options to start/stop the daemon. However I am unable to start the douane daemon service. The installation did put a douane executable file in /etc/init.d.
If I run
sudo systemctl start douane
I get:
Job for douane service failed.
If I issue
systemctl status douane.service
, here is what I get
douane.service - SYSV: douane is the daemon process of the Douane firewall application. This firewall is limiting access to the internet on application bases.
Loaded: loaded (/etc/init.d/douane)
Active: failed (Result: exit-code) since Tue 2017-01-17 19:26:15 MST; 1min 8s ago
Process: 12977 ExecStart=/etc/init.d/douane start (code=exited, status=127)
It seems the installation is based on Debian system and the init script might need some tweaking. I am hoping that someone can look at the init script and advise on what to change or tweak to make it work with the Leap 42.1. Thanks a lot in advance.
#!/bin/bash
#
# douane This shell script takes care of starting and stopping
# douane daemon (A modern firewall at application layer)
#
# Author: Guillaume Hain zedtux@zedroot.org
#
# description: douane is the daemon process of the Douane firewall application. \
# This firewall is limiting access to the internet on application bases.
# Source function library.
. /lib/lsb/init-functions
NAME=douaned
DOUANEDIR=/opt/douane
DAEMON=$DOUANEDIR/$NAME
PIDDIR=$DOUANEDIR/pids
PIDFILE=$PIDDIR/$NAME.pid
DOUANEOPTIONS="-D"
case "$1" in
start)
log_daemon_msg "Starting the $NAME daemon"
# Load kernel module if not already loaded
-z "$(lsmod | grep douane)" ]] && modprobe douane
# Creating the pids folder is not existing
if ! -e $PIDDIR ]; then
mkdir $PIDDIR
chown root $PIDDIR
fi
FULL_COMMAND="start-stop-daemon --start --oknodo --startas $DAEMON --make-pidfile --background --umask 0 --nicelevel -20 --pidfile $PIDFILE -- $DOUANEOPTIONS"
x"$DAEMON_USER" != x ]] && sudo -u $DAEMON_USER $FULL_COMMAND || $FULL_COMMAND
log_end_msg $?
;;
stop)
log_daemon_msg "Stopping $NAME daemon"
start-stop-daemon --retry 30 --stop --pidfile $PIDFILE
# Remove PID file is remaining
-a $PIDFILE ]] && rm $PIDFILE
log_end_msg $?
;;
status)
status_of_proc $DAEMON $NAME
;;
restart)
stop
start
;;
*)
echo "Unknown argument -- $1"
echo "Usage: {start|stop|status|restart}"
exit 1
;;
esac
exit $?
Thanks for trying to help.
I figured that start-stop-daemon is not going to work and I did play around with startproc.
Within the directory /etc/init.d, If I run
sudo startproc douane start
I get
startproc: cannot execute douane: No such file or directory
But I see the file douane there in /etc/init.d
If I run
sudo ./douane start
I get
redirecting to systemctl start .service
./douane: line 23: log_daemon_msg: command not found
./douane: line 32: start-stop-daemon: command not found
./douane: line 33: log_end_msg: command not found
I am completely ignorant about these scripts.
For me to test around, can anyone suggest what Leap-friendly commands should I replace log_daemon_msg, start-stop-daemon and log_end_msg with?
> Thanks for trying to help.
> I figured that start-stop-daemon is not going to work and I did play
> around with startproc.
>
> Within the directory /etc/init.d, If I run
>
> Code:
> --------------------
> sudo startproc douane start
> --------------------
>
>
> I get
>
> Code:
> --------------------
> startproc: cannot execute douane: No such file or directory
> --------------------
>
>
> But I see the file douane there in /etc/init.d
>
> If I run
>
> Code:
> --------------------
> sudo ./douane start
> --------------------
>
>
> I get
>
> Code:
> --------------------
>
> redirecting to systemctl start .service
> ./douane: line 23: log_daemon_msg: command not found
> ./douane: line 32: start-stop-daemon: command not found
> ./douane: line 33: log_end_msg: command not found
> --------------------
>
>
> I am completely ignorant about these scripts.
> For me to test around, can anyone suggest what Leap-friendly commands
> should I replace log_daemon_msg, start-stop-daemon and log_end_msg with?
>
>
I would suggest to write a native systemd service file instead of trying to convert a (overly) complicated init script from Debian to openSUSE.
It’s not that hard (in fact much easier than writing init scripts).
Some pointers:
read “man systemd.service”
read “man systemd.unit”
There are good Tutorials on how to handel units/service files, as a starting point, you could use
That was my initial reaction, but the script tries to do some things like auto-restart on its own if it stops unexpectedly.
Just me, but I’d think that modular code practice should be followed… The script should be placed somewhere else and not be written into the Unit file, Unit files are supposed to be configuration files calling functions, not contain functions. the way it’s done now is akin to “spaghetti code.”
FWIW, I don’t know if it’s a problem but the script also doesn’t define $DAEMON_USER.
The OP should check to make sure that value is defined somewhere or else it’s another point of failure.
>
> That was my initial reaction, but the script tries to do some things
> like auto-restart on its own if it stops unexpectedly.
Read man systemd.service (Section “Restart=”)
>
> FWIW, I don’t know if it’s a problem but the script also doesn’t define
> $DAEMON_USER.
> The OP should check to make sure that value is defined somewhere or else
> it’s another point of failure.
Or one uses the “User=” feature of systemd (of course, the user has to exist,
but that is independant of the init system).
AK
–
Never attribute to malice that which can be adequately explained by stupidity.
(R.J. Hanlon)
Note that it is assumed the daemon is located in /usr/local/ directory in this .service file, and it is launched as root. You could add ‘Restart=always’ if desired I guess.
I created a douane.service file in /etc/systemd/system. I revised the script douane.service to point to the douaned daemon file in my local directory. Now when I fire up the douane.configurator and turn on the ‘ON’ swicth, I get the message in console
redirecting to systemctl start douane.service
and I don’t see any error messages. However ps -ax|grep daemond does not show any douaned running either.
Now I went and started the daemon by
sudo douaned
in the folder that had the actual douaned file and all my network locked up. The douane configurator shows the switch as ‘ON’. I could not connect to the internet or to the local network. There was no notification pop up from Douane either.
I rebooted, network was back to normal.
I tried sudo daemond again, but this time it did not take effect. Network is active. I saw the following logged in /var/log/douane.log at the very end.
19/01/2017 00:54:43 INFO: Loaded 0 rules
19/01/2017 00:54:43 ERROR: Error while calling sendmsg: Connection refused
19/01/2017 00:54:43 ERROR: Unable to send message
19/01/2017 00:55:20 INFO: The log file is /var/log/douane.log
19/01/2017 00:55:20 INFO: Loaded 299 Freedesktop desktop files
19/01/2017 00:55:20 ERROR: Unable to load rules: /usr/include/boost/property_tree/json_parser/detail/parser.hpp(47): Throw in function void boost::property_tree::json_parser::detail::source<Encoding, Iterator, Sentinel>::parse_error(const char*) [with Encoding = boost::property_tree::json_parser::detail::encoding<char>; Iterator = std::istreambuf_iterator<char, std::char_traits<char> >; Sentinel = std::istreambuf_iterator<char, std::char_traits<char> >]
Dynamic exception type: boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<boost::property_tree::json_parser::json_parser_error> >
std::exception::what: <unspecified file>(2): expected value
19/01/2017 00:55:20 INFO: Loaded 0 rules
19/01/2017 00:55:20 ERROR: Error while calling sendmsg: Connection refused
19/01/2017 00:55:20 ERROR: Unable to send message
It’s not a script, it’s a service file, processed by systemd. Just to clarify, you used the .service file as described in the blog? Or modified in some way?
Now when I fire up the douane.configurator and turn on the ‘ON’ swicth, I get the message in console
Code:
redirecting to systemctl start douane.service
and I don’t see any error messages. However ps -ax|grep daemond does not show any douaned running either.
Did you remove the original script (/etc/init.d/douane)?
Sorry for the ambiguity.
What I meant is that the file douane.service in /etc/systemd/system has a modified line in ExecStart line that points to the daemon file located in my home folder.
Is there any other douane like personal firewall available that has known to work with Leap that I can try? I tried configuring lpfw and that was even worse to install.
First thing I’m noticing is that there are a great many dependencies which can’t be met with available packages which would likely prevent successful compilation.
Wondering where you’re getting
policykit development headers
log4cxx, both the app and the development headers
And how you imported the recommended modules
GTKTwitterbox
GTK+
pygobject3 (openSUSE can provide pygobject2 only), may be available from Python repos(?)
Also, a quick Google search suggests that no one has reported compiling and/or installing on an RPM-based distro.
Since there are Arch packages, it might be possible to extract those on to a distro, but that would require closer inspection.