Please help me with a init script!

I am trying to install a personal firewall called Douane. I managed to install all the dependencies and install all the modules as instructed here:

https://github.com/Douane/Douane/wiki/Dependencies

I can open douane-configurator and see the options to start/stop the daemon. However I am unable to start the douane daemon service. The installation did put a douane executable file in /etc/init.d.

If I run

sudo systemctl start douane

I get:

Job for douane service failed.

If I issue

systemctl status douane.service

, here is what I get

douane.service - SYSV: douane is the daemon process of the Douane firewall application. This firewall is limiting access to the internet on application bases.
   Loaded: loaded (/etc/init.d/douane)
   Active: failed (Result: exit-code) since Tue 2017-01-17 19:26:15 MST; 1min 8s ago
  Process: 12977 ExecStart=/etc/init.d/douane start (code=exited, status=127)

It seems the installation is based on Debian system and the init script might need some tweaking. I am hoping that someone can look at the init script and advise on what to change or tweak to make it work with the Leap 42.1. Thanks a lot in advance.

#!/bin/bash
#
# douane      This shell script takes care of starting and stopping
#             douane daemon (A modern firewall at application layer)
#
# Author: Guillaume Hain zedtux@zedroot.org
#
# description: douane is the daemon process of the Douane firewall application. \
# This firewall is limiting access to the internet on application bases.

# Source function library.
. /lib/lsb/init-functions

NAME=douaned
DOUANEDIR=/opt/douane
DAEMON=$DOUANEDIR/$NAME
PIDDIR=$DOUANEDIR/pids
PIDFILE=$PIDDIR/$NAME.pid
DOUANEOPTIONS="-D"

case "$1" in
    start)
        log_daemon_msg "Starting the $NAME daemon"
        # Load kernel module if not already loaded
         -z "$(lsmod | grep douane)" ]] && modprobe douane
        # Creating the pids folder is not existing
        if  ! -e $PIDDIR ]; then
            mkdir $PIDDIR
            chown root $PIDDIR
        fi
        FULL_COMMAND="start-stop-daemon --start --oknodo --startas $DAEMON --make-pidfile --background --umask 0 --nicelevel -20 --pidfile $PIDFILE -- $DOUANEOPTIONS"
         x"$DAEMON_USER" != x ]] && sudo -u $DAEMON_USER $FULL_COMMAND || $FULL_COMMAND
        log_end_msg $?
        ;;
    stop)
        log_daemon_msg "Stopping $NAME daemon"
        start-stop-daemon --retry 30 --stop --pidfile $PIDFILE
        # Remove PID file is remaining
         -a $PIDFILE ]] && rm $PIDFILE
        log_end_msg $?
        ;;
    status)
        status_of_proc $DAEMON $NAME
        ;;
    restart)
        stop
        start
        ;;
    *)
        echo "Unknown argument -- $1"
        echo "Usage:  {start|stop|status|restart}"
        exit 1
        ;;
esac
exit $?

What happens if you attempt to run the script manually?

/etc/init.d/douane start

Actually, I can see now that ‘start-stop-daemon’ is not a valid command

 FULL_COMMAND="start-stop-daemon --start --oknodo --startas $DAEMON --make-pidfile --background --umask 0 --nicelevel -20 --pidfile $PIDFILE -- $DOUANEOPTIONS"

so this will need adjusting to get ‘douaned’ launched. I’ll leave the other forum gurus to advise more specifically on this.

This might be your friend for openSUSE…

man startproc

Thanks for trying to help.
I figured that start-stop-daemon is not going to work and I did play around with startproc.

Within the directory /etc/init.d, If I run

sudo startproc  douane start

I get

startproc: cannot execute douane: No such file or directory

But I see the file douane there in /etc/init.d

If I run

sudo ./douane start

I get


redirecting to systemctl start .service
./douane: line 23: log_daemon_msg: command not found
./douane: line 32: start-stop-daemon: command not found
./douane: line 33: log_end_msg: command not found

I am completely ignorant about these scripts.
For me to test around, can anyone suggest what Leap-friendly commands should I replace log_daemon_msg, start-stop-daemon and log_end_msg with?

Am Wed, 18 Jan 2017 16:16:02 GMT
schrieb kmallick <kmallick@no-mx.forums.microfocus.com>:

> Thanks for trying to help.
> I figured that start-stop-daemon is not going to work and I did play
> around with startproc.
>
> Within the directory /etc/init.d, If I run
>
> Code:
> --------------------
> sudo startproc douane start
> --------------------
>
>
> I get
>
> Code:
> --------------------
> startproc: cannot execute douane: No such file or directory
> --------------------
>
>
> But I see the file douane there in /etc/init.d
>
> If I run
>
> Code:
> --------------------
> sudo ./douane start
> --------------------
>
>
> I get
>
> Code:
> --------------------
>
> redirecting to systemctl start .service
> ./douane: line 23: log_daemon_msg: command not found
> ./douane: line 32: start-stop-daemon: command not found
> ./douane: line 33: log_end_msg: command not found
> --------------------
>
>
> I am completely ignorant about these scripts.
> For me to test around, can anyone suggest what Leap-friendly commands
> should I replace log_daemon_msg, start-stop-daemon and log_end_msg with?
>
>

I would suggest to write a native systemd service file instead of trying to convert a (overly) complicated init script from Debian to openSUSE.

It’s not that hard (in fact much easier than writing init scripts).

Some pointers:

  • read “man systemd.service”

  • read “man systemd.unit”

There are good Tutorials on how to handel units/service files, as a starting point, you could use

https://wiki.archlinux.org/index.php/Systemd

AK


Never attribute to malice that which can be adequately explained by stupidity. (R.J. Hanlon)

That was my initial reaction, but the script tries to do some things like auto-restart on its own if it stops unexpectedly.
Just me, but I’d think that modular code practice should be followed… The script should be placed somewhere else and not be written into the Unit file, Unit files are supposed to be configuration files calling functions, not contain functions. the way it’s done now is akin to “spaghetti code.”

FWIW, I don’t know if it’s a problem but the script also doesn’t define $DAEMON_USER.
The OP should check to make sure that value is defined somewhere or else it’s another point of failure.

TSU

Am Wed, 18 Jan 2017 17:36:02 GMT
schrieb tsu2 <tsu2@no-mx.forums.microfocus.com>:

>
> That was my initial reaction, but the script tries to do some things
> like auto-restart on its own if it stops unexpectedly.

Read man systemd.service (Section “Restart=”)

>
> FWIW, I don’t know if it’s a problem but the script also doesn’t define
> $DAEMON_USER.
> The OP should check to make sure that value is defined somewhere or else
> it’s another point of failure.

Or one uses the “User=” feature of systemd (of course, the user has to exist,
but that is independant of the init system).

AK


Never attribute to malice that which can be adequately explained by stupidity.
(R.J. Hanlon)

Here’s a nice little blog about Douane (per-application firewall)

http://www.dedoimedo.com/computers/linux-per-application-firewall.html

It includes a description of a minimal douane.service file description (/etc/systemd/system/douane.service)

[Unit]
Description=Douane Daemon

[Service]
Type=simple
ExecStart=/usr/local/douane/douaned -l /var/log/douane.log -D
Nice=-20
UMask=0
        
[Install]
WantedBy=multi-user.target

Note that it is assumed the daemon is located in /usr/local/ directory in this .service file, and it is launched as root. You could add ‘Restart=always’ if desired I guess.

I note that as douane is work-in-progress, some claim to have had issues with it causing freezing and it appears to log prolifically…
https://github.com/Douane/douane-daemon/issues/3
https://github.com/Douane/Douane/issues/40

Thanks for all your advice and suggestions.

I created a douane.service file in /etc/systemd/system. I revised the script douane.service to point to the douaned daemon file in my local directory. Now when I fire up the douane.configurator and turn on the ‘ON’ swicth, I get the message in console

redirecting to systemctl start douane.service

and I don’t see any error messages. However ps -ax|grep daemond does not show any douaned running either.

Now I went and started the daemon by

sudo douaned

in the folder that had the actual douaned file and all my network locked up. The douane configurator shows the switch as ‘ON’. I could not connect to the internet or to the local network. There was no notification pop up from Douane either.

I rebooted, network was back to normal.
I tried sudo daemond again, but this time it did not take effect. Network is active. I saw the following logged in /var/log/douane.log at the very end.


19/01/2017 00:54:43  INFO: Loaded 0 rules
19/01/2017 00:54:43 ERROR: Error while calling sendmsg: Connection refused
19/01/2017 00:54:43 ERROR: Unable to send message
19/01/2017 00:55:20  INFO: The log file is /var/log/douane.log
19/01/2017 00:55:20  INFO: Loaded 299 Freedesktop desktop files
19/01/2017 00:55:20 ERROR: Unable to load rules: /usr/include/boost/property_tree/json_parser/detail/parser.hpp(47): Throw in function void boost::property_tree::json_parser::detail::source<Encoding, Iterator, Sentinel>::parse_error(const char*) [with Encoding = boost::property_tree::json_parser::detail::encoding<char>; Iterator = std::istreambuf_iterator<char, std::char_traits<char> >; Sentinel = std::istreambuf_iterator<char, std::char_traits<char> >]
Dynamic exception type: boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<boost::property_tree::json_parser::json_parser_error> >
std::exception::what: <unspecified file>(2): expected value

19/01/2017 00:55:20  INFO: Loaded 0 rules
19/01/2017 00:55:20 ERROR: Error while calling sendmsg: Connection refused
19/01/2017 00:55:20 ERROR: Unable to send message

Where do I go from here? Any suggestion?

It’s not a script, it’s a service file, processed by systemd. Just to clarify, you used the .service file as described in the blog? Or modified in some way?

Now when I fire up the douane.configurator and turn on the ‘ON’ swicth, I get the message in console

Code:

redirecting to systemctl start douane.service

and I don’t see any error messages. However ps -ax|grep daemond does not show any douaned running either.

Did you remove the original script (/etc/init.d/douane)?

I used the same .service file mentioned in the blog, except I pointed it to the right location of the douaned daemon file in my local home directory.

No I didn’t. Should I?

Hi
This is probably the crux of your issues if you have not installed the application… home and system are two different things and ownership…

You need to have the self created systemd service file in /etc/systemd/system and file ownership set…

Sorry for the ambiguity.
What I meant is that the file douane.service in /etc/systemd/system has a modified line in ExecStart line that points to the daemon file located in my home folder.


[Unit]
Description=Douane Daemon


[Service]
Type=simple
ExecStart=/home/kaushik/Programs/Douane/douane-daemon/douaned -l /var/log/douane.log -D
Nice=-20
UMask=0
        
[Install]
WantedBy=multi-user.target 

Do I need to delete the /etc/init.d/douane?

Is /home mounted at that point???

I would. The systemd service is supposed to do the necessary. (Read the blog I linked to for details about this.)

OK, I deleted the douane file from /etc/init.d.
Now when I fire up the douane-configurator and turn the switch ON, I get the error:


Error accessing /etc/init.d/douane: No such file or directory

It must be hard coded in the config tool then. Maybe contact the developer?

I already did. But no response yet.

Is there any other douane like personal firewall available that has known to work with Leap that I can try? I tried configuring lpfw and that was even worse to install.

Decided to take a look at this.

First thing I’m noticing is that there are a great many dependencies which can’t be met with available packages which would likely prevent successful compilation.

Wondering where you’re getting
policykit development headers
log4cxx, both the app and the development headers

And how you imported the recommended modules
GTKTwitterbox
GTK+
pygobject3 (openSUSE can provide pygobject2 only), may be available from Python repos(?)

Also, a quick Google search suggests that no one has reported compiling and/or installing on an RPM-based distro.
Since there are Arch packages, it might be possible to extract those on to a distro, but that would require closer inspection.

TSU