Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Iptables not found in Ubuntu 20.04 #76

Open
elliotjberg opened this issue Dec 14, 2020 · 2 comments
Open

Iptables not found in Ubuntu 20.04 #76

elliotjberg opened this issue Dec 14, 2020 · 2 comments

Comments

@elliotjberg
Copy link

I was previously running a Ubuntu 18.04 server with PSAD configured and working as expected, which I recently upgraded to 20.04. Since doing so, PSAD won't start - it gives the error Could not find/execute iptables, specify path via _iptables at /usr/share/perl5/IPTables/ChainMgr.pm line 37. I have edited /etc/psad/psad.conf and changed

iptablesCmd      /sbin/iptables;
ip6tablesCmd     /sbin/ip6tables;

to

iptablesCmd      /usr/sbin/iptables;
ip6tablesCmd     /usr/sbin/ip6tables;

to match where iptables is on the filesystem;

which iptables
/usr/sbin/iptables

But this makes no difference. I have also tried setting

ENABLE_OVERRIDE_FW_CMD Y;
FW_CMD /usr/sbin/iptables;

Which also seems to make no difference. I'm running v2.4.3 from the Ubuntu repositories.

Any indication as to how I can address this?
@andweber
Copy link

I had the same problem - quick and dirty solution:
sudo ln -s /usr/sbin/iptables /sbin/iptables
sudo ln -s /usr/sbin/ip6tables /sbin/ip6tables

It looks like IPTables::ChainMgr use the defaults defined in IPTables::Parse.
While on the other side according to

psad/psad

Lines 3445 to 3462 in 8720f6a

### set some config variables based on command line input
&handle_cmdline();
$ipt_opts{'tmpdir'} = $config{'PSAD_TMP_DIR'};
$ipt_opts{'iptout_pat'} = $config{'IPT_OUTPUT_PATTERN'};
$ipt_opts{'ipterr_pat'} = $config{'IPT_ERROR_PATTERN'};
$ipt_opts{'debug'} = 1 if $debug;
$ipt_opts{'verbose'} = 1 if $verbose;
if ($config{'ENABLE_OVERRIDE_FW_CMD'} eq 'Y') {
if ($config{'FW_CMD_ARGS'} ne 'NONE') {
$ipt_opts{'firewall-cmd'} = $config{'FW_CMD'};
$ipt_opts{'fwd_args'} = $config{'FW_CMD_ARGS'};
} else {
$ipt_opts{'iptables'} = $config{'FW_CMD'};
}
}
it doesn't look like psad was designed to pass the iptablesCmd config options down to IPTables:ChainMgr.

@daydr3am3r
Copy link

@mrash this looks like an easy fix, is it possible to update lines 32-34 of Parse.pm of the IPTables::Parse module to obtain the binary locations from the environment?

Version 1.6.1 reads:

    ### default iptables/ip6tables/firewall-cmd paths
    my $ipt_bin    = '/sbin/iptables';
    my $ipt6_bin   = '/sbin/ip6tables';
    my $fwc_bin    = '/usr/bin/firewall-cmd';

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@daydr3am3r @andweber @elliotjberg