My fcrontab file has been replaced by a new one

Wow! That is a tough one! I honestly do not know.

How about under wiki.ipfire.org - Noteworthy packages with the title of “fcron”?

You can click here to get started:
https://wiki.ipfire.org/pkgs/fcron

Just click the CREATE NOW button.

Thanks Jon. That helps.

I don’t have the time to do it now as I am having to work on my mail server as the main disk is starting to fail but I know how to approach it now, when I get round to it.

1 Like

@bonnietwin I take the offer :smile:

Purpose: changing RPF from strict to relaxed when my web server issues a certbot renew (see Reverse Path Filtering prevents certbot renewal using HTTP-1 acme-challenge - #2 by cfusco for context).

I followed your tutorial almost to the to the letter, with the purpose to execute a script that sets RPF to 2 and then after 15 minutes it reverts to the default. During that window, my webserver is free to issue a certbot renew command.

This is the fcrontab for the fcronuser:

0 0 * * 7 "sudo /home/cfusco/bin/rpf.sh 2"
15 0 * * 7 "sudo /home/cfusco/bin/rpf.sh 1"

This is the script it calls:

#!/bin/bash

###########################################################
# set strictness of Reverse Path Filtering; see RFC 3704, #
# section 2.2: 1, RPF strict; 2, RPF relaxed              #
###########################################################

###### Initialization steps ######
LOG="/home/cfusco/bin/log_RPF.txt"
exec 1>>$LOG 2>&1                   # write stdout to $LOG, stderr goes to stdout
level=$1                            # 1 for strict or 2 for relaxed

##### Functions ######
function run() {                    # wrapper call for error handling, spins a subshell
    cmd_output=$(eval $1)
    return_value=$?
    [[ $return_value != 0 ]] && echo "Command $1 failed" && echo -e "${cmd_output}" \
            || echo -e "* $1 Output:\n${cmd_output}" "\nCommand $1 succeeded."
    return $return_value
}

function logDate() {                 # log a time stamped message
    date=$(date '+%Y-%m-%d %H:%M:%S')
    echo -e "\n---\n" "$date" ": $1 \n---"
}

function changeRPF() {               # change RPF value
    if [[ $level == 1 || $level == 2 ]]; then
         sysctl net.ipv4.conf.default.rp_filter=$level
         sysctl net.ipv4.conf.all.rp_filter=$level
    else
         echo "either 1 or 2, instead you entered: "$level
         return -1
    fi
}

##### Main Routine ######
logDate "Changing RPF strictness"
run "changeRPF"

The error I got in the logs is:

---
 2022-09-11 00:00:00 : Changing RPF strictness 
---
/home/cfusco/bin/rpf.sh: line 29: sysctl: command not found
/home/cfusco/bin/rpf.sh: line 30: sysctl: command not found
* changeRPF Output:
 
Command changeRPF failed.

---
 2022-09-11 00:15:00 : Changing RPF strictness 
---
/home/cfusco/bin/rpf.sh: line 29: sysctl: command not found
/home/cfusco/bin/rpf.sh: line 30: sysctl: command not found
* changeRPF Output:
 
Command changeRPF failed.

do you have any idea why executing the script, fcronuser cannot find sysctl? It’s not a matter of permission, becase if I run the command as user cfusco, i get

---
 2022-09-11 11:27:53 : Changing RPF strictness 
---
sysctl: permission denied on key "net.ipv4.conf.default.rp_filter"
sysctl: permission denied on key "net.ipv4.conf.all.rp_filter"
Command changeRPF failed

I am lost here.

Hi @cfusco

Always glad to try and help if I am able to. :grin:

In this case I may be able to help. When a system user is created, without a home directory then sometimes the path environment variable for that user does not cover what you want to access. Also I have sometimes found that no matter what I do with a path environment variable cron or fcron refuse to be able to find a binary.
Therefore I always write the cron/fcron binary command with a full path specified.
I would give that a try and see if it solves your issue.

If it doesn’t solve the issue then I will need to test out your script and commands in my vm testbed to obtain a better idea.

Incidentally, I am also using letsencrypt on my network but I currently don’t have a webserver running so I am doing the http-01 challenge with the certbot standalone command and it starts up a webserver just for the challenge and afterwards shuts it down. I don’t have any issues with RPF. My certificates were successfully updated about 10 days ago.

I will eventually put a web server in place for a webmail system and will then be doing the same as you. Will let you know how that goes when I get round to it and if I see the same issue as you have been experiencing.

That you do, and I am extremely grateful for that. Thank you.

You did indeed. It was so obvious, I feel silly not to have connected my brain. It works beautifully now.

That would be great, especially if you post it in that thread. Thank you again.

@bonnietwin I hope you do not mind that I did it. The procedure is correct as I have tested it myself. The text is only occasionally modified just for minor adjustments to a wiki entry style, but feel free to change it as you deem necessary. Thank you for the great tutorial.

2 Likes

No problems at all. I have been strapped for time so haven’t been able to get round to it. Glad you could help.

1 Like

Just had a look through the new fcron wiki entry you created. It looks great :+1:

2 Likes

Will the links below be helpful?

https://cronprompt.com/

Regards

1 Like

@tphz Thank you, I have added the link in the notes.

1 Like