On 2/26/20 3:33 PM, Bussi Andrea wrote:
On 2/26/20 2:52 PM, Nicolas Kovacs wrote:
Le 26/02/2020 à 13:05, Nicolas Kovacs a écrit :
Weirdly enough, when I follow this suggestion, generate the module
and then empty audit.log and restart my server, I still get the exact
same error again.
Which makes Fail2ban unusable with SELinux in enforcing mode in the
current state.
Looks like this is clearly a bug. I made some more testing.
Installed vanilla CentOS 7 on an Internet-facing sandbox server.
Configured NetworkManager.
Configured FirewallD.
Installed fail2ban-server and fail2ban-firewalld.
Put this in /etc/fail2ban/jail.d/sshd.local
[sshd]
enabled = true
Started Fail2ban.
I get the same SELinux error than the one described in the initial
message to the list.
And when I follow the advice displayed by SEalert, the same error
occurs again.
Which leaves me clueless.
Any suggestions ?
Interesting.
I only notice a small difference with my setup;
and that is that I explicitly set an action.
My jail.local (with some unrelated lines removed):
[sshd]
enabled = true
maxretry = 7
action = firewallcmd-new[name=SSH, port=ssh, protocol=tcp]
I am not sure if that's what makes a difference
here, but it's worth trying.
Bussi Andrea
My bad; I checked on my server, and I have
the same AVC as you're seeing.
But I can confirm it is not preventing fail2ban
from doing its work; offenders still get banned.
Best regards,
Bussi Andrea
Niki Kovacs
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
