Displaying 11 results from an estimated 11 matches for "fail2ban_t".
Did you mean:
fail2ban
2015 Jan 19
2
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
I am seeing these in the log of one of our off-site NX hosts running
CentOS-6.6.
type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module
to allow this access.
SELinux is preventing /sbin/iptables-multi-1.4.7 from search...
2015 Jan 19
0
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
On Mon, January 19, 2015 11:50, James B. Byrne wrote:
> I am seeing these in the log of one of our off-site NX hosts running
> CentOS-6.6.
>
> type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
> pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
> tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
> Was caused by:
> Missing type enforcement (TE) allow rule.
>
> You can use audit2allow to generate a loadable module
> to allow this access.
>
> SELinux is preventing...
2020 Apr 17
2
[SOLVED] fail2ban firewalld problems with current CentOS 7
...d=1777562
> We're a bit stalled at the moment I'm afradi
>
Finally had some time to look into this. Happy to say fail2ban now
appears to be working.
1. I found that reading the CentOS web site about SElinux was helpful
and this led me to issue the following:
semanage permissive -a fail2ban_t
this places just fail2ban requests (got the context from the scontext
part of the SElinux error message) into permissive mode rather than the
entire OS.
2. Then a look into the SElinux troubleshooter gave me the errors that
were occurring and following the suggested instructions I created a
m...
2020 Feb 26
3
CentOS 7 : SELinux trouble with Fail2ban
...arch -c 'f2b/server' --raw | sudo audit2allow -M my-f2bserver
> $ sudo semodule -i my-f2bserver.pp
>
> I'm not sure with SELinux.
https://bugzilla.redhat.com/show_bug.cgi?id=1777562
This bug was posted earlier. Sadly, it was closed WONTFIX, but the policy you need is:
allow fail2ban_t sysfs_t:file { getattr open read };
allow fail2ban_t sysctl_net_t:dir { search };
allow fail2ban_t sysctl_net_t:file { getattr open read };
Honestly, if this really affects all users of fail2ban, I?ll probably push back on the ticket to get it updated. I?ve successfully had the policy updated to...
2020 Apr 09
2
fail2ban firewalld problems with current CentOS 7
...il2ban.
After several iterations with fail2ban restart, ausearch and audit2allow like this:
ausearch -c 'f2b/server' --raw | audit2allow -M f2b-addon
I came up with a SELinux module like that:
module f2b-addon 1.0;
require {
type sysctl_net_t;
type sysfs_t;
type fail2ban_t;
class file { getattr open read };
class dir search;
}
#============= fail2ban_t ==============
#!!!! This avc is allowed in the current policy
allow fail2ban_t sysctl_net_t:dir search;
#!!!! This avc is allowed in the current policy
allow fail2ban_t sysctl_net_t:file { getattr o...
2015 Mar 10
0
Fail2Ban Centos 7 is there a trick to making it work?
...using fail2ban with the -firewalld and -systemd modules, and I had to setup some SELinux rules to make it working right. This is the policy I add to the CentOS 7 machines:
module fail2ban-journal-sepol-new 1.0;
require {
type fail2ban_client_exec_t;
type logrotate_t;
type fail2ban_t;
type syslogd_var_run_t;
class dir read;
class file { ioctl read execute execute_no_trans open getattr };
}
#============= fail2ban_t ==============
#!!!! This avc is allowed in the current policy
allow fail2ban_t syslogd_var_run_t:dir read;
#!!!! This avc is allowed in t...
2020 Feb 26
0
CentOS 7 : SELinux trouble with Fail2ban
...audit2allow -M my-f2bserver
> > $ sudo semodule -i my-f2bserver.pp
> >
> > I'm not sure with SELinux.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1777562
> This bug was posted earlier. Sadly, it was closed WONTFIX, but the policy
> you need is:
>
> allow fail2ban_t sysfs_t:file { getattr open read };
> allow fail2ban_t sysctl_net_t:dir { search };
> allow fail2ban_t sysctl_net_t:file { getattr open read };
> Honestly, if this really affects all users of fail2ban, I?ll probably push
> back on the ticket to get it updated. I?ve successfully had the...
2015 Mar 10
2
Fail2Ban Centos 7 is there a trick to making it work?
On Mon, March 9, 2015 13:11, John Plemons wrote:
> Been working on fail2ban, and trying to make it work with plain Jane
> install of Centos 7
>
> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
> of disk space. Very generic and vanilla.
>
> Current available epel repo version is fail2ban-0.9.1
>
> Looking at the log file, fail2ban starts and stops
2020 Apr 09
2
fail2ban firewalld problems with current CentOS 7
...n.jail [8545]: INFO Jail 'openvpn' started
[...]
BUT: SELinux complains about fail2ban:
type=AVC msg=audit(1586413496.76:53507): avc: denied { read } for pid=1324 comm="f2b/f.apache" name="disable" dev="sysfs" ino=1481 scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
So it seems somehow fail2ban does not add the required ip sets correctly.
From what I see in firewalld logfile it seems these problems started after the last updates on April 2nd.
On this day I did a "yum update" which e...
2020 Apr 17
0
[SOLVED] fail2ban firewalld problems with current CentOS 7
...at the moment I'm afradi
>>
> Finally had some time to look into this. Happy to say fail2ban now
> appears to be working.
>
> 1. I found that reading the CentOS web site about SElinux was helpful
> and this led me to issue the following:
>
> semanage permissive -a fail2ban_t
>
> this places just fail2ban requests (got the context from the scontext
> part of the SElinux error message) into permissive mode rather than the
> entire OS.
>
> 2. Then a look into the SElinux troubleshooter gave me the errors that
> were occurring and following the su...
2020 Feb 26
5
CentOS 7 : SELinux trouble with Fail2ban
Hi,
Some time ago I had SELinux problems with Fail2ban. One of the users on this
list suggested that it might be due to the fact that I'm using a bone-headed
iptables script instead of FirewallD.
I've spent the past few weeks getting up to date with doing things in a more
orthodox manner. So currently my internet-facing CentOS server has a nicely
configured NetworkManager, and