Displaying 8 results from an estimated 8 matches for "sysctl_net_t".
2020 Feb 26
3
CentOS 7 : SELinux trouble with Fail2ban
...rver
> $ sudo semodule -i my-f2bserver.pp
>
> I'm not sure with SELinux.
https://bugzilla.redhat.com/show_bug.cgi?id=1777562
This bug was posted earlier. Sadly, it was closed WONTFIX, but the policy you need is:
allow fail2ban_t sysfs_t:file { getattr open read };
allow fail2ban_t sysctl_net_t:dir { search };
allow fail2ban_t sysctl_net_t:file { getattr open read };
Honestly, if this really affects all users of fail2ban, I?ll probably push back on the ticket to get it updated. I?ve successfully had the policy updated to handle issues with popular non-RHEL/CentOS packages.
--
Jonathan...
2020 Apr 09
2
fail2ban firewalld problems with current CentOS 7
...s like something
changed regarding selinux and fail2ban.
After several iterations with fail2ban restart, ausearch and audit2allow like this:
ausearch -c 'f2b/server' --raw | audit2allow -M f2b-addon
I came up with a SELinux module like that:
module f2b-addon 1.0;
require {
type sysctl_net_t;
type sysfs_t;
type fail2ban_t;
class file { getattr open read };
class dir search;
}
#============= fail2ban_t ==============
#!!!! This avc is allowed in the current policy
allow fail2ban_t sysctl_net_t:dir search;
#!!!! This avc is allowed in the current policy...
2020 Apr 17
2
[SOLVED] fail2ban firewalld problems with current CentOS 7
On 13/04/20 1:30 pm, Orion Poplawski wrote:
> On 4/9/20 6:31 AM, Andreas Haumer wrote:
> ...
>> I'm neither a fail2ban nor a SELinux expert, but it seems the
>> standard fail2ban SELinux policy as provided by CentOS 7 is not
>> sufficient anymore and the recent updates did not correctly
>> update the required SELinux policies.
>>
>> I could report this
2005 Jul 06
0
SELinux startup issue on FC4...
...scontext=system_u:system_r:ifconfig_t
tcontext=system_u:object_r:var_lib_t tclass=file
type=AVC msg=audit(1120675556.084:95462): avc: denied { write } for
pid=2641 comm="ip" name="flush" dev=proc ino=-268435296
scontext=system_u:system_r:ifconfig_t
tcontext=system_u:object_r:sysctl_net_t tclass=file
type=PATH msg=audit(1120675555.879:90329): item=0 name="/sbin/ip"
type=AVC_PATH msg=audit(1120675555.879:90329):
path="/tmp/shorewall.Gh1879/providers"
type=AVC msg=audit(1120675555.879:90329): avc: denied { read } for pid=2588
comm="ip" name="pro...
2020 Feb 26
0
CentOS 7 : SELinux trouble with Fail2ban
....pp
> >
> > I'm not sure with SELinux.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1777562
> This bug was posted earlier. Sadly, it was closed WONTFIX, but the policy
> you need is:
>
> allow fail2ban_t sysfs_t:file { getattr open read };
> allow fail2ban_t sysctl_net_t:dir { search };
> allow fail2ban_t sysctl_net_t:file { getattr open read };
> Honestly, if this really affects all users of fail2ban, I?ll probably push
> back on the ticket to get it updated. I?ve successfully had the policy
> updated to handle issues with popular non-RHEL/CentOS packa...
2020 Feb 26
5
CentOS 7 : SELinux trouble with Fail2ban
Hi,
Some time ago I had SELinux problems with Fail2ban. One of the users on this
list suggested that it might be due to the fact that I'm using a bone-headed
iptables script instead of FirewallD.
I've spent the past few weeks getting up to date with doing things in a more
orthodox manner. So currently my internet-facing CentOS server has a nicely
configured NetworkManager, and
2020 Apr 09
2
fail2ban firewalld problems with current CentOS 7
Hi!
I have a server running CentOS 7.7 (1908) with all current patches installed.
I think this server should be a quite standard installation with no specialities
On this server I have fail2ban with an apache and openvpn configuration.
I'm using firewalld to manage the firewall rules.
Fail2an is configured to use firewalld:
[root at server ~]# ll /etc/fail2ban/jail.d/
insgesamt 12
2018 Aug 27
0
Very odd: /proc/sys/net/ipv6/conf/all/disable_ipv6
CentOS 7.5, and on one system, I'm getting:
setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from
read access on the file disable_ipv6
ll -Z shows
-rw-r--r--. root root system_u:object_r:sysctl_net_t:s0
/proc/sys/net/ipv6/conf/all/disable_ipv6
I find this peculiar. Anyone have a resolution, or is this a bug?
mark