On Wed, 1 Jan 2020, Allan wrote:
På Tue, 31 Dec 2019 18:53:38 +0000 John H Nyhuis jnyhuis@uw.edu skrev:
Just a random stab in the dark, but CEntOS6 was iptables, and CentOS7 is firewalld. They take different fail2ban packages.
CentOS6 = fail2ban CentOS7 = fail2ban-firewalld
Are you sure you are running the correct fail2ban package for your firewall? (I screwed this up myself before I noticed and fixed it...)
I do have the f2b-firewalld package installed yes. Since it was an update - it only replaced same installed packages.
A standard install of F2B on Centos7 do also include the f2b-systemd package - which would seem logical. However, after I started using the recidive filter - which IMHO is one of the most important ones - it didn't work. Removing the f2b-systemd package fixed that - and didn't hurt anything else.
I have no idea why that is - or if that could be part of the problem with the update here on my system.
If it helps to have another data point, my C7 server has two fail2ban packages installed:
* fail2ban-firewalld-0.10.4-1.el7.noarch * fail2ban-server-0.10.4-1.el7.noarch
They were upgraded back on December 9 and have worked without any major hiccups.
The fail2ban-server package provides the systemd unit file, /usr/lib/systemd/system/fail2ban.service, so I was curious to know what the the fail2ban-systemd package actually does. The description field for the fail2ban-systemd rpm says,
This package configures Fail2Ban to use the systemd journal for its log input by default.
All of the logpath entries in my fail2ban configuration point to ordinary /var/log/* files. I don't know how fail2ban-systemd repoints the logpath entries to use inputs from systemd-journald, but I suspect that's where the mismatch may be happening.