> On 10 Mar 2015, at 14:30, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > > On Mon, March 9, 2015 13:11, John Plemons wrote: >> Been working on fail2ban, and trying to make it work with plain Jane >> install of Centos 7 >> >> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB >> of disk space. Very generic and vanilla. >> >> Current available epel repo version is fail2ban-0.9.1 >> >> Looking at the log file, fail2ban starts and stops fine, there isn't >> output though showing any login attempts being restricted. >> >> 2015-03-09 12:54:37,930 fail2ban.server [14805]: INFO >> Stopping all jails >> 2015-03-09 12:54:37,931 fail2ban.server [14805]: INFO >> Exiting Fail2ban >> 2015-03-09 12:54:38,338 fail2ban.server [16678]: INFO >> Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1 >> 2015-03-09 12:54:38,341 fail2ban.database [16678]: INFO >> Connected to fail2ban persistent database >> '/var/lib/fail2ban/fail2ban.sqlite3' >> >> I copied jail.conf and added the edited jail.local to the directory >> /etc/fail2ban/ >> >> This is about as far as I have gotten with searches on how to >> configure >> with Centos 7. >> >> Any help would be welcome. What am I missing? >> >> john >> > > This is what I have for ssh in jail.conf > > [ssh-iptables] > > enabled = true > filter = sshd > action = iptables[name=SSH, port=ssh, protocol=tcp] > sendmail-whois[name=SSH, dest=x at harte-lyne.ca, > sender=x at harte-lyne.ca, sendername=Fail2Ban] > logpath = /var/log/secure > maxretry = 5 > I’m using fail2ban with the -firewalld and -systemd modules, and I had to setup some SELinux rules to make it working right. This is the policy I add to the CentOS 7 machines: module fail2ban-journal-sepol-new 1.0; require { type fail2ban_client_exec_t; type logrotate_t; type fail2ban_t; type syslogd_var_run_t; class dir read; class file { ioctl read execute execute_no_trans open getattr }; } #============= fail2ban_t ============== #!!!! This avc is allowed in the current policy allow fail2ban_t syslogd_var_run_t:dir read; #!!!! This avc is allowed in the current policy allow fail2ban_t syslogd_var_run_t:file { read getattr open }; #============= logrotate_t ============== allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute execute_no_trans open }; What’s the best way to report the selinux problems in EPEL packages, btw? > HTH > > -- > *** E-Mail is NOT a SECURE channel *** > James B. Byrne mailto:ByrneJB at Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 Ciao, andrea -- Andrea Dell'Amico http://adellam.sevenseas.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.centos.org/pipermail/centos/attachments/20150310/1c95a6dc/attachment-0005.sig>