[CentOS] Fail2Ban Centos 7 is there a trick to making it work?
Andrea Dell'Amico
adellam-lists at sevenseas.org
Tue Mar 10 13:43:36 UTC 2015
> On 10 Mar 2015, at 14:30, James B. Byrne <byrnejb at harte-lyne.ca> wrote:
>
>
> On Mon, March 9, 2015 13:11, John Plemons wrote:
>> Been working on fail2ban, and trying to make it work with plain Jane
>> install of Centos 7
>>
>> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
>> of disk space. Very generic and vanilla.
>>
>> Current available epel repo version is fail2ban-0.9.1
>>
>> Looking at the log file, fail2ban starts and stops fine, there isn't
>> output though showing any login attempts being restricted.
>>
>> 2015-03-09 12:54:37,930 fail2ban.server [14805]: INFO
>> Stopping all jails
>> 2015-03-09 12:54:37,931 fail2ban.server [14805]: INFO
>> Exiting Fail2ban
>> 2015-03-09 12:54:38,338 fail2ban.server [16678]: INFO
>> Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1
>> 2015-03-09 12:54:38,341 fail2ban.database [16678]: INFO
>> Connected to fail2ban persistent database
>> '/var/lib/fail2ban/fail2ban.sqlite3'
>>
>> I copied jail.conf and added the edited jail.local to the directory
>> /etc/fail2ban/
>>
>> This is about as far as I have gotten with searches on how to
>> configure
>> with Centos 7.
>>
>> Any help would be welcome. What am I missing?
>>
>> john
>>
>
> This is what I have for ssh in jail.conf
>
> [ssh-iptables]
>
> enabled = true
> filter = sshd
> action = iptables[name=SSH, port=ssh, protocol=tcp]
> sendmail-whois[name=SSH, dest=x at harte-lyne.ca,
> sender=x at harte-lyne.ca, sendername=Fail2Ban]
> logpath = /var/log/secure
> maxretry = 5
>
I’m using fail2ban with the -firewalld and -systemd modules, and I had to setup some SELinux rules to make it working right. This is the policy I add to the CentOS 7 machines:
module fail2ban-journal-sepol-new 1.0;
require {
type fail2ban_client_exec_t;
type logrotate_t;
type fail2ban_t;
type syslogd_var_run_t;
class dir read;
class file { ioctl read execute execute_no_trans open getattr };
}
#============= fail2ban_t ==============
#!!!! This avc is allowed in the current policy
allow fail2ban_t syslogd_var_run_t:dir read;
#!!!! This avc is allowed in the current policy
allow fail2ban_t syslogd_var_run_t:file { read getattr open };
#============= logrotate_t ==============
allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute execute_no_trans open };
What’s the best way to report the selinux problems in EPEL packages, btw?
> HTH
>
> --
> *** E-Mail is NOT a SECURE channel ***
> James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited http://www.harte-lyne.ca
> 9 Brockley Drive vox: +1 905 561 1241
> Hamilton, Ontario fax: +1 905 561 0757
> Canada L8E 3C3
Ciao,
andrea
--
Andrea Dell'Amico
http://adellam.sevenseas.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.centos.org/pipermail/centos/attachments/20150310/1c95a6dc/attachment.sig>
More information about the CentOS
mailing list