[CentOS] CentOS 7 : SELinux trouble with Fail2ban

Wed Feb 26 16:52:08 UTC 2020
Nicolas Kovacs <info at microlinux.fr>

Le 26/02/2020 à 11:51, Nicolas Kovacs a écrit :
> SELinux is preventing /usr/bin/python2.7 from read access on the file disable.
> *****  Plugin catchall (100. confidence) suggests   *****
> If you believe that python2.7 should be allowed read access on the disable file 
> by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver
> # semodule -i my-f2bserver.pp
> Weirdly enough, when I follow this suggestion and then empty audit.log and 
> restart my server, I still get the exact same error again.

I reinstalled this server from scratch and took some notes. This time I was 
successful, though I don't know exactly what I did differently this time.

Usually I work as non-root user and call sudo whenever I need root permissions.

But is this OK when enabling SELinux modules? Let's consider the example given 

# ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver
# semodule -i my-f2bserver.pp

Can I also perform it like this?

$ sudo ausearch -c 'f2b/server' --raw | sudo audit2allow -M my-f2bserver
$ sudo semodule -i my-f2bserver.pp

I'm not sure with SELinux.



Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12