[CentOS] CentOS 7 : SELinux trouble with Fail2ban

Wed Feb 26 10:51:40 UTC 2020
Nicolas Kovacs <info at microlinux.fr>


Some time ago I had SELinux problems with Fail2ban. One of the users on this 
list suggested that it might be due to the fact that I'm using a bone-headed 
iptables script instead of FirewallD.

I've spent the past few weeks getting up to date with doing things in a more 
orthodox manner. So currently my internet-facing CentOS server has a nicely 
configured NetworkManager, and FirewallD has replaced the iptables script.

Unfortunately when I install FirewallD from EPEL, I still get the same error.

SELinux is preventing /usr/bin/python2.7 from read access on the file disable.

*****  Plugin catchall (100. confidence) suggests   *****

If you believe that python2.7 should be allowed read access on the disable file 
by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver
# semodule -i my-f2bserver.pp

Weirdly enough, when I follow this suggestion and then empty audit.log and 
restart my server, I still get the exact same error again.

Which makes Fail2ban unusable with SELinux in enforcing mode in the current state.

Any suggestions ?


Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12