[CentOS] CentOS 7 : SELinux trouble with Fail2ban

Thu Feb 27 14:46:57 UTC 2020
Louis Lagendijk <louis at fazant.net>

On Thu, 2020-02-27 at 02:49 -0800, Mark Milhollan wrote:
> On Wed, 26 Feb 2020, Nicolas Kovacs wrote:
> 
> > Some time ago I had SELinux problems with Fail2ban.
> > Unfortunately when I install [...] from EPEL, I still get the same
> > error.
> 
> EPEL packages are often crap quality (as packages), merely blind
> imports 
> of the upstream package without any adjustments needed for the 
> RHEL/CentOS environment (sometimes not even for Fedora), which is
> often 
> somewhat different than the Fedora environment which go unnoticed or 
> unrepaired, for years.
This sounds a bit harsh. But I had my problems with fail2ban too.
> 
> > 
> 
> This sometimes needs multiple iterations to catch all the types of 
> access attempted, e.g., initially it might be that read is denied,
> but 
> later the process would want other permissions like write but which
> were 
> never logged because of the initial read failure.
> 
> > Any suggestions ?
> 
> Try repeating.  That either means multiple binary modules, or a text 
> module that you add each new audit2allow "fix", increment the
> version 
> number, rebuild the policy and module then re-insert -- lather,
> rinse, 
> ...

A better way is to put selinux in permissive mode and then generate the
policy from the alerts. This will disable the blocking so you can get
all issues in one go

/Louis