[CentOS] Nasty Fail2Ban update for Centos 7

Wed Jan 1 19:01:00 UTC 2020
Paul Heinlein <heinlein at madboa.com>

On Wed, 1 Jan 2020, Allan wrote:

> På Tue, 31 Dec 2019 18:53:38 +0000
> John H Nyhuis <jnyhuis at uw.edu> skrev:
>> Just a random stab in the dark, but CEntOS6 was iptables, and CentOS7
>> is firewalld.  They take different fail2ban packages.
>> CentOS6 = fail2ban
>> CentOS7 = fail2ban-firewalld
>> Are you sure you are running the correct fail2ban package for your
>> firewall?  (I screwed this up myself before I noticed and fixed it...)
> I do have the f2b-firewalld package installed yes. Since it was an 
> update - it only replaced same installed packages.
> A standard install of F2B on Centos7 do also include the f2b-systemd 
> package - which would seem logical. However, after I started using 
> the recidive filter - which IMHO is one of the most important ones - 
> it didn't work. Removing the f2b-systemd package fixed that - and 
> didn't hurt anything else.
> I have no idea why that is - or if that could be part of the problem 
> with the update here on my system.

If it helps to have another data point, my C7 server has two fail2ban 
packages installed:

* fail2ban-firewalld-0.10.4-1.el7.noarch
* fail2ban-server-0.10.4-1.el7.noarch

They were upgraded back on December 9 and have worked without any 
major hiccups.

The fail2ban-server package provides the systemd unit file, 
/usr/lib/systemd/system/fail2ban.service, so I was curious to know 
what the the fail2ban-systemd package actually does. The description 
field for the fail2ban-systemd rpm says,

> This package configures Fail2Ban to use the systemd journal for
> its log input by default.

All of the logpath entries in my fail2ban configuration point to 
ordinary /var/log/* files. I don't know how fail2ban-systemd repoints 
the logpath entries to use inputs from systemd-journald, but I suspect 
that's where the mismatch may be happening.

Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W