Fail2Ban CentOS 7 Is There A Trick To Making It Work?

Home » CentOS » Fail2Ban CentOS 7 Is There A Trick To Making It Work?
CentOS 4 Comments

Been working on fail2ban, and trying to make it work with plain Jane install of CentOS 7

Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
of disk space. Very generic and vanilla.

Current available epel repo version is fail2ban-0.9.1

Looking at the log file, fail2ban starts and stops fine, there isn’t output though showing any login attempts being restricted.

2015-03-09 12:54:37,930 fail2ban.server [14805]: INFO Stopping all jails
2015-03-09 12:54:37,931 fail2ban.server [14805]: INFO Exiting Fail2ban
2015-03-09 12:54:38,338 fail2ban.server [16678]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1
2015-03-09 12:54:38,341 fail2ban.database [16678]: INFO Connected to fail2ban persistent database ‘/var/lib/fail2ban/fail2ban.sqlite3’

I copied jail.conf and added the edited jail.local to the directory
/etc/fail2ban/

This is about as far as I have gotten with searches on how to configure with CentOS 7.

Any help would be welcome. What am I missing?

john

4 thoughts on - Fail2Ban CentOS 7 Is There A Trick To Making It Work?

  • This is what I have for SSH in jail.conf

    [ssh-iptables]

    enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp]
    sendmail-whois[name=SSH, dest=x@harte-lyne.ca, sender=x@harte-lyne.ca, sendername

  • I’m using fail2ban with the -firewalld and -systemd modules, and I had to setup some SELinux rules to make it working right. This is the policy I add to the CentOS 7 machines:

    module fail2ban-journal-sepol-new 1.0;

    require {
    type fail2ban_client_exec_t;
    type logrotate_t;
    type fail2ban_t;
    type syslogd_var_run_t;
    class dir read;
    class file { ioctl read execute execute_no_trans open getattr };
    }

    #============= fail2ban_t ==============

    #!!!! This avc is allowed in the current policy allow fail2ban_t syslogd_var_run_t:dir read;

    #!!!! This avc is allowed in the current policy allow fail2ban_t syslogd_var_run_t:file { read getattr open };

    #============= logrotate_t ==============
    allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute execute_no_trans open };

    What’s the best way to report the selinux problems in EPEL packages, btw?

    Ciao, andrea

  • Thanks. I didn’t notice that bug, and the changelog didn’t report anything about fail2ban.

    Ciao, andrea