Fail2Ban CentOS 7 Is There A Trick To Making It Work?
Been working on fail2ban, and trying to make it work with plain Jane install of CentOS 7
Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
of disk space. Very generic and vanilla.
Current available epel repo version is fail2ban-0.9.1
Looking at the log file, fail2ban starts and stops fine, there isn’t output though showing any login attempts being restricted.
2015-03-09 12:54:37,930 fail2ban.server [14805]: INFO Stopping all jails
2015-03-09 12:54:37,931 fail2ban.server [14805]: INFO Exiting Fail2ban
2015-03-09 12:54:38,338 fail2ban.server [16678]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1
2015-03-09 12:54:38,341 fail2ban.database [16678]: INFO Connected to fail2ban persistent database ‘/var/lib/fail2ban/fail2ban.sqlite3’
I copied jail.conf and added the edited jail.local to the directory
/etc/fail2ban/
This is about as far as I have gotten with searches on how to configure with CentOS 7.
Any help would be welcome. What am I missing?
john
4 thoughts on - Fail2Ban CentOS 7 Is There A Trick To Making It Work?
This is what I have for SSH in jail.conf
[ssh-iptables]
enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=x@harte-lyne.ca, sender=x@harte-lyne.ca, sendername
I’m using fail2ban with the -firewalld and -systemd modules, and I had to setup some SELinux rules to make it working right. This is the policy I add to the CentOS 7 machines:
module fail2ban-journal-sepol-new 1.0;
require {
type fail2ban_client_exec_t;
type logrotate_t;
type fail2ban_t;
type syslogd_var_run_t;
class dir read;
class file { ioctl read execute execute_no_trans open getattr };
}
#============= fail2ban_t ==============
#!!!! This avc is allowed in the current policy allow fail2ban_t syslogd_var_run_t:dir read;
#!!!! This avc is allowed in the current policy allow fail2ban_t syslogd_var_run_t:file { read getattr open };
#============= logrotate_t ==============
allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute execute_no_trans open };
What’s the best way to report the selinux problems in EPEL packages, btw?
Ciao, andrea
Looks like this was already fixed in ‘selinux-policy’. See https://bugzilla.redhat.com/show_bug.cgi?id14821
John.
Thanks. I didn’t notice that bug, and the changelog didn’t report anything about fail2ban.
Ciao, andrea