On Wed, 26 Feb 2020 at 11:13, Nicolas Kovacs <[email protected]> wrote:
> Le 26/02/2020 à 15:48, Stephen John Smoogen a écrit : > > I would open a bug on this so that the maintainer knows about it. They > may not > > be on this list or may filter it to the 'read once a year' bucket. > Second, I > > would check to see what the audit2allow policy came up with and if the > files it > > is alerting on have the appropriate labeling. I spent a day doing this > with > > Nagios and then realized the file problem was that nrpe wanted to do > something > > and hte file was labeled in a 'group' that neither nagios or nrpe had > selinux > > perms to do with. > > First a question: where's the correct place to file a bug for that? I > subscribed to that list because I thought this would be the right place > for > that kind of thing. > > Ugh. My problem for not saying that. A lot of 'bugs' can be config problems so starting a discussion on the list is a good place. After that it is go to https://bugzilla.redhat.com https://bugzilla.redhat.com/buglist.cgi?quicksearch=fail2ban&list_id=10871278 https://bugzilla.redhat.com/show_bug.cgi?id=1766415 may be related > Anyway. > > I reinstalled this server from scratch and took some notes. > > The second time I succeeded in making Fail2ban work with SELinux. Go > figure. > > I noticed two things, I don't know if they're relevant. > > 1. I had two different suggestions from sealert. > > # ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver > # semodule -i my-f2bserver.pp > > and then the same thing but 'f2b/sshd'. > > 2. To create the SELinux I used the root account on the second attempt. On > the > first attempt I used sudo: > > $ sudo ausearch -c 'f2b/f.sshd' --raw | sudo audit2allow -M my-f2bfsshd > ******************** IMPORTANT *********************** > To make this policy package active, execute: > semodule -i my-f2bfsshd.pp > $ sudo semodule -i my-f2bfsshd.pp > > In theory there should be no difference, so correct me if I'm wrong. > > Cheers, > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Mail : [email protected] > Tél. : 04 66 63 10 32 > Mob. : 06 51 80 12 12 > _______________________________________________ > epel-devel mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > -- Stephen J Smoogen.
_______________________________________________ epel-devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
