Hi,
What are you trying to do? I just did ssh on RHEL7, however it seems from comments that SElinux is a bit of a piggy on Centos compared to RHEL. So I edited jail.conf as per some CENTOS 6 URLs and it worked fine. I then coped jail.conf to jail.local and hashed out the changes in jail.conf and it still worked. After this there was a SELinux issue which I delt with, so go setenforce 0 for testing to see if its SElinux. Here are some notes, I looked in /var/log/messages and the alarm message simply told me what to do, I ran it and no issues, here's the history, ======= 109 grep fail2ban-server /var/log/audit/audit.log | audit2allow -M mypol 110 semodule -i mypol.pp 111 service fail2ban restart ====== I think RH has done some work around SElinux making it way easier than CENTOS. I edited jail.conf as per Centos howtos and it worked. http://www.tecmint.com/install-fail2ban-on-rhel-centos-fedora/ So I then copied jail.conf to jail.local and hashed out the additions in jail.conf, restarted fail2ban and it still worked. ======= regards Steven ________________________________ From: Steve Rowe <[email protected]> Sent: Thursday, 23 October 2014 9:03 a.m. To: [email protected] Subject: [Fail2ban-users] Quickstart? Hi, Is there a quick start guide for Fail2ban 0.9-9 on Centos 7 ? I read (briefly) the man pages for fail2ban-server and jail.conf and believed it was a simple case (to start off) of rem'ing out the unrequired jails in the jail.conf and saving as a jail.local in the jail.d folder. My problem is that when i have done this and saved my jail.d\jail.local and then tried to reload fail2ban-client i am getting the following fail2ban-client reload WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' ERROR Failed during configuration: Bad value substitution: section: [pam-generic] option : logpath key : udpport rawval : ", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] if (to prove a point) i rem out the offending jail (pam) above, and then try again, it just does the same error with the previous jail in the config?? am i missing something? if i do a fail2ban-client status i get. fail2ban-client status Status |- Number of jail: 0 `- Jail list: Any advice| links appreciated Steve
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
