Hi, >> >From a terminal run sestatus if Current mode is 'enforcing" the as root run >> setenforce 0. This will put SELinux in permissive mode. If you script works >> then it's SELinux preventing it. There a a couple of ways to deal with that. >> I would think that at the fail2ban server runs as root since you have to be >> root to write to iptables but I have never checked. If it is not running as >> root then whatever account it does run as need to be able to access the >> location where your script is. I think it runs as root because I found a >> white paper on how to run it without root privileges while I was >> troubleshooting an issue I have been having with the sqllite database.. But >> I would check the SELinux first. > > No, selinux is disabled with security=0 at boot. > > And fail2ban is running as root: > > # ps axwww|grep fail2ban > root 25752 6.0 0.0 2280248 18028 ? Sl Jul22 54:47 > /usr/bin/python -Es /usr/bin/fail2ban-server -s > /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x > -b
Harrison wrote: > actionstart = whatever is only ran once at start up. > move your script to actioncheck or actionban and try it. I think the problem is that I haven't set up the jail properly. Can someone help me confirm the proper way to do this? I have the following in jail.conf: [changepass] enabled = true filter = changepass action = sendmail-whois[name=CHNGPASS, [email protected], [email protected]] actionban = /etc/fail2ban/scripts/myscript_restart.sh maxretry = 1 bantime = 10 I previously had the "actionban" in the actual filter, but just moved it here in hopes it's a more correct way of doing it. The actual filter just has the logpath and the failregex. Is there anything more that I would need to make this work properly? Thanks, Alex ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
