Hello I am using fail2ban on production servers running Alma Linux 8. Our network security scanner is constantly flagging that system complaining about outdated/vulnerable python on them. However, if I try to remove that python (with a view to install a newer version), it removes fail2ban as well and reinstalling fail2ban re-introduces the removed version of python.
Any idea on the timeline as to when fail2ban is going to be built with newer/supported python? Below are some of the details from an affected host: *# cat /etc/os-release * NAME="AlmaLinux" VERSION="8.5 (Arctic Sphynx)" ID="almalinux" ID_LIKE="rhel centos fedora" VERSION_ID="8.5" PLATFORM_ID="platform:el8" PRETTY_NAME="AlmaLinux 8.5 (Arctic Sphynx)" ANSI_COLOR="0;34" CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos" HOME_URL="https://almalinux.org/"; DOCUMENTATION_URL="https://wiki.almalinux.org/"; BUG_REPORT_URL="https://bugs.almalinux.org/"; ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8" ALMALINUX_MANTISBT_PROJECT_VERSION="8.5" # # # *# dnf info fail2ban* Last metadata expiration check: 1:50:27 ago on Fri 11 Mar 2022 10:03:42 GMT. Installed Packages Name : fail2ban Version : 0.11.2 Release : 1.el8 Architecture : noarch Size : 0.0 Source : fail2ban-0.11.2-1.el8.src.rpm Repository : @System >From repo : epel Summary : Daemon to ban hosts that cause multiple authentication errors URL : http://fail2ban.sourceforge.net/ License : GPLv2+ Description : Fail2Ban scans log files and bans IP addresses that makes too many password : failures. It updates firewall rules to reject the IP address. These rules can : be defined by the user. Fail2Ban can read multiple log files such as sshd or : Apache web server ones. : : Fail2Ban is able to reduce the rate of incorrect authentications attempts : however it cannot eliminate the risk that weak authentication presents. : Configure services to use only two factor or public/private authentication : mechanisms if you really want to protect services. : : This is a meta-package that will install the default configuration. Other : sub-packages are available to install support for other actions and : configurations. # # # *# dnf remove python36* Dependencies resolved. ============================================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================================== Removing: python36 x86_64 3.6.8-38.module_el8.5.0+2569+5c5719bc @appstream 13 k Removing dependent packages: fail2ban noarch 0.11.2-1.el8 @epel 0 Report from scanner Plugin Plugin Name Severity CVSS V2 Base Score Repository Plugin Output 148367 Python Unsupported Version Detection Critical 10 General "Plugin Output: The following Python installation is unsupported : Path : / Port : 80 Installed version : 3.6 Latest version : 3.10 Support dates : 2021-12-23 (end of life)" Thank you for your thoughts and input in this matter. Best regards SS
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
