Re: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?
On 30 Mar 2015, at 13:35, John Horne john.ho...@plymouth.ac.uk wrote:
On Tue, 2015-03-10 at 14:43 +0100, Andrea Dell'Amico wrote:
#= logrotate_t ==
allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute
execute_no_trans open };
Looks like this was already fixed in 'selinux-policy'. See
https://bugzilla.redhat.com/show_bug.cgi?id=1114821
Thanks.
I didn’t notice that bug, and the changelog didn’t report anything about
fail2ban.
John.
Ciao,
andrea
--
Andrea Dell'Amico
http://adellam.sevenseas.org/
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?
On Tue, 2015-03-10 at 14:43 +0100, Andrea Dell'Amico wrote:
#= logrotate_t ==
allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute
execute_no_trans open };
Looks like this was already fixed in 'selinux-policy'. See
https://bugzilla.redhat.com/show_bug.cgi?id=1114821
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?
On 10 Mar 2015, at 14:30, James B. Byrne byrn...@harte-lyne.ca wrote:
On Mon, March 9, 2015 13:11, John Plemons wrote:
Been working on fail2ban, and trying to make it work with plain Jane
install of Centos 7
Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
of disk space. Very generic and vanilla.
Current available epel repo version is fail2ban-0.9.1
Looking at the log file, fail2ban starts and stops fine, there isn't
output though showing any login attempts being restricted.
2015-03-09 12:54:37,930 fail2ban.server [14805]: INFO
Stopping all jails
2015-03-09 12:54:37,931 fail2ban.server [14805]: INFO
Exiting Fail2ban
2015-03-09 12:54:38,338 fail2ban.server [16678]: INFO
Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1
2015-03-09 12:54:38,341 fail2ban.database [16678]: INFO
Connected to fail2ban persistent database
'/var/lib/fail2ban/fail2ban.sqlite3'
I copied jail.conf and added the edited jail.local to the directory
/etc/fail2ban/
This is about as far as I have gotten with searches on how to
configure
with Centos 7.
Any help would be welcome. What am I missing?
john
This is what I have for ssh in jail.conf
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=x...@harte-lyne.ca,
sender=x...@harte-lyne.ca, sendername=Fail2Ban]
logpath = /var/log/secure
maxretry = 5
I’m using fail2ban with the -firewalld and -systemd modules, and I had to setup
some SELinux rules to make it working right. This is the policy I add to the
CentOS 7 machines:
module fail2ban-journal-sepol-new 1.0;
require {
type fail2ban_client_exec_t;
type logrotate_t;
type fail2ban_t;
type syslogd_var_run_t;
class dir read;
class file { ioctl read execute execute_no_trans open getattr };
}
#= fail2ban_t ==
# This avc is allowed in the current policy
allow fail2ban_t syslogd_var_run_t:dir read;
# This avc is allowed in the current policy
allow fail2ban_t syslogd_var_run_t:file { read getattr open };
#= logrotate_t ==
allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute
execute_no_trans open };
What’s the best way to report the selinux problems in EPEL packages, btw?
HTH
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Ciao,
andrea
--
Andrea Dell'Amico
http://adellam.sevenseas.org/
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?
On Mon, March 9, 2015 13:11, John Plemons wrote: Been working on fail2ban, and trying to make it work with plain Jane install of Centos 7 Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB of disk space. Very generic and vanilla. Current available epel repo version is fail2ban-0.9.1 Looking at the log file, fail2ban starts and stops fine, there isn't output though showing any login attempts being restricted. 2015-03-09 12:54:37,930 fail2ban.server [14805]: INFO Stopping all jails 2015-03-09 12:54:37,931 fail2ban.server [14805]: INFO Exiting Fail2ban 2015-03-09 12:54:38,338 fail2ban.server [16678]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1 2015-03-09 12:54:38,341 fail2ban.database [16678]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' I copied jail.conf and added the edited jail.local to the directory /etc/fail2ban/ This is about as far as I have gotten with searches on how to configure with Centos 7. Any help would be welcome. What am I missing? john This is what I have for ssh in jail.conf [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=x...@harte-lyne.ca, sender=x...@harte-lyne.ca, sendername=Fail2Ban] logpath = /var/log/secure maxretry = 5 And this (among many others) is what we have in /etc/fail2ban/action.d cat /etc/fail2ban/action.d/iptables.conf # Fail2Ban configuration file # # Author: Cyril Jaquier # # [INCLUDES] before = iptables-blocktype.conf [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = iptables -N fail2ban-name iptables -A fail2ban-name -j RETURN iptables -I chain -p protocol --dport port -j fail2ban-name # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = iptables -D chain -p protocol --dport port -j fail2ban-name iptables -F fail2ban-name iptables -X fail2ban-name # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = iptables -n -L chain | grep -q 'fail2ban-name[ \t]' # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags:See jail.conf(5) man page # Values: CMD # actionban = iptables -I fail2ban-name 1 -s ip -j blocktype # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags:See jail.conf(5) man page # Values: CMD # actionunban = iptables -D fail2ban-name -s ip -j blocktype [Init] # Default name of the chain # name = default # Option: port # Notes.: specifies port to monitor # Values: [ NUM | STRING ] Default: # port = ssh # Option: protocol # Notes.: internally used by config reader for interpolations. # Values: [ tcp | udp | icmp | all ] Default: tcp # protocol = tcp # Option: chain # Notesspecifies the iptables chain to which the fail2ban rules should be # added # Values: STRING Default: INPUT chain = INPUT HTH -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?
On Mon, 9 Mar 2015, John Plemons wrote: Been working on fail2ban, and trying to make it work with plain Jane install of Centos 7 Current available epel repo version is fail2ban-0.9.1 Looking at the log file, fail2ban starts and stops fine, there isn't output though showing any login attempts being restricted. Here's the setup I use on CentOS 7 machines: Packages: * fail2ban-firewalld-0.9.1-2.el7.noarch * fail2ban-server-0.9.1-2.el7.noarch * ipset-6.19-4.el7.x86_64 * rsyslog-7.4.7-7.el7_0.x86_64 Basics of jail.local: - % - # /etc/fail2ban/jail.local [DEFAULT] banaction = firewallcmd-ipset [sshd] enabled = true maxretry = 2 [sshd-ddos] enabled = true maxretry = 2 - % - Once it's up and running, sudo ipset list will give you the status of IP addresses associated with each ban rule. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Fail2Ban Centos 7 is there a trick to making it work?
Been working on fail2ban, and trying to make it work with plain Jane install of Centos 7 Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB of disk space. Very generic and vanilla. Current available epel repo version is fail2ban-0.9.1 Looking at the log file, fail2ban starts and stops fine, there isn't output though showing any login attempts being restricted. 2015-03-09 12:54:37,930 fail2ban.server [14805]: INFOStopping all jails 2015-03-09 12:54:37,931 fail2ban.server [14805]: INFOExiting Fail2ban 2015-03-09 12:54:38,338 fail2ban.server [16678]: INFOChanged logging target to /var/log/fail2ban.log for Fail2ban v0.9.1 2015-03-09 12:54:38,341 fail2ban.database [16678]: INFOConnected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' I copied jail.conf and added the edited jail.local to the directory /etc/fail2ban/ This is about as far as I have gotten with searches on how to configure with Centos 7. Any help would be welcome. What am I missing? john ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
