Bug 1350894
Summary: | SELinux prevents fail2ban-server from sending signal to postdrop process | |||
---|---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Brian J. Murrell <brian> | |
Component: | fail2ban | Assignee: | Richard Shaw <hobbes1069> | |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | low | Docs Contact: | ||
Priority: | low | |||
Version: | epel7 | CC: | athmanem, brian, hobbes1069, lvrabec, mmalik, orion, plautrba, pvrabec, ssekidde, vonsch | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1435449 (view as bug list) | Environment: | ||
Last Closed: | 2020-04-22 20:51:55 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1393066, 1435449 |
Description
Brian J. Murrell
2016-06-28 15:42:59 UTC
Looks like this is a duplicate of 1377115. I wonder why abrt didn't find that. In any case this or the other should be closed as DUPLICATE. *** Bug 1377115 has been marked as a duplicate of this bug. *** This bugzilla was triaged as "WONTFIX" by the SELinux team, due to third-party software component which can be fixed by component maintainer. To take advantage of Mandatory Access Control mechanism provided by SELinux, you (component maintainer) can ship custom SELinux policy as a subpackage of the affected component. As a starting point you can use policy provided by selinux-policy package. For more details about the custom product policy, please follow the https://fedoraproject.org/wiki/SELinux/IndependentPolicy guideline. I'd like to know what fail2ban is trying to do here. Near as I can tell/guess this would be because a command executed by fail2ban timed out. In this case fail2ban.log should show something like: <command> -- timed out after 60 seconds <command> -- unable to kill PID <NN> Do you see these messages? Yes, I see such messages: 2017-08-01 08:36:34,002 fail2ban.action [3111]: ERROR printf %b "Subject: [Fail2Ban] XXX: banned x.x.x.x Date: `date -u +"%a, %d %h %Y %T +0000"` From: Fail2Ban <root> To: root\n Hi,\n The IP x.x.x.x has just been banned by Fail2Ban after 3 attempts against XXX.\n\n Lines containing IP:x.x.x.x. in /var/log/messages\n `/bin/grep '\<x.x.x.x.\>' /var/log/messages`\n\n Here are more information about x.x.x.x:\n `/usr/bin/whois x.x.x.x 2>&1`\n\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f root root -- unable to kill PID 11154 I don't know of any reason why that command should take anywhere near 60 seconds to execute though: # time bash -c 'echo test | /usr/sbin/sendmail -f root root' real 0m0.112s user 0m0.013s sys 0m0.027s And the e-mail that that error message said timed out after 60 seconds was actually successfully delivered and took only 17 seconds (16 seconds in spam checking) from first contact to postfix to being removed from the delivery queue after being delivered. Well, for one thing - you certainly don't want to be sending mail from 'root'. Be sure to set "sender" as desired. But this doesn't seem likely the cause. Does the email contain the output of the grep and whois commands? (In reply to Orion Poplawski from comment #9) > Well, for one thing - you certainly don't want to be sending mail from > 'root'. Of course not. Clearly that was simply a change of the real address when being pasted to a public forum like this BZ so that the actual address would not be scraped and spammed. > But this doesn't > seem likely the cause. No, not at all. > Does the email contain the output of the grep and > whois commands? Yes. But even in the largest e-mail matching the error from the fail2ban.log, the e-mail was only 23KB big. I have recently taken maintainership of the fail2ban package and created a COPR for EPEL 7 & 8 of the latest version. I could use some feedback. https://copr.fedorainfracloud.org/coprs/hobbes1069/fail2ban/ Is this problem still present in 0.11.1? It's been a month without response so I'm closing this bug. Please reopen if needed. |