Bug 1850816

Summary: Manual entries are not persistant
Product: [Fedora] Fedora EPEL Reporter: Nicolai Moore <niconorsk>
Component: fail2banAssignee: Richard Shaw <hobbes1069>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: anon.amish, Axel.Thimm, hobbes1069, orion, vonsch
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: fail2ban-0.11.1-9.el7.2 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-01 01:46:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nicolai Moore 2020-06-24 23:55:23 UTC 
Description of problem:
https://github.com/fail2ban/fail2ban/issues/2647

When manually adding an IP to a jail, it does not get persisted to the sqlite DB

Version-Release number of selected component (if applicable):
0.10.5

How reproducible:
100%

Steps to Reproduce:
1. Assuming a jail called sshd
2. fail2ban-client set sshd banip 8.8.8.8
3. systemctl restart fail2ban
4. fail2ban-client status sshd

Actual results:
Banned ip is removed after restaring the service

Expected results:
Banned IP gets persisted and restored when the service is restarted

Additional info:
This only affects 0.10.5 release and there's a fix (https://github.com/fail2ban/fail2ban/commit/15158e4474593aff797222fb0984658b59d5d31f) in the currently unreleased 0.10 branch.  Updating fail2ban to 0.11 would also fix this problem however
Comment 1 Richard Shaw 2020-06-25 00:54:27 UTC 
I've been considering building the latest fail2ban for EL 7 but I have no idea what problems it could cause with configuration changes. 

I can try to build test packages, but I'm having some issues with tests failing. Let me see if I can figure out what's going on.
Comment 2 Nicolai Moore 2020-06-25 01:13:07 UTC 
Taken from the 0.11 changelog:

### Compatibility:
* to v.0.10:
  - 0.11 is totally compatible to 0.10 (configuration- and API-related stuff), but the database
    got some new tables and fields (auto-converted during the first start), so once updated to 0.11, you
    have to remove the database /var/lib/fail2ban/fail2ban.sqlite3 (or its different to 0.10 schema)
    if you would need to downgrade to 0.10 for some reason.

I am also happy to test the 0.11 build in my set-up if I can download an RPM of it before hand. 

Obviously this is no guarantee that upgrading won't break something but it sounds reasonably safe to me
Comment 3 Fedora Update System 2020-07-27 17:52:18 UTC 
FEDORA-EPEL-2020-ed5493877c has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed5493877c
Comment 4 Richard Shaw 2020-07-27 17:54:11 UTC 
Let me know if this update fixes it. I have auto-karma turned off so it doesn't auto push to stable.
Comment 5 Nicolai Moore 2020-07-27 22:43:29 UTC 
So the RPM I downloaded from Koji did not work as there were some misses in the requirements.
Specifically it Requires python2-systemd which I think should be systemd-python and it BuildRequires python2-devel which I think should be python-devel (far less sure about that last one)

When I rebuilt the RPM locally with those changes, it did resolve the original problem however
Comment 6 Nicolai Moore 2020-07-27 22:44:51 UTC 
Oh also worth noting that it upgraded fine with the existing config, but should mention that I only used the fail2ban-server RPM and none of the other subpackage
Comment 7 Richard Shaw 2020-07-28 01:42:35 UTC 
Bah.. Yeah the situation in EPEL is very different from Fedora. python2-systemd is bad, but python-devel has a provide for python2-devel so it isn't a problem.
Comment 8 Richard Shaw 2020-07-28 11:49:27 UTC 
I updated the package and Bodhi update, but it didn't seem to post a new link here. Please test it and let me know.
Comment 9 Nicolai Moore 2020-07-28 21:45:21 UTC 
I'm sorry. You changed the Requires to python-systemd but the Centos7 package is systemd-python
Comment 10 Richard Shaw 2020-07-29 01:50:59 UTC 
That'll teach me.. I figure, simple fix, no need to test...
Comment 11 Richard Shaw 2020-07-29 12:57:16 UTC 
The update is locked so I can't change it until the .1 build gets pushed to testing but here's the new (and install tested) build:

https://koji.fedoraproject.org/koji/taskinfo?taskID=48112864
Comment 12 Fedora Update System 2020-07-29 14:33:19 UTC 
FEDORA-EPEL-2020-ed5493877c has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed5493877c

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 13 Fedora Update System 2020-07-29 15:36:00 UTC 
FEDORA-EPEL-2020-ed5493877c has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed5493877c
Comment 14 Nicolai Moore 2020-07-29 22:43:47 UTC 
I can confirm that the latest build installs cleanly and resolves the original problem. I have only tested the fail2ban-server RPM
Comment 15 Fedora Update System 2020-07-30 19:15:48 UTC 
FEDORA-EPEL-2020-ed5493877c has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed5493877c

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 16 Fedora Update System 2020-08-01 01:46:43 UTC 
FEDORA-EPEL-2020-ed5493877c has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.