Bug 669966
Summary: | fail2ban can't work with tmp files | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Phil Anderson <pza> | ||||
Component: | fail2ban | Assignee: | Axel Thimm <axel.thimm> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 14 | CC: | ADent123, axel.thimm, dwalsh, igeorgex, jonathan.underwood, marco.guazzone, mgrepl, rosset.filipe | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | fail2ban-0.8.4-27.fc14 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-04-18 04:03:03 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 669965 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Phil Anderson
2011-01-16 09:49:28 UTC
Yes, daemons should not used /tmp. /tmp is for users to store their stuff. But I am interested about AVC messages which you are seeing. Could you attach these AVC msgs. I would like to see "comm=" field. Thank you. Created attachment 473822 [details]
AVC messages caused by dshield action
As produced by the default /etc/fail2ban/action.d/dshield.conf contained in fail2ban-0.8.4-25.fc14.noarch.
Can you change dshield to use /var/run/fail2ban and make sure nothing in fail2ban uses /tmp. Phill, If you execute the following it should fix your problem. # sed -i 's|/tmp|/var/run/fail2ban|g' /etc/fail2ban/action.d/dshield.conf http://danwalsh.livejournal.com/11467.html Yes, I have been running it like that for a few days now without problems. But, in terms of updating the package, I suspect that /var/run isn't the place, rather /var/lib, as some of those files stay between restarts/reboots. But, that's for bug 66965 I guess. /var/lib/fail2ban is fine with me. fail2ban-0.8.4-27.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc14 fail2ban-0.8.4-27.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc13 fail2ban-0.8.4-27.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc15 Package fail2ban-0.8.4-27.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing fail2ban-0.8.4-27.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc15 then log in and leave karma (feedback). fail2ban-0.8.4-27.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. *** Bug 697224 has been marked as a duplicate of this bug. *** fail2ban-0.8.4-27.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. fail2ban-0.8.4-27.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. I think the new fail2ban-0.8.4-27.fc14 version is broken, I can't start the ssh-jail with SELinux enabled. Check https://bugzilla.redhat.com/show_bug.cgi?id=697223 for more informations. I switched back to the version fail2ban-0.8.4-25.fc14, which still works. Under FC15, still have problems. I get the same error messages reported in: https://bugzilla.redhat.com/show_bug.cgi?id=697223 https://bugzilla.redhat.com/show_bug.cgi?id=697224 Thanks! |