Bug 997863

Summary: Fail2Ban resets hosts.deny to 0600 permissions on start-up.
Product: [Fedora] Fedora Reporter: Gary Myers <gary>
Component: fail2banAssignee: Axel Thimm <axel.thimm>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 19CC: axel.thimm, jonathan.underwood, orion, toby
Target Milestone: ---   
Target Release: ---   
Hardware: noarch   
OS: Linux   
Whiteboard:
Fixed In Version: fail2ban-0.8.10-2.fc19 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-27 23:23:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gary Myers 2013-08-16 10:10:09 UTC 
Description of problem:

Fail2Ban resets the permissions of /etc/hosts.deny to 0600 upon start-up. This causes hosts-dependant services to fail (e.g. NIS). The same issue has been identified in OpenSuSE and escalated upstream: https://github.com/fail2ban/fail2ban/issues/266

Version-Release number of selected component (if applicable):

fail2ban-0.8.10-1.fc19.noarch


Steps to Reproduce:
1. Each time the daemon is started/re-started.

Actual results:

/etc/hosts.deny reset to 0600 permissions.


Expected results:

/etc/hosts.deny to remain with 0644 permissions.


Additional info:

Please can you follow-up with upstream to pull-in the fix and place RPM in testing?
Comment 1 Fedora Update System 2013-08-16 15:23:24 UTC 
fail2ban-0.8.10-2.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/fail2ban-0.8.10-2.fc19
Comment 2 Fedora Update System 2013-08-16 22:58:10 UTC 
Package fail2ban-0.8.10-2.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing fail2ban-0.8.10-2.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-14868/fail2ban-0.8.10-2.fc19
then log in and leave karma (feedback).
Comment 3 Gary Myers 2013-08-19 09:08:15 UTC 
Updated to fail2ban-0.8.10-2.fc19. Initial testing appears OK. Daemon can be started/stopped/re-started without affecting the permissions of /etc/hosts.deny. I will continue to monitor over the next few days.

Unable to leave karma as I am not registered on that site, but thank you for your quick response. It is handy to have a fully functional IDS again.
Comment 4 Fedora Update System 2013-08-27 23:23:51 UTC 
fail2ban-0.8.10-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.