Bug 1850816 - Manual entries are not persistant
Summary: Manual entries are not persistant
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: fail2ban
Version: epel7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Richard Shaw
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-06-24 23:55 UTC by Nicolai Moore
Modified: 2020-08-01 01:46 UTC (History)
5 users (show)

Fixed In Version: fail2ban-0.11.1-9.el7.2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-08-01 01:46:43 UTC
Type: Bug


Attachments (Terms of Use)

Description Nicolai Moore 2020-06-24 23:55:23 UTC
Description of problem:
https://github.com/fail2ban/fail2ban/issues/2647

When manually adding an IP to a jail, it does not get persisted to the sqlite DB

Version-Release number of selected component (if applicable):
0.10.5

How reproducible:
100%

Steps to Reproduce:
1. Assuming a jail called sshd
2. fail2ban-client set sshd banip 8.8.8.8
3. systemctl restart fail2ban
4. fail2ban-client status sshd

Actual results:
Banned ip is removed after restaring the service

Expected results:
Banned IP gets persisted and restored when the service is restarted

Additional info:
This only affects 0.10.5 release and there's a fix (https://github.com/fail2ban/fail2ban/commit/15158e4474593aff797222fb0984658b59d5d31f) in the currently unreleased 0.10 branch.  Updating fail2ban to 0.11 would also fix this problem however

Comment 1 Richard Shaw 2020-06-25 00:54:27 UTC
I've been considering building the latest fail2ban for EL 7 but I have no idea what problems it could cause with configuration changes. 

I can try to build test packages, but I'm having some issues with tests failing. Let me see if I can figure out what's going on.

Comment 2 Nicolai Moore 2020-06-25 01:13:07 UTC
Taken from the 0.11 changelog:

### Compatibility:
* to v.0.10:
  - 0.11 is totally compatible to 0.10 (configuration- and API-related stuff), but the database
    got some new tables and fields (auto-converted during the first start), so once updated to 0.11, you
    have to remove the database /var/lib/fail2ban/fail2ban.sqlite3 (or its different to 0.10 schema)
    if you would need to downgrade to 0.10 for some reason.

I am also happy to test the 0.11 build in my set-up if I can download an RPM of it before hand. 

Obviously this is no guarantee that upgrading won't break something but it sounds reasonably safe to me

Comment 3 Fedora Update System 2020-07-27 17:52:18 UTC
FEDORA-EPEL-2020-ed5493877c has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed5493877c

Comment 4 Richard Shaw 2020-07-27 17:54:11 UTC
Let me know if this update fixes it. I have auto-karma turned off so it doesn't auto push to stable.

Comment 5 Nicolai Moore 2020-07-27 22:43:29 UTC
So the RPM I downloaded from Koji did not work as there were some misses in the requirements.
Specifically it Requires python2-systemd which I think should be systemd-python and it BuildRequires python2-devel which I think should be python-devel (far less sure about that last one)

When I rebuilt the RPM locally with those changes, it did resolve the original problem however

Comment 6 Nicolai Moore 2020-07-27 22:44:51 UTC
Oh also worth noting that it upgraded fine with the existing config, but should mention that I only used the fail2ban-server RPM and none of the other subpackage

Comment 7 Richard Shaw 2020-07-28 01:42:35 UTC
Bah.. Yeah the situation in EPEL is very different from Fedora. python2-systemd is bad, but python-devel has a provide for python2-devel so it isn't a problem.

Comment 8 Richard Shaw 2020-07-28 11:49:27 UTC
I updated the package and Bodhi update, but it didn't seem to post a new link here. Please test it and let me know.

Comment 9 Nicolai Moore 2020-07-28 21:45:21 UTC
I'm sorry. You changed the Requires to python-systemd but the Centos7 package is systemd-python

Comment 10 Richard Shaw 2020-07-29 01:50:59 UTC
That'll teach me.. I figure, simple fix, no need to test...

Comment 11 Richard Shaw 2020-07-29 12:57:16 UTC
The update is locked so I can't change it until the .1 build gets pushed to testing but here's the new (and install tested) build:

https://koji.fedoraproject.org/koji/taskinfo?taskID=48112864

Comment 12 Fedora Update System 2020-07-29 14:33:19 UTC
FEDORA-EPEL-2020-ed5493877c has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed5493877c

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Fedora Update System 2020-07-29 15:36:00 UTC
FEDORA-EPEL-2020-ed5493877c has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed5493877c

Comment 14 Nicolai Moore 2020-07-29 22:43:47 UTC
I can confirm that the latest build installs cleanly and resolves the original problem. I have only tested the fail2ban-server RPM

Comment 15 Fedora Update System 2020-07-30 19:15:48 UTC
FEDORA-EPEL-2020-ed5493877c has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed5493877c

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 16 Fedora Update System 2020-08-01 01:46:43 UTC
FEDORA-EPEL-2020-ed5493877c has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.