Hide Forgot
Description of problem: https://github.com/fail2ban/fail2ban/issues/2647 When manually adding an IP to a jail, it does not get persisted to the sqlite DB Version-Release number of selected component (if applicable): 0.10.5 How reproducible: 100% Steps to Reproduce: 1. Assuming a jail called sshd 2. fail2ban-client set sshd banip 8.8.8.8 3. systemctl restart fail2ban 4. fail2ban-client status sshd Actual results: Banned ip is removed after restaring the service Expected results: Banned IP gets persisted and restored when the service is restarted Additional info: This only affects 0.10.5 release and there's a fix (https://github.com/fail2ban/fail2ban/commit/15158e4474593aff797222fb0984658b59d5d31f) in the currently unreleased 0.10 branch. Updating fail2ban to 0.11 would also fix this problem however
I've been considering building the latest fail2ban for EL 7 but I have no idea what problems it could cause with configuration changes. I can try to build test packages, but I'm having some issues with tests failing. Let me see if I can figure out what's going on.
Taken from the 0.11 changelog: ### Compatibility: * to v.0.10: - 0.11 is totally compatible to 0.10 (configuration- and API-related stuff), but the database got some new tables and fields (auto-converted during the first start), so once updated to 0.11, you have to remove the database /var/lib/fail2ban/fail2ban.sqlite3 (or its different to 0.10 schema) if you would need to downgrade to 0.10 for some reason. I am also happy to test the 0.11 build in my set-up if I can download an RPM of it before hand. Obviously this is no guarantee that upgrading won't break something but it sounds reasonably safe to me
FEDORA-EPEL-2020-ed5493877c has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed5493877c
Let me know if this update fixes it. I have auto-karma turned off so it doesn't auto push to stable.
So the RPM I downloaded from Koji did not work as there were some misses in the requirements. Specifically it Requires python2-systemd which I think should be systemd-python and it BuildRequires python2-devel which I think should be python-devel (far less sure about that last one) When I rebuilt the RPM locally with those changes, it did resolve the original problem however
Oh also worth noting that it upgraded fine with the existing config, but should mention that I only used the fail2ban-server RPM and none of the other subpackage
Bah.. Yeah the situation in EPEL is very different from Fedora. python2-systemd is bad, but python-devel has a provide for python2-devel so it isn't a problem.
I updated the package and Bodhi update, but it didn't seem to post a new link here. Please test it and let me know.
I'm sorry. You changed the Requires to python-systemd but the Centos7 package is systemd-python
That'll teach me.. I figure, simple fix, no need to test...
The update is locked so I can't change it until the .1 build gets pushed to testing but here's the new (and install tested) build: https://koji.fedoraproject.org/koji/taskinfo?taskID=48112864
FEDORA-EPEL-2020-ed5493877c has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed5493877c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
I can confirm that the latest build installs cleanly and resolves the original problem. I have only tested the fail2ban-server RPM
FEDORA-EPEL-2020-ed5493877c has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report.