Description of problem: Mar 27 08:37:25 ls2ka setroubleshoot: SELinux is preventing fail2ban-server (fail2ban_t) "sys_tty_config" fail2ban_t. For complete SELinux messages. run sealert -l e6717705-78b2-4901-8686-d78eb1881e0b Mar 27 08:37:26 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 8741e92a-0c30-44fe-a1b8-af7469cba176 Mar 28 04:49:52 ls2ka setroubleshoot: SELinux is preventing fail2ban-client (logrotate_t) "write" to fail2ban.sock (fail2ban_var_run_t). For complete SELinux messages. run sealert -l f4b549dc-29b7-4718-849c-4b3f044101d4 Mar 28 04:49:53 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 8741e92a-0c30-44fe-a1b8-af7469cba176 Mar 28 04:49:56 ls2ka setroubleshoot: SELinux is preventing fail2ban-client (logrotate_t) "write" to fail2ban.sock (fail2ban_var_run_t). For complete SELinux messages. run sealert -l f4b549dc-29b7-4718-849c-4b3f044101d4 Summary: SELinux is preventing fail2ban-server (fail2ban_t) "sys_tty_config" fail2ban_t. Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by fail2ban-server. It is not expected that this access is required by fail2ban-server and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:fail2ban_t:s0 Target Context system_u:system_r:fail2ban_t:s0 Target Objects None [ capability ] Source fail2ban-server Source Path /usr/bin/python Port <Unknown> Host ls2ka.elton-intra.net Source RPM Packages python-2.5.2-1.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-49.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall Host Name ls2ka.elton-intra.net Platform Linux ls2ka.elton-intra.net 2.6.27.19-170.2.35.fc10.i686 #1 SMP Mon Feb 23 13:21:22 EST 2009 i686 i686 Alert Count 1 First Seen Fri Mar 27 08:37:25 2009 Last Seen Fri Mar 27 08:37:25 2009 Local ID e6717705-78b2-4901-8686-d78eb1881e0b Line Numbers Raw Audit Messages node=ls2ka.elton-intra.net type=AVC msg=audit(1238139445.397:28): avc: denied { sys_tty_config } for pid=2805 comm="fail2ban-server" capability=26 scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=capability node=ls2ka.elton-intra.net type=SYSCALL msg=audit(1238139445.397:28): arch=40000003 syscall=54 success=yes exit=0 a0=0 a1=5401 a2=bff2c5f8 a3=bff2c638 items=0 ppid=2804 pid=2805 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python" subj=system_u:system_r:fail2ban_t:s0 key=(null) Summary: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by sendmail. It is not expected that this access is required by sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:system_mail_t:s0 Target Context system_u:system_r:fail2ban_t:s0 Target Objects socket [ unix_stream_socket ] Source sendmail Source Path /usr/sbin/sendmail.sendmail Port <Unknown> Host ls2ka.elton-intra.net Source RPM Packages sendmail-8.14.3-3.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-53.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall Host Name ls2ka.elton-intra.net Platform Linux ls2ka.elton-intra.net 2.6.27.19-170.2.35.fc10.i686 #1 SMP Mon Feb 23 13:21:22 EST 2009 i686 i686 Alert Count 2 First Seen Fri Mar 27 08:37:25 2009 Last Seen Sat Mar 28 04:49:52 2009 Local ID 8741e92a-0c30-44fe-a1b8-af7469cba176 Line Numbers Raw Audit Messages node=ls2ka.elton-intra.net type=AVC msg=audit(1238212192.868:2842): avc: denied { read write } for pid=16660 comm="sendmail" path="socket:[10060]" dev=sockfs ino=10060 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket node=ls2ka.elton-intra.net type=AVC msg=audit(1238212192.868:2842): avc: denied { read write } for pid=16660 comm="sendmail" path="socket:[319709]" dev=sockfs ino=319709 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:system_r:fail2ban_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=ls2ka.elton-intra.net type=SYSCALL msg=audit(1238212192.868:2842): arch=40000003 syscall=11 success=yes exit=0 a0=86c9348 a1=86c9430 a2=86c8468 a3=0 items=0 ppid=16658 pid=16660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:system_mail_t:s0 key=(null) Summary: SELinux is preventing fail2ban-client (logrotate_t) "write" to fail2ban.sock (fail2ban_var_run_t). Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by fail2ban-client. It is not expected that this access is required by fail2ban-client and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for fail2ban.sock, restorecon -v 'fail2ban.sock' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:logrotate_t:s0-s0:c0.c1023 Target Context system_u:object_r:fail2ban_var_run_t:s0 Target Objects fail2ban.sock [ sock_file ] Source fail2ban-client Source Path /usr/bin/python Port <Unknown> Host ls2ka.elton-intra.net Source RPM Packages python-2.5.2-1.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-53.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall_file Host Name ls2ka.elton-intra.net Platform Linux ls2ka.elton-intra.net 2.6.27.19-170.2.35.fc10.i686 #1 SMP Mon Feb 23 13:21:22 EST 2009 i686 i686 Alert Count 2 First Seen Sat Mar 28 04:49:51 2009 Last Seen Sat Mar 28 04:49:56 2009 Local ID f4b549dc-29b7-4718-849c-4b3f044101d4 Line Numbers Raw Audit Messages node=ls2ka.elton-intra.net type=AVC msg=audit(1238212196.33:2843): avc: denied { write } for pid=16656 comm="fail2ban-client" name="fail2ban.sock" dev=sda2 ino=1310776 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fail2ban_var_run_t:s0 tclass=sock_file node=ls2ka.elton-intra.net type=SYSCALL msg=audit(1238212196.33:2843): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfcc0150 a2=4fb118 a3=b7fcb318 items=0 ppid=16655 pid=16656 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=32 comm="fail2ban-client" exe="/usr/bin/python" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
Dan, I suggest to add this interface: ####################################### ## <summary> ## Connect to fail2ban over a unix domain ## stream socket. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`fail2ban_stream_connect',` gen_require(` type fail2ban_var_run_t, fail2ban_t; ') allow $1 fail2ban_t:unix_stream_socket connectto; allow $1 fail2ban_var_run_t:sock_file { getattr write }; files_search_pids($1) ') and add to logrotate.te optional_policy(` fail2ban_stream_connect(logrotate_t) ')
Well the real problem here is fail2ban leaking file descriptors. Other then the sys_tty_config This is entirely a fail2ban bug. fail2ban is leaking file descriptors to fail2ban-client and should close them on exec fcntl(fd, F_SETFD, FD_CLOEXEC)
In /etc/fail2ban/jail.conf [vsftpd-tcpwrapper] enabled = true filter = vsftpd action = hostsdeny[file=/etc/hosts.ftpdeny] sendmail-whois[name=VSFTPD, dest=root@localhost] logpath = /var/log/secure maxretry = 5 bantime = 1800 In /etc/fail2ban/action.d/hostsdeny.conf # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: <ip> IP address # <failures> number of failures # <time> unix timestamp of the ban time # Values: CMD # #actionban = IP=<ip> && # printf %%b "ALL: $IP\n" >> <file> actionban = IP=<ip> && printf %%b "$IP\n" >> <file> # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: <ip> IP address # <failures> number of failures # <time> unix timestamp of the ban time # Values: CMD # #actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file> actionunban = IP=<ip> && sed -i.old /$IP/d <file> In /etc/hosts/deny # block possibly spoofed requests to VSFTPD vsftpd: PARANOID : deny vsftpd: /etc/hosts.ftpdeny In /var/log/messages I get: Apr 7 10:03:56 ls2ka setroubleshoot: SELinux is preventing sh (fail2ban_t) "append" to ./hosts.ftpdeny (etc_t). For complete SELinux messages. run sealert -l dc6dcdf1-5152-4460-897c-734e4f606318 Apr 7 10:03:57 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 8741e92a-0c30-44fe-a1b8-af7469cba176 Apr 7 10:33:57 ls2ka setroubleshoot: SELinux is preventing sed (fail2ban_t) "write" to ./etc (etc_t). For complete SELinux messages. run sealert -l 1b43d4cc-e077-4dad-8b86-f2b982957140 Apr 7 10:33:57 ls2ka setroubleshoot: SELinux is preventing sed (fail2ban_t) "setattr" to ./sedDetYP8 (etc_t). For complete SELinux messages. run sealert -l a5e87e02-d89b-4175-88e7-5f742d2f376b Apr 7 10:33:58 ls2ka setroubleshoot: SELinux is preventing sed (fail2ban_t) "remove_name" to ./hosts.ftpdeny (etc_t). For complete SELinux messages. run sealert -l a9d671a7-a19c-4a4c-b8d5-074b32821a05 Apr 7 23:03:23 ls2ka setroubleshoot: SELinux is preventing sh (fail2ban_t) "append" to ./hosts.ftpdeny (etc_t). For complete SELinux messages. run sealert -l dc6dcdf1-5152-4460-897c-734e4f606318 Apr 7 23:03:23 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 8741e92a-0c30-44fe-a1b8-af7469cba176 Apr 7 23:33:24 ls2ka setroubleshoot: SELinux is preventing sed (fail2ban_t) "write" to ./etc (etc_t). For complete SELinux messages. run sealert -l 1b43d4cc-e077-4dad-8b86-f2b982957140 Apr 7 23:33:24 ls2ka setroubleshoot: SELinux is preventing sed (fail2ban_t) "setattr" to ./sedpZONo4 (etc_t). For complete SELinux messages. run sealert -l abcdb214-71c5-465e-98eb-7c9ae01ab7be Apr 7 23:33:24 ls2ka setroubleshoot: SELinux is preventing sed (fail2ban_t) "remove_name" to ./hosts.ftpdeny (etc_t). For complete SELinux messages. run sealert -l a9d671a7-a19c-4a4c-b8d5-074b32821a05
Well you could add rules to allow this but it would also allow fail2ban to take over the machine, since it would rwrite /etc/passwd. A better solution would be to put your deny files in /etc/fail2ban or /var/lib/fail2ban and then setup tcpwrappers to read from output from theose directories. We could easily add a context to allow fail2ban to write.
Adapted jail.conf: [sendmail-tcpwrapper] enabled = true filter = sendmail action = hostsdeny[file=/var/lib/fail2ban/hosts.sendmail.deny] sendmail[name=Sendmail, dest=e.lania] logpath = /var/log/maillog bantime = 300 [vsftpd-tcpwrapper] enabled = true filter = vsftpd action = hostsdeny[file=/var/lib/fail2ban/hosts.vsftpd.deny] sendmail-whois[name=VSFTPD, dest=e.lania] logpath = /var/log/secure maxretry = 5 bantime = 1800 And /etc/hosts.deny: sendmail: /var/lib/fail2ban/hosts.sendmail.deny # block possibly spoofed requests to VSFTPD vsftpd: PARANOID : deny vsftpd: /var/lib/fail2ban/hosts.vsftpd.deny I think this means, according to my logs below, that adaptations will have to be made to selinux-policy for both sendmail and fail2ban: Apr 12 14:57:51 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "read" to ./hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l 134d5cc3-ca1a-4233-99ac-c05b51bcc4fc Apr 12 14:57:51 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "getattr" to /var/lib/fail2ban/hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l df261f12-5e4e-4d02-95a6-207fd828f92e Apr 12 15:02:06 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "read" to ./hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l 134d5cc3-ca1a-4233-99ac-c05b51bcc4fc Apr 12 15:02:06 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "getattr" to /var/lib/fail2ban/hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l df261f12-5e4e-4d02-95a6-207fd828f92e Apr 12 15:09:04 ls2ka setroubleshoot: SELinux is preventing sh (fail2ban_t) "append" to ./hosts.vsftpd.deny (var_lib_t). For complete SELinux messages. run sealert -l a5842b6a-e02e-494e-9589-ab1bced960b4 Apr 12 15:09:04 ls2ka setroubleshoot: SELinux is preventing sh (fail2ban_t) "getattr" to /var/lib/fail2ban/hosts.vsftpd.deny (var_lib_t). For complete SELinux messages. run sealert -l cb141723-037a-4ddb-9c05-909383833b1c Apr 12 15:09:05 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 4f17ec12-9251-41c7-9016-9afaf69ce49a Is this correct?
Miroslav could you add type fail2ban_var_lib_t; files_type(fail2ban_var_lib_t) manage_dirs_pattern(fail2ban_t, fail2ban_var_lib_t, fail2ban_var_lib_t) manage_files_pattern(fail2ban_t, fail2ban_var_lib_t, fail2ban_var_lib_t) files_var_lib_filetrans(fail2ban_t, fail2ban_var_lib_t, { dir file }) to fail2ban.te ######################################## ## <summary> ## Read fail2ban lib files. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`fail2ban_read_lib_files',` gen_require(` type fail2ban_var_lib_t; ') files_search_pids($1) allow $1 fail2ban_var_lib_t:file read_file_perms; ') to fail2ban.if /var/lib/fail2ban(/.*)? gen_context(system_u:object_r:fail2ban_var_lib_t,s0) to fail2ban.fc optional_policy(` fail2ban_read_lib_files(sendmail_t) ') to sendmail.te optional_policy(` fail2ban_read_lib_files(daemon) ') To init.te
Added to selinux-policy-3.5.13-56.fc10
Not working: [root@ls2ka ~]# rpm -q selinux-policy-targeted selinux-policy-targeted-3.5.13-57.fc10.noarch [root@ls2ka ~]# grep SELinux /var/log/messages | grep sendmail Apr 23 13:50:23 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 8741e92a-0c30-44fe-a1b8-af7469cba176 Apr 23 13:50:24 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "read" to ./hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l 134d5cc3-ca1a-4233-99ac-c05b51bcc4fc Apr 23 13:50:24 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "getattr" to /var/lib/fail2ban/hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l df261f12-5e4e-4d02-95a6-207fd828f92e Apr 23 13:51:15 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "read" to ./hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l 134d5cc3-ca1a-4233-99ac-c05b51bcc4fc Apr 23 13:51:15 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "getattr" to /var/lib/fail2ban/hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l df261f12-5e4e-4d02-95a6-207fd828f92e Apr 23 13:55:56 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "read" to ./hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l 134d5cc3-ca1a-4233-99ac-c05b51bcc4fc Apr 23 13:55:56 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "getattr" to /var/lib/fail2ban/hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l df261f12-5e4e-4d02-95a6-207fd828f92e Apr 23 13:57:20 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "read" to ./hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l 134d5cc3-ca1a-4233-99ac-c05b51bcc4fc Apr 23 13:57:20 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "getattr" to /var/lib/fail2ban/hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l df261f12-5e4e-4d02-95a6-207fd828f92e Apr 23 14:05:17 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "read" to ./hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l 134d5cc3-ca1a-4233-99ac-c05b51bcc4fc Apr 23 14:05:18 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "getattr" to /var/lib/fail2ban/hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l df261f12-5e4e-4d02-95a6-207fd828f92e Apr 23 14:10:07 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "read" to ./hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l 134d5cc3-ca1a-4233-99ac-c05b51bcc4fc Apr 23 14:10:08 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "getattr" to /var/lib/fail2ban/hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l df261f12-5e4e-4d02-95a6-207fd828f92e Apr 23 14:36:21 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "read" to ./hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l 134d5cc3-ca1a-4233-99ac-c05b51bcc4fc Apr 23 14:36:21 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "getattr" to /var/lib/fail2ban/hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l df261f12-5e4e-4d02-95a6-207fd828f92e Apr 23 14:40:22 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "read" to ./hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l 134d5cc3-ca1a-4233-99ac-c05b51bcc4fc Apr 23 14:40:22 ls2ka setroubleshoot: SELinux is preventing sendmail (sendmail_t) "getattr" to /var/lib/fail2ban/hosts.sendmail.deny (var_lib_t). For complete SELinux messages. run sealert -l df261f12-5e4e-4d02-95a6-207fd828f92e Apr 23 19:27:51 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 8741e92a-0c30-44fe-a1b8-af7469cba176
Please try to reinstall selinux-policy # yum reinstall selinux-policy-targeted --enablerepo=updates-testing
/var/lib/fail2ban is mislabeled. restorecon -R -v /var/lib/fail2ban
NOT SOLVED grep SELinux /var/log/messages |grep fail2ban May 12 01:19:22 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 8741e92a-0c30-44fe-a1b8-af7469cba176 May 12 15:44:24 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 8741e92a-0c30-44fe-a1b8-af7469cba176
This is a leaked file descriptor from fail2ban. Please make sure you have the latest fail2ban software.
I use the latest versions: rpm -q selinux-policy-targeted selinux-policy-targeted-3.5.13-59.fc10.noarch rpm -q fail2ban fail2ban-0.8.3-18.fc10.noarch May 24 05:56:15 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 87146a78-be46-48ed-8b6f-21e72d8a3469 May 25 08:34:55 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 87146a78-be46-48ed-8b6f-21e72d8a3469 May 25 18:55:25 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 87146a78-be46-48ed-8b6f-21e72d8a3469 May 26 08:08:43 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 87146a78-be46-48ed-8b6f-21e72d8a3469 May 26 13:25:36 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 87146a78-be46-48ed-8b6f-21e72d8a3469 May 26 14:31:26 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 87146a78-be46-48ed-8b6f-21e72d8a3469 May 26 14:33:41 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 8741e92a-0c30-44fe-a1b8-af7469cba176 May 27 07:55:50 ls2ka setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read write" fail2ban_t. For complete SELinux messages. run sealert -l 8741e92a-0c30-44fe-a1b8-af7469cba176 Should I open a nwe bug for it for fail2ban? Regards, Eddie.
I migrated this server to fedora 11 and here the problem is present also. fail2ban-0.8.3-19.fc11.noarch I will open a bug for it for fail2ban.
See bug 518752 (In reply to comment #14) > I migrated this server to fedora 11 and here the problem is present also. > > fail2ban-0.8.3-19.fc11.noarch > > I will open a bug for it for fail2ban.
*** This bug has been marked as a duplicate of bug 518752 ***