Bug 997863 - Fail2Ban resets hosts.deny to 0600 permissions on start-up.
Fail2Ban resets hosts.deny to 0600 permissions on start-up.
Product: Fedora
Classification: Fedora
Component: fail2ban (Show other bugs)
noarch Linux
unspecified Severity high
: ---
: ---
Assigned To: Axel Thimm
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-08-16 06:10 EDT by Gary Myers
Modified: 2013-08-27 19:23 EDT (History)
4 users (show)

See Also:
Fixed In Version: fail2ban-0.8.10-2.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-08-27 19:23:51 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Novell 820578 None None None Never

  None (edit)
Description Gary Myers 2013-08-16 06:10:09 EDT
Description of problem:

Fail2Ban resets the permissions of /etc/hosts.deny to 0600 upon start-up. This causes hosts-dependant services to fail (e.g. NIS). The same issue has been identified in OpenSuSE and escalated upstream: https://github.com/fail2ban/fail2ban/issues/266

Version-Release number of selected component (if applicable):


Steps to Reproduce:
1. Each time the daemon is started/re-started.

Actual results:

/etc/hosts.deny reset to 0600 permissions.

Expected results:

/etc/hosts.deny to remain with 0644 permissions.

Additional info:

Please can you follow-up with upstream to pull-in the fix and place RPM in testing?
Comment 1 Fedora Update System 2013-08-16 11:23:24 EDT
fail2ban-0.8.10-2.fc19 has been submitted as an update for Fedora 19.
Comment 2 Fedora Update System 2013-08-16 18:58:10 EDT
Package fail2ban-0.8.10-2.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing fail2ban-0.8.10-2.fc19'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 3 Gary Myers 2013-08-19 05:08:15 EDT
Updated to fail2ban-0.8.10-2.fc19. Initial testing appears OK. Daemon can be started/stopped/re-started without affecting the permissions of /etc/hosts.deny. I will continue to monitor over the next few days.

Unable to leave karma as I am not registered on that site, but thank you for your quick response. It is handy to have a fully functional IDS again.
Comment 4 Fedora Update System 2013-08-27 19:23:51 EDT
fail2ban-0.8.10-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.