Help -- can't SSH into my box

[Veli-Pekka Kestilä]

John Aldrich wrote:
> On Tuesday 06 January 2009, Stuart Sears wrote:
>   
>> Not wishing :) to open a massive can of worms (even though this probably
>> will) but why do you hate it so much?
>>     
> I installed fail2ban and SELinux immediately threw up massive errors. I 
> coudl understand that much better if it were some 3rd-party app, but 
> something out of the default Fedora repos should be able to run w/o 
> generating complaints from a security system. Fail2ban, especially, should 
> be allowed to run w/o issue, due to the very nature of it.
>
>   
You have something strange in your setup if it throws lot of errors with 
fail2ban as I just recently installed it in F10 when I needed 
alternative to whitelisting just some ip-addresses. And it haven't given 
any errors. Actually in F10 i haven't had any selinux alerts yet. Of 
course I don't use it as desktop and there isn't currently users home 
directories (or part of them) shared trough httpd or samba. But it has 
just plain worked this far. I was suprised that even cyrus imapd worked 
out of the box without any problems and it's maybe less used that 
dovecot. Maybe you tried it with some early policy version which has 
been updated and now just works.

Anyway what I have worked with selinux on some customer installations 
it's not very hard to get it configured to work just the way you want if 
you just take littlebit time to understand it and how the rule system 
works. Of course I was first littlebit hesitant with it and usually 
disabled it, but that usually comes with the mindset of being system 
administrator (All change is for bad :).

Also if there is plain errors with it on basic configurations I think it 
would be worthwhile to file bugs on them so that they will get fixed.

Of course I didn't try to fix fail2ban to work with anything else than 
ssh as it's enough for me for now. So it could have problems with httpd 
or mailclient filtering enabled.

Veli-Pekka