Fail2ban and SELinux
max bianco
maximilianbianco at gmail.com
Tue Apr 15 14:39:12 UTC 2008
I recently installed fail2ban on my F8 box. I don't allow remote
access to my box but it had been mentioned recently so I decided to
test it out. I installed it a few days ago but didn't do anything with
it till last night. I had forgotten about it but I was perusing log
files and saw 21 AVC's related it to it. I pulled up my services gui
and sure enough it wasn't running. I tried to start it and got
denied(it wouldn't start from a terminal at all, complaining that the
service is unrecognized). No problem , i expected as much when I saw
the AVC's in my log files but I always try things more than once so I
tried to start it a second time and this time and every time after it
started without generating a denial. Is this because I manually
started the service? That doesn't make sense because then it would
have worked the first time as well but it didn't. I see that there is
a policy module for fail2ban but if the module is in place then
shouldn't it have run without issues? Why 21 AVC's and then its
working? I am learning my way around SELinux but I don't feel
comfortable enough to troubleshoot this problem correctly, so where do
I start?
Max
More information about the fedora-selinux-list
mailing list