selinux killing fail2ban
 

I have fail2ban setup and working fine, as long as selinux is in permissive mode. When is setenfore 1 I get this error and fail2ban does not work.

Jan 17 23:46:14 bighat setroubleshoot: #012 SELinux is preventing the fail2ban-server from using potentially mislabeled files (<Unknown>).#012 For complete SELinux messages. run sealert -l 5350c578-4956-4f27-a498-aada31c2


Any ideas?


With selinux in enforce mode I am unable to even start the fail2ban service.

[root@bighat fail2ban]# service fail2ban restart
Stopping fail2ban: [ OK ]
Starting fail2ban: [ OK ]
[root@bighat fail2ban]# service fail2ban stop
Stopping fail2ban: [ OK ]
[root@bighat fail2ban]# setenforce 1
[root@bighat fail2ban]# service fail2ban start
Starting fail2ban: [FAILED]
[root@bighat fail2ban]#

The AVC message tells you exactly what to run for more information and posting your service start stop information isn't that.
BTW, the fail2ban policy seems to be included in FC7 since march 2007, selinux-policy-2.6.4-66 and up.

This is what I get when I run that command then it hangs, I dont know if this is normal. Can someone help me?

[root@bighat ~]# sealert -l 5350c578-4956-4f27-a498-aada31c2
Traceback (most recent call last):
File "/usr/bin/sealert", line 714, in on_connection_state_change
errno, streeor = connection_state.get_response()
AttributeError: 'ConnectionState' object has no attribute 'get_response'

[2]+ Stopped sealert -l 5350c578-4956-4f27-a498-aada31c2
[root@bighat ~]#

Are the Setroubleshootd and D-BUS services running?

setroubleshoot is running, D-BUS I am not familiar with but I do not see anything listed in my chkconfig or etc/init.d pertaining to d-bus.

Hmm. Then I don't know. Maybe get ona Fedora mailing list with that.
Anything wrt fail2ban in your /var/log/audit/* ?