selinux killing fail2ban
I have fail2ban setup and working fine, as long as selinux is in permissive mode. When is setenfore 1 I get this error and fail2ban does not work.
Jan 17 23:46:14 bighat setroubleshoot: #012 SELinux is preventing the fail2ban-server from using potentially mislabeled files (<Unknown>).#012 For complete SELinux messages. run sealert -l 5350c578-4956-4f27-a498-aada31c2 Any ideas? With selinux in enforce mode I am unable to even start the fail2ban service. [root@bighat fail2ban]# service fail2ban restart Stopping fail2ban: [ OK ] Starting fail2ban: [ OK ] [root@bighat fail2ban]# service fail2ban stop Stopping fail2ban: [ OK ] [root@bighat fail2ban]# setenforce 1 [root@bighat fail2ban]# service fail2ban start Starting fail2ban: [FAILED] [root@bighat fail2ban]# |
Quote:
BTW, the fail2ban policy seems to be included in FC7 since march 2007, selinux-policy-2.6.4-66 and up. |
Quote:
[root@bighat ~]# sealert -l 5350c578-4956-4f27-a498-aada31c2 Traceback (most recent call last): File "/usr/bin/sealert", line 714, in on_connection_state_change errno, streeor = connection_state.get_response() AttributeError: 'ConnectionState' object has no attribute 'get_response' [2]+ Stopped sealert -l 5350c578-4956-4f27-a498-aada31c2 [root@bighat ~]# |
Are the Setroubleshootd and D-BUS services running?
|
Quote:
|
Hmm. Then I don't know. Maybe get ona Fedora mailing list with that.
Anything wrt fail2ban in your /var/log/audit/* ? |
All times are GMT -5. The time now is 09:04 PM. |