Fail2Ban and SeLinux

Support for security such as Firewalls and securing linux
zzserg
Posts: 7
Joined: 2014/11/26 10:03:12

Fail2Ban and SeLinux

Post by zzserg » 2014/11/26 15:42:12

Continue from this topic: viewtopic.php?f=47&t=49819
Environment: CentOS Linux 7 (Core) x86_64, Fail2Ban v0.9.0 from repo EPEL 7, OwnCloud 7.0.3 from OwnCloud CentOS 7 repo.

SeLinux policy enforced.
Manual start of fail2ban going normally, but start as service not work.
Change SeLinux policy to permissive and reboot.

Code: Select all

# grep owncloud /var/log/audit/audit.log
type=AVC msg=audit(1417015549.337:240): avc:  denied  { getattr } for  pid=935 comm="fail2ban-client" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
Make and install policy
# grep owncloud /var/log/audit/audit.log | audit2allow -M my-fail2ban
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i my-fail2ban.pp

# semodule -i my-fail2ban.pp

Then i change SeLinux policy to enforced and reboot.
Fail2ban.service not starting with same error:

Code: Select all

ноя 26 13:29:23 cloud.acconcept.ru fail2ban-client[27566]: ERROR No file(s) foun
d for glob /var/www/html/owncloud/data/owncloud.log
ноя 26 13:29:23 cloud.acconcept.ru fail2ban-client[27566]: ERROR Failed during c
onfiguration: Have not found any log file for owncloud jail
What can i do?

User avatar
TrevorH
Forum Moderator
Posts: 27358
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Fail2Ban and SeLinux

Post by TrevorH » 2014/11/26 19:58:04

What is the policy that audit2alllow produced? It's in the .te file.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

zzserg
Posts: 7
Joined: 2014/11/26 10:03:12

Re: Fail2Ban and SeLinux

Post by zzserg » 2014/11/27 08:37:10

Code: Select all

module my-fail2ban 1.0;
require {
        type fail2ban_client_t;
        type fail2ban_t;
        type httpd_sys_rw_content_t;
        class file { read getattr open };
}
#============= fail2ban_client_t ==============
allow fail2ban_client_t httpd_sys_rw_content_t:file getattr;
#============= fail2ban_t ==============
allow fail2ban_t httpd_sys_rw_content_t:file { read getattr open };

User avatar
TrevorH
Forum Moderator
Posts: 27358
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Fail2Ban and SeLinux

Post by TrevorH » 2014/11/27 08:58:58

That doesn't look like it allows read of the files. Perhaps you missed some avcs? Remove that module, put selinux permissive again, recreate the problem and look and see if you get more AVCs. If so then regenerate your policy module from the new avc messages.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

zzserg
Posts: 7
Joined: 2014/11/26 10:03:12

Re: Fail2Ban and SeLinux

Post by zzserg » 2014/11/27 09:18:50

Code: Select all

# semodule -r my-fail2ban.pp
libsemanage.get_module_file_by_name: Module my-fail2ban.pp was not found.
semodule:  Failed on my-fail2ban.pp!
though

Code: Select all

# semodule -l |grep fail2ban
fail2ban        1.4.9
my-fail2ban     1.0
Can i remove module file directly /etc/selinux/targeted/modules/active/modules/my-fail2ban.pp?

User avatar
TrevorH
Forum Moderator
Posts: 27358
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Fail2Ban and SeLinux

Post by TrevorH » 2014/11/27 09:27:22

When you remove it, you do so by module name not by filename so drop the .pp from the end of the command.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

zzserg
Posts: 7
Joined: 2014/11/26 10:03:12

Re: Fail2Ban and SeLinux

Post by zzserg » 2014/11/27 10:03:33

New policy

Code: Select all

module my-fail2ban 1.0;
require {
        type fail2ban_client_t;
        type fail2ban_t;
        type httpd_sys_rw_content_t;
        class capability dac_override;
        class file { read getattr open };
}
#============= fail2ban_client_t ==============
allow fail2ban_client_t httpd_sys_rw_content_t:file getattr;
allow fail2ban_client_t self:capability dac_override;
#============= fail2ban_t ==============
allow fail2ban_t httpd_sys_rw_content_t:file { read getattr open };
Audit when created policy

Code: Select all

# grep fail2ban /var/log/audit/audit.log
type=AVC msg=audit(1417018040.480:239): avc:  denied  { getattr } for  pid=938 comm="fail2ban-client" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417018040.480:239): arch=c000003e syscall=6 success=yes exit=0 a0=2323ff0 a1=7fff90b13af0 a2=7fff90b13af0 a3=642f64756f6c636e items=0 ppid=1 pid=938 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417018041.909:258): avc:  denied  { read } for  pid=1872 comm="fail2ban-server" name="owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=AVC msg=audit(1417018041.909:258): avc:  denied  { open } for  pid=1872 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417018041.909:258): arch=c000003e syscall=2 success=yes exit=7 a0=12e1590 a1=0 a2=1b6 a3=642f64756f6c636e items=0 ppid=1 pid=1872 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1417018041.910:259): avc:  denied  { getattr } for  pid=1872 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417018041.910:259): arch=c000003e syscall=5 success=yes exit=0 a0=7 a1=7fffd5ddc990 a2=7fffd5ddc990 a3=1 items=0 ppid=1 pid=1872 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=SERVICE_START msg=audit(1417018042.246:264): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417019112.777:348): avc:  denied  { getattr } for  pid=1903 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417019112.777:348): arch=c000003e syscall=4 success=yes exit=0 a0=7f6c44001120 a1=7f6c4b12a470 a2=7f6c4b12a470 a3=642f64756f6c636e items=0 ppid=1 pid=1903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1417030723.703:387): avc:  denied  { getattr } for  pid=1903 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417030723.703:387): arch=c000003e syscall=4 success=yes exit=0 a0=7f6c44001120 a1=7f6c4b12a470 a2=7f6c4b12a470 a3=642f64756f6c636e items=0 ppid=1 pid=1903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1417030741.731:388): avc:  denied  { getattr } for  pid=1903 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417030741.731:388): arch=c000003e syscall=4 success=yes exit=0 a0=7f6c44001120 a1=7f6c4b12a470 a2=7f6c4b12a470 a3=642f64756f6c636e items=0 ppid=1 pid=1903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=SERVICE_STOP msg=audit(1417032421.475:399): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417032424.552:400): avc:  denied  { getattr } for  pid=2738 comm="fail2ban-client" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417032424.552:400): arch=c000003e syscall=6 success=yes exit=0 a0=22fc450 a1=7fffa18a0ce0 a2=7fffa18a0ce0 a3=642f64756f6c636e items=0 ppid=1 pid=2738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417032424.854:401): avc:  denied  { read } for  pid=2741 comm="fail2ban-server" name="owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=AVC msg=audit(1417032424.854:401): avc:  denied  { open } for  pid=2741 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417032424.854:401): arch=c000003e syscall=2 success=yes exit=7 a0=132a590 a1=0 a2=1b6 a3=642f64756f6c636e items=0 ppid=1 pid=2741 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=SERVICE_START msg=audit(1417032424.959:402): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417032464.060:423): avc:  denied  { getattr } for  pid=2742 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417032464.060:423): arch=c000003e syscall=4 success=yes exit=0 a0=7fe564001120 a1=7fe56bc8f470 a2=7fe56bc8f470 a3=642f64756f6c636e items=0 ppid=1 pid=2742 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1417080991.379:577): avc:  denied  { getattr } for  pid=2742 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417080991.379:577): arch=c000003e syscall=4 success=yes exit=0 a0=7fe564001120 a1=7fe56bc8f470 a2=7fe56bc8f470 a3=642f64756f6c636e items=0 ppid=1 pid=2742 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=SERVICE_STOP msg=audit(1417081000.516:606): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417081061.478:240): avc:  denied  { dac_override } for  pid=948 comm="fail2ban-client" capability=1  scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:system_r:fail2ban_client_t:s0 tclass=capability
type=AVC msg=audit(1417081061.478:240): avc:  denied  { getattr } for  pid=948 comm="fail2ban-client" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417081061.478:240): arch=c000003e syscall=6 success=yes exit=0 a0=1da7450 a1=7fff707ae320 a2=7fff707ae320 a3=642f64756f6c636e items=0 ppid=1 pid=948 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417081062.865:262): avc:  denied  { read } for  pid=1871 comm="fail2ban-server" name="owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=AVC msg=audit(1417081062.865:262): avc:  denied  { open } for  pid=1871 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417081062.865:262): arch=c000003e syscall=2 success=yes exit=7 a0=1b9f690 a1=0 a2=1b6 a3=642f64756f6c636e items=0 ppid=1 pid=1871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1417081062.866:263): avc:  denied  { getattr } for  pid=1871 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417081062.866:263): arch=c000003e syscall=5 success=yes exit=0 a0=7 a1=7fff1d87c050 a2=7fff1d87c050 a3=1 items=0 ppid=1 pid=1871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=SERVICE_START msg=audit(1417081063.281:269): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417082384.864:371): avc:  denied  { getattr } for  pid=1917 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417082384.864:371): arch=c000003e syscall=4 success=yes exit=0 a0=7fe8f0001150 a1=7fe8f48c0470 a2=7fe8f48c0470 a3=642f64756f6c636e items=0 ppid=1 pid=1917 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=SERVICE_STOP msg=audit(1417082438.226:375): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417082464.694:389): avc:  denied  { dac_override } for  pid=2535 comm="fail2ban-client" capability=1  scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:system_r:fail2ban_client_t:s0 tclass=capability
type=AVC msg=audit(1417082464.694:389): avc:  denied  { getattr } for  pid=2535 comm="fail2ban-client" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417082464.694:389): arch=c000003e syscall=6 success=yes exit=0 a0=e5d450 a1=7fff6d56b570 a2=7fff6d56b570 a3=642f64756f6c636e items=0 ppid=1 pid=2535 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417082465.145:390): avc:  denied  { read } for  pid=2557 comm="fail2ban-server" name="owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=AVC msg=audit(1417082465.145:390): avc:  denied  { open } for  pid=2557 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417082465.145:390): arch=c000003e syscall=2 success=yes exit=7 a0=12b1590 a1=0 a2=1b6 a3=642f64756f6c636e items=0 ppid=1 pid=2557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=SERVICE_START msg=audit(1417082465.337:391): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417082466.381:395): avc:  denied  { getattr } for  pid=2558 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417082466.381:395): arch=c000003e syscall=4 success=yes exit=0 a0=7f82a0001120 a1=7f82a87af470 a2=7f82a87af470 a3=642f64756f6c636e items=0 ppid=1 pid=2558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=SERVICE_STOP msg=audit(1417082471.671:399): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417082474.578:400): avc:  denied  { getattr } for  pid=2573 comm="fail2ban-client" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417082474.578:400): arch=c000003e syscall=6 success=yes exit=0 a0=160a450 a1=7fffdbca4780 a2=7fffdbca4780 a3=642f64756f6c636e items=0 ppid=1 pid=2573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417082474.871:401): avc:  denied  { read } for  pid=2576 comm="fail2ban-server" name="owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=AVC msg=audit(1417082474.871:401): avc:  denied  { open } for  pid=2576 comm="fail2ban-server" path="/var/www/html/owncloud/data/owncloud.log" dev="sda2" ino=805383857 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file
type=SYSCALL msg=audit(1417082474.871:401): arch=c000003e syscall=2 success=yes exit=7 a0=1432590 a1=0 a2=1b6 a3=642f64756f6c636e items=0 ppid=1 pid=2576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-server" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_t:s0 key=(null)
type=SERVICE_START msg=audit(1417082474.974:402): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Audit tail after installing policy and switching to enforced mode

Code: Select all

type=SERVICE_START msg=audit(1417082973.845:429): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417082973.946:430): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417082973.946:431): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1417082976.814:432): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417082976.916:433): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417082976.916:434): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1417082979.736:435): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417082979.838:436): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417082979.838:437): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1417082983.569:438): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417082983.671:439): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417082983.671:440): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Problem still here

User avatar
TrevorH
Forum Moderator
Posts: 27358
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Fail2Ban and SeLinux

Post by TrevorH » 2014/11/27 10:57:51

Perhaps you are being hit by dontaudit rules. Repeat the process and this time, before you gather the avcs, run semodule -DB to disable the dontaudit rules. Once you are done, re-enable them by running semodule -B
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

zzserg
Posts: 7
Joined: 2014/11/26 10:03:12

Re: Fail2Ban and SeLinux

Post by zzserg » 2014/11/28 13:51:43

New version - not working

Code: Select all

module my-fail2ban 1.0;
require {
        type unconfined_t;
        type httpd_sys_rw_content_t;
        type fail2ban_t;
        type iptables_t;
        type fail2ban_client_t;
        class capability dac_override;
        class unix_stream_socket connectto;
        class process { siginh noatsecure rlimitinh };
        class file { read getattr open };
        class dir search;
}
#============= fail2ban_client_t ==============
allow fail2ban_client_t fail2ban_t:process { siginh rlimitinh noatsecure };
allow fail2ban_client_t httpd_sys_rw_content_t:dir search;
allow fail2ban_client_t httpd_sys_rw_content_t:file getattr;
allow fail2ban_client_t self:capability dac_override;
allow fail2ban_client_t unconfined_t:unix_stream_socket connectto;
#============= fail2ban_t ==============
allow fail2ban_t httpd_sys_rw_content_t:file { read getattr open };
allow fail2ban_t iptables_t:process { siginh rlimitinh noatsecure };
grep fail2ban /var/log/audit/audit.log - tail after installing policy and switching to enforced mode

Code: Select all

type=SERVICE_START msg=audit(1417182350.337:1026): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417182350.440:1027): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417182350.440:1028): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417182350.480:1029): avc:  denied  { search } for  pid=2634 comm="fail2ban-client" name=".local" dev="sda3" ino=100664021 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182350.480:1029): arch=c000003e syscall=4 success=no exit=-13 a0=f9d7c0 a1=7fff736a7cd0 a2=7fff736a7cd0 a3=326e6f687479702f items=0 ppid=1 pid=2634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417182353.204:1030): avc:  denied  { search } for  pid=2634 comm="fail2ban-client" name="www" dev="sda2" ino=2657 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182353.204:1030): arch=c000003e syscall=6 success=no exit=-13 a0=12f2450 a1=7fff736a7430 a2=7fff736a7430 a3=642f64756f6c636e items=0 ppid=1 pid=2634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=SERVICE_START msg=audit(1417182353.227:1031): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417182353.331:1032): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417182353.331:1033): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417182353.371:1034): avc:  denied  { search } for  pid=2636 comm="fail2ban-client" name=".local" dev="sda3" ino=100664021 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182353.371:1034): arch=c000003e syscall=4 success=no exit=-13 a0=25f07c0 a1=7ffff23af4d0 a2=7ffff23af4d0 a3=326e6f687479702f items=0 ppid=1 pid=2636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417182356.142:1035): avc:  denied  { search } for  pid=2636 comm="fail2ban-client" name="www" dev="sda2" ino=2657 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182356.142:1035): arch=c000003e syscall=6 success=no exit=-13 a0=2945450 a1=7ffff23aec30 a2=7ffff23aec30 a3=642f64756f6c636e items=0 ppid=1 pid=2636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=SERVICE_START msg=audit(1417182356.163:1036): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417182356.264:1037): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417182356.264:1038): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417182356.306:1039): avc:  denied  { search } for  pid=2638 comm="fail2ban-client" name=".local" dev="sda3" ino=100664021 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182356.306:1039): arch=c000003e syscall=4 success=no exit=-13 a0=1f0d7c0 a1=7ffff1034820 a2=7ffff1034820 a3=326e6f687479702f items=0 ppid=1 pid=2638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417182359.059:1040): avc:  denied  { search } for  pid=2638 comm="fail2ban-client" name="www" dev="sda2" ino=2657 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182359.059:1040): arch=c000003e syscall=6 success=no exit=-13 a0=2262450 a1=7ffff1033f80 a2=7ffff1033f80 a3=642f64756f6c636e items=0 ppid=1 pid=2638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=SERVICE_START msg=audit(1417182359.083:1041): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417182359.184:1042): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417182359.185:1043): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417182359.229:1044): avc:  denied  { search } for  pid=2640 comm="fail2ban-client" name=".local" dev="sda3" ino=100664021 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182359.229:1044): arch=c000003e syscall=4 success=no exit=-13 a0=d997c0 a1=7fff9a942140 a2=7fff9a942140 a3=326e6f687479702f items=0 ppid=1 pid=2640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417182362.330:1045): avc:  denied  { search } for  pid=2640 comm="fail2ban-client" name="www" dev="sda2" ino=2657 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182362.330:1045): arch=c000003e syscall=6 success=no exit=-13 a0=10ee450 a1=7fff9a9418a0 a2=7fff9a9418a0 a3=642f64756f6c636e items=0 ppid=1 pid=2640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=SERVICE_START msg=audit(1417182362.353:1046): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417182362.454:1047): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417182362.454:1048): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417182362.501:1049): avc:  denied  { search } for  pid=2643 comm="fail2ban-client" name=".local" dev="sda3" ino=100664021 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182362.501:1049): arch=c000003e syscall=4 success=no exit=-13 a0=7267c0 a1=7fffd5765030 a2=7fffd5765030 a3=326e6f687479702f items=0 ppid=1 pid=2643 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417182365.309:1050): avc:  denied  { search } for  pid=2643 comm="fail2ban-client" name="www" dev="sda2" ino=2657 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182365.309:1050): arch=c000003e syscall=6 success=no exit=-13 a0=a7b450 a1=7fffd5764790 a2=7fffd5764790 a3=642f64756f6c636e items=0 ppid=1 pid=2643 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=SERVICE_START msg=audit(1417182365.354:1051): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417182365.457:1052): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417182365.459:1053): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417182365.514:1054): avc:  denied  { search } for  pid=2645 comm="fail2ban-client" name=".local" dev="sda3" ino=100664021 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182365.514:1054): arch=c000003e syscall=4 success=no exit=-13 a0=16127c0 a1=7fffaa592c60 a2=7fffaa592c60 a3=326e6f687479702f items=0 ppid=1 pid=2645 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417182368.448:1055): avc:  denied  { search } for  pid=2645 comm="fail2ban-client" name="www" dev="sda2" ino=2657 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182368.448:1055): arch=c000003e syscall=6 success=no exit=-13 a0=1967450 a1=7fffaa5923c0 a2=7fffaa5923c0 a3=642f64756f6c636e items=0 ppid=1 pid=2645 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=SERVICE_START msg=audit(1417182368.480:1056): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417182368.582:1057): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417182368.582:1058): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417182368.628:1059): avc:  denied  { search } for  pid=2647 comm="fail2ban-client" name=".local" dev="sda3" ino=100664021 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182368.628:1059): arch=c000003e syscall=4 success=no exit=-13 a0=a607c0 a1=7fff723b4360 a2=7fff723b4360 a3=326e6f687479702f items=0 ppid=1 pid=2647 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=AVC msg=audit(1417182371.532:1060): avc:  denied  { search } for  pid=2647 comm="fail2ban-client" name="www" dev="sda2" ino=2657 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182371.532:1060): arch=c000003e syscall=6 success=no exit=-13 a0=db5450 a1=7fff723b3ac0 a2=7fff723b3ac0 a3=642f64756f6c636e items=0 ppid=1 pid=2647 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)
type=SERVICE_START msg=audit(1417182371.568:1061): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
type=SERVICE_START msg=audit(1417182371.671:1062): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1417182371.671:1063): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="fail2ban" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1417182371.728:1064): avc:  denied  { search } for  pid=2649 comm="fail2ban-client" name=".local" dev="sda3" ino=100664021 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1417182371.728:1064): arch=c000003e syscall=4 success=no exit=-13 a0=1dc97c0 a1=7fffdb9e8aa0 a2=7fffdb9e8aa0 a3=326e6f687479702f items=0 ppid=1 pid=2649 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="fail2ban-client" exe="/usr/bin/python2.7" subj=system_u:system_r:fail2ban_client_t:s0 key=(null)

Isma329
Posts: 2
Joined: 2015/01/07 11:26:00

Re: Fail2Ban and SeLinux

Post by Isma329 » 2015/01/07 12:07:00

CentOS Linux release 7.0.1406 (Core) - Fail2Ban v0.9.1 - OwnCloud 7,0,4,2

Hello,

have you get fail2ban working with SElinux enforced. I have the same problems as you, I think.

Code: Select all

#setenforce 0
#systemctl start fail2ban
#setenforce 1
# systemctl restart fail2ban
Job for fail2ban.service failed. See 'systemctl status fail2ban.service' and 'journalctl -xn' for details.
Owncloud log to parse is in /opt/OwnCloudData/owncloud.log.

To use in /etc/fail2ban/jail.local the logpath option, fail2ban needs pyinotify backend.

If I use the systemd backend, fail2ban starts but didn't ban , I surely have to use the journalmatch option but I don't find any documentation. And even more, there's nothing in the journal about owncloud.
If I do

Code: Select all

journalctl -a -f -n1000
and login in Owncloud, the journal doesn't move.

So, pynotify is the backend to use with fail2ban to parse owncloud.log.
on owncloud.log, selinux is like that :

Code: Select all

#ls -Z /opt/OwnCloudData
-rw-r-----. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 /opt/OwnCloudData/owncloud.log
The policy for fail2ban module is :

Code: Select all

#cat my-fail2ban-pol.te
module my-fail2ban-pol 1.0;

require {
        type httpd_sys_rw_content_t;
        type fail2ban_t;
        type syslogd_var_run_t;
        type fail2ban_client_t;
        class capability dac_override;
        class dir { read getattr };
        class file { getattr read open };
}

#============= fail2ban_client_t ==============
allow fail2ban_client_t httpd_sys_rw_content_t:file getattr;
allow fail2ban_client_t self:capability dac_override;

#============= fail2ban_t ==============
allow fail2ban_t httpd_sys_rw_content_t:dir { read getattr };
allow fail2ban_t httpd_sys_rw_content_t:file { read getattr open };
allow fail2ban_t syslogd_var_run_t:dir read;
allow fail2ban_t syslogd_var_run_t:file { read getattr open };
This policy was made by audit2allow.
fail2ban client and server are allowed in httpd_sys_rw_content:file

I really don't understand where selinux is still blocking fail2ban.

Post Reply

Return to “CentOS 7 - Security Support”