On Wed, 26 Feb 2020 at 11:13, Nicolas Kovacs <info@xxxxxxxxxxxxx> wrote:
Le 26/02/2020 à 15:48, Stephen John Smoogen a écrit :
> I would open a bug on this so that the maintainer knows about it. They may not
> be on this list or may filter it to the 'read once a year' bucket. Second, I
> would check to see what the audit2allow policy came up with and if the files it
> is alerting on have the appropriate labeling. I spent a day doing this with
> Nagios and then realized the file problem was that nrpe wanted to do something
> and hte file was labeled in a 'group' that neither nagios or nrpe had selinux
> perms to do with.
First a question: where's the correct place to file a bug for that? I
subscribed to that list because I thought this would be the right place for
that kind of thing.
Ugh. My problem for not saying that. A lot of 'bugs' can be config problems so starting a discussion on the list is a good place. After that it is go to
https://bugzilla.redhat.com/show_bug.cgi?id=1766415 may be related
Anyway.
I reinstalled this server from scratch and took some notes.
The second time I succeeded in making Fail2ban work with SELinux. Go figure.
I noticed two things, I don't know if they're relevant.
1. I had two different suggestions from sealert.
# ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver
# semodule -i my-f2bserver.pp
and then the same thing but 'f2b/sshd'.
2. To create the SELinux I used the root account on the second attempt. On the
first attempt I used sudo:
$ sudo ausearch -c 'f2b/f.sshd' --raw | sudo audit2allow -M my-f2bfsshd
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i my-f2bfsshd.pp
$ sudo semodule -i my-f2bfsshd.pp
In theory there should be no difference, so correct me if I'm wrong.
Cheers,
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : info@xxxxxxxxxxxxx
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Stephen J Smoogen.
_______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
