networking - fail2ban will not start on some installs (x64)
Ed Greshko
Ed.Greshko at greshko.com
Tue Jul 9 10:52:04 UTC 2013
On 07/09/13 18:19, Cristian Sava wrote:
> On Tue, 2013-07-09 at 16:56 +0800, Ed Greshko wrote:
>
>> Have you checked /var/log/audit/audit.log for AVC (selinux) entries?
> No AVC messages, not selinux related bug. It is a networking subsystem
> problem.
>
Well, I find one thing interesting.....
Notice the error message....
fail2ban-client[2804]: ERROR Directory /var/run/fail2ban exists but not accessible for writing
But, if you execute the command in the service file from the command line....
[root at f18x log]# /usr/bin/fail2ban-client -x start
2013-07-09 18:46:10,558 fail2ban.server : INFO Starting Fail2ban v0.8.10
2013-07-09 18:46:10,559 fail2ban.server : INFO Starting in daemon mode
and....
[root at f18x fail2ban]# pwd
/var/run/fail2ban
[root at f18x fail2ban]# ls
fail2ban.pid fail2ban.sock
And if you put selinux in permissive mode....
[root at f18x fail2ban]# pwd
/var/run/fail2ban
[root at f18x fail2ban]# ls
[root at f18x fail2ban]# setenforce 0
[root at f18x fail2ban]# systemctl start fail2ban
[root at f18x fail2ban]# ls
fail2ban.pid fail2ban.sock
So it is running with selinux placed in permissive mode.....
--
The only thing worse than a poorly asked question is a cryptic answer.
More information about the users
mailing list