Bug ID 1103579
Summary missing installation requirement sqlite3 for fail2ban package
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.0
Hardware x86-64
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter gweberbh@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

fail2ban version 0.10.3.1 release lp150.1.1

Standard configuration file fail2ban.conf has this entry:

dbfile = /var/lib/fail2ban/fail2ban.sqlite3

However, sqlite3 is not required when fail2ban is installed, therefore sqlite3
may not be installed (as it did happened in my case).

I understand that a missing sqlite3 means that the dbfile is never read by
fail2ban when it restarts, and IPs that are already banned are not added to
iptables (assuming that the configuration has a long bantime as it happens in
my case).

Symptom: upon restart or reboot, the iptables chain is much smaller than it was
before (iptables -L -n|grep -c REJECT)

Workaround: install sqlite3 manually (zypper install sqlite3), restart fail2ban
(systemctl restart fail2ban), your list of banned IPs.

Suggested fix: add sqlite3 to requirements or change the fail2ban.conf dbfile
entry.

rpm -qR fail2ban
/bin/sh
/bin/sh
/bin/sh
/bin/sh
/usr/bin/env
/usr/bin/python
config(fail2ban) = 0.10.3.1-lp150.1.1
cron
ed
iptables
logrotate
python >= 2.6
python(abi) = 2.7
python-gamin >= 0.0.21
python-pyinotify >= 0.8.3
python-systemd
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsXz) <= 5.2-1
systemd
systemd
systemd
systemd
systemd > 204
whois

You are receiving this mail because: