[Bug 917818] New: fail2ban can not use systemd-journal to ban ips
http://bugzilla.opensuse.org/show_bug.cgi?id=917818 Bug ID: 917818 Summary: fail2ban can not use systemd-journal to ban ips Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: x86-64 OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: robin.roth@kit.edu QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 Build Identifier: The fail2ban version availbale with openSuSE 13.2 is not capable of parsing the systemd-journal. Therefore an existing 13.1 configuration that bans ip's based on failed logins will not work when upgrading to 13.2 (fail2ban fails to start saying /var/log/messages does not exist). This essentially disables the security provided by fail2ban against brute-force attacks. Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
Robin Roth
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
Johannes Segitz
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
--- Comment #2 from Robin Roth
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
--- Comment #3 from Johannes Weberhofer
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
--- Comment #4 from Robin Roth
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
Marvin FourtyTwo
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c12
Willy Weisz
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c13
--- Comment #13 from Johannes Weberhofer
When will an x86_64 version be available for python-systemd?
I have activated the above mentioned repository again - You can try to use it. However, it takes some time to pass the package to the devel-project, to factory and back to the security project... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c14
--- Comment #14 from Johannes Weberhofer
(In reply to Willy Weisz from comment #12)
When will an x86_64 version be available for python-systemd?
I have activated the above mentioned repository again - You can try to use it. However, it takes some time to pass the package to the devel-project, to factory and back to the security project...
After adding a patch, the library builds for openSUSE 13.1, too. You might try it out, I have not yet tested it. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c15 Peter Sütterlin
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c18
--- Comment #18 from Johannes Weberhofer
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c20
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c21
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c22
--- Comment #22 from Johannes Weberhofer
Johannes, if this is too invasive, especially for working setups, we can push this to 42.2. If you think this should be a 42.1 maintenance update we'll review python-systemd.
Andreas, when the sysadmins followed the fail2ban guidelines, then the update is not problematic (IMHO). Internally many things have changed. I have fail2ban currently running on at ~6 machines; all rules provided by fail2ban were running without issues but I had to adapt some of my additional rules. That's why I was waiting so long before submitting the update. There also was e.g. issue #971941 - such things may happen with the release and improper configured software. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c23 --- Comment #23 from Peter Sütterlin
http://bugzilla.opensuse.org/show_bug.cgi?id=917818
http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c27
Andreas Stieger
participants (1)
-
bugzilla_noreply@novell.com