[Bug 917818] New: fail2ban can not use systemd-journal to ban ips - openSUSE Bugs - openSUSE Mailing Lists

newer
[Bug 990361] New: Can't start...

[Bug 917818] New: fail2ban can not use systemd-journal to ban ips

older
[Bug 988273] Steam segmentation...

bugzilla_noreply＠novell.com

13 Feb 2015 13 Feb '15

13:25

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 Bug ID: 917818 Summary: fail2ban can not use systemd-journal to ban ips Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: x86-64 OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: robin.roth@kit.edu QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 Build Identifier: The fail2ban version availbale with openSuSE 13.2 is not capable of parsing the systemd-journal. Therefore an existing 13.1 configuration that bans ip's based on failed logins will not work when upgrading to 13.2 (fail2ban fails to start saying /var/log/messages does not exist). This essentially disables the security provided by fail2ban against brute-force attacks. Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug.

Attachments:

attachment.htm (text/html — 2.6 KB)

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠novell.com

13 Feb 13 Feb

13:26

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 Robin Roth changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Major -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

13:42

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 Johannes Segitz changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsegitz@novell.com Assignee|security-team@suse.de |jweberhofer@weberhofer.at Severity|Major |Normal --- Comment #1 from Johannes Segitz --- Install rsyslog as a workaround. Looks like fail2ban 0.9.0 introduces a systemd backend. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

14:44

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 --- Comment #2 from Robin Roth --- The workaround has the disadvantage that all other tools that assume systemd-logger don't work anymore. As systemd-logger is the default in 13.2 all associated packages, including fail2ban, should be updated supporting it. Especially because fail2ban has this feature upstream. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

20:54

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 --- Comment #3 from Johannes Weberhofer --- Fail2ban (in the current version) requires the installation of syslog which automatically makes the system logging to /var/log/messages; doesn't that work for you? I think about providing fail2ban 0.9.1+ hopefully in March (I don't have enough time-resources to do that now), but I do not plan to provide a update for OSS 13.1/13.2, as the configuration changes a lot. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

16 Feb 16 Feb

08:22

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 --- Comment #4 from Robin Roth --- fail2ban requires "syslog", but in a 13.2 installation with all current updates: 'systemd-logger' providing 'syslog' is already installed. systemd-logger is a dummy package that only provides a /var/log/README telling you to not look at /var/log/messages but use the systemd infrastructure. So the dependency on syslog does not make sense. One could change it to rsyslog or syslog-ng to get a /var/log/messages, but this would then break the systemd install and removes journald. So this is not a realistic option. In my opinion any package should provide sensible defaults and work out of the box. To do so an upgrade to 0.9.1 also in 13.2 would be important. As soon as there's a factory version available I could help test a backport to 13.2. 13.1 is not affected as there journald is not yet the default. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

24 Mar 24 Mar

14:18

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 Marvin FourtyTwo changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marvin24@gmx.de -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

21 Oct 21 Oct

21:21

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c12 Willy Weisz changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Willy.Weisz@univie.ac.at --- Comment #12 from Willy Weisz --- When will an x86_64 version be available for python-systemd? -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

22 Oct 22 Oct

06:23

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c13 --- Comment #13 from Johannes Weberhofer --- (In reply to Willy Weisz from comment #12)

When will an x86_64 version be available for python-systemd?

I have activated the above mentioned repository again - You can try to use it. However, it takes some time to pass the package to the devel-project, to factory and back to the security project... -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

06:54

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c14 --- Comment #14 from Johannes Weberhofer --- (In reply to Johannes Weberhofer from comment #13)

(In reply to Willy Weisz from comment #12)

...
When will an x86_64 version be available for python-systemd?

I have activated the above mentioned repository again - You can try to use it. However, it takes some time to pass the package to the devel-project, to factory and back to the security project...

After adding a patch, the library builds for openSUSE 13.1, too. You might try it out, I have not yet tested it. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

15 Jan 15 Jan

09:47

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c15 Peter Sütterlin changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |P.Suetterlin@royac.iac.es --- Comment #15 from Peter Sütterlin --- Hmm, Leap 42.1 has the same problem again: There is (still) no official systemd-python package in the official repositories. Is this going to be added at some point? -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

10 Mar 10 Mar

12:17

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c18 --- Comment #18 from Johannes Weberhofer --- I have just published the new fail2ban version 0.9.4 which allows to define the backends via /etc/fail2ban/paths-opensuse.conf This allows to pre-set the backend for all the distributions. Please test the update and I will soon make a request for inclusion in the normal leap update channel. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

10 Jun 10 Jun

15:24

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c20 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |IN_PROGRESS CC| |astieger@suse.com --- Comment #20 from Andreas Stieger --- Jan, just reviewing your submission. Can you add python-systemd to the incident? (remove old package) osc branch -M -N openSUSE:Leap:42.1:Update/python-systemd home:weberho:branches:openSUSE:Leap:42.1:Update osc copypac -e -K openSUSE:Factory/python-systemd home:weberho:branches:openSUSE:Leap:42.1:Update/python-systemd.openSUSE_Leap_42.1_Update osc mr home:weberho:branches:openSUSE:Leap:42.1:Update -m "... message" -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

15:30

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c21 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(sb56637@gmail.com | |) --- Comment #21 from Andreas Stieger --- S.B., can you please install 0.9.4 from security/fail2ban to verify functionality while the maintenance update is being prepared. Johannes, if this is too invasive, especially for working setups, we can push this to 42.2. If you think this should be a 42.1 maintenance update we'll review python-systemd. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

15:43

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c22 --- Comment #22 from Johannes Weberhofer --- (In reply to Andreas Stieger from comment #21)

Johannes, if this is too invasive, especially for working setups, we can push this to 42.2. If you think this should be a 42.1 maintenance update we'll review python-systemd.

Andreas, when the sysadmins followed the fail2ban guidelines, then the update is not problematic (IMHO). Internally many things have changed. I have fail2ban currently running on at ~6 machines; all rules provided by fail2ban were running without issues but I had to adapt some of my additional rules. That's why I was waiting so long before submitting the update. There also was e.g. issue #971941 - such things may happen with the release and improper configured software. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

13 Jun 13 Jun

12:04

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c23 --- Comment #23 from Peter Sütterlin --- FYI, I'm also running fail2ban (0.9.4) and pthon-systemd (6.1) from security on our server (leap 42.1) without issues. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

23 Jul 23 Jul

11:22

New subject: [Bug 917818] fail2ban can not use systemd-journal to ban ips

http://bugzilla.opensuse.org/show_bug.cgi?id=917818 http://bugzilla.opensuse.org/show_bug.cgi?id=917818#c27 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED Flags|needinfo?(sb56637@gmail.com | |) | --- Comment #27 from Andreas Stieger --- releasing for openSUSE Leap 42.1 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

2835

Age (days ago)

3361

Last active (days ago)

Download

16 comments

1 participants

tags

participants (1)

bugzilla_noreply＠novell.com