Check the /var/log/messages to get idea of error
=========================================================================
May
12 04:05:40 mail setroubleshoot: SELinux is preventing
/sbin/iptables-multi-1.4.7 from read access on the file . For
complete SELinux messages. run
sealert -l
1a33e373-0b4e-4e1c-8cf7-38636b5acbde
May
12 04:05:40 mail setroubleshoot: SELinux is preventing
/sbin/iptables-multi-1.4.7 from create access on the rawip_socket .
For complete SELinux mes
sages.
run sealert -l c2931169-d03b-4758-92d4-f22275f7f391
May
12 04:05:40 mail setroubleshoot: SELinux is preventing
/sbin/iptables-multi-1.4.7 from create access on the rawip_socket .
For complete SELinux mes
sages.
run sealert -l c2931169-d03b-4758-92d4-f22275f7f391
May
12 04:05:40 mail setroubleshoot: SELinux is preventing
/sbin/iptables-multi-1.4.7 from read access on the file . For
complete SELinux messages. run
sealert -l
1a33e373-0b4e-4e1c-8cf7-38636b5acbde
May
12 04:05:37 mail fail2ban.actions: WARNING [dovecot-pop3imap] Unban
125.19.48.106
May
12 04:05:37 mail fail2ban.actions.action: ERROR iptables -n -L INPUT
| grep -q 'fail2ban-dovecot-pop3imap[ \t]' returned 100
May
12 04:05:37 mail fail2ban.actions.action: ERROR Invariant check
failed. Trying to restore a sane environment
May
12 04:05:37 mail fail2ban.actions.action: ERROR iptables -D INPUT -p
tcp -m multiport --dports pop3,pop3s,imap,imaps -j
fail2ban-dovecot-pop3imap#
012iptables
-F fail2ban-dovecot-pop3imap#012iptables -X fail2ban-dovecot-pop3imap
returned 300
May
12 04:05:37 mail fail2ban.actions.action: ERROR iptables -N
fail2ban-dovecot-pop3imap#012iptables -A fail2ban-dovecot-pop3imap -j
RETURN#012iptabl
es
-I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j
fail2ban-dovecot-pop3imap returned 100
May
12 04:05:37 mail fail2ban.actions.action: ERROR iptables -n -L INPUT
| grep -q 'fail2ban-dovecot-pop3imap[ \t]' returned 100
May
12 04:05:37 mail fail2ban.actions.action: CRITICAL Unable to restore
environment
================================================================================
This error propagate with the Selinux, you can run the below command
to get fully idea about selinux error.
sealert -l 1a33e373-0b4e-4e1c-8cf7-38636b5acbde
Check the audit.log file and find below deined messages.
type=AVC
msg=audit(1368773459.619:3055): avc: denied { read } for pid=6627
comm="iptables"
scontext=unconfined_u:system_r:fail2ban_t:s0
tcontext=system_u:object_r:sysctl_modprobe_t:s0 tclass=file
type=AVC
msg=audit(1368773459.620:3056): avc: denied { create } for
pid=6625 comm="iptables"
scontext=unconfined_u:system_r:fail2ban_t:s0
tcontext=unconfined_u:system_r:fail2ban_t:s0 tclass=rawip_socket
type=AVC
msg=audit(1368773459.620:3057): avc: denied { read } for pid=6625
comm="iptables"
scontext=unconfined_u:system_r:fail2ban_t:s0
tcontext=system_u:object_r:sysctl_modprobe_t:s0 tclass=file
type=AVC
msg=audit(1368773459.622:3058): avc: denied { create } for
pid=6629 comm="iptables"
scontext=unconfined_u:system_r:fail2ban_t:s0
tcontext=unconfined_u:system_r:fail2ban_t:s0
Resolution :
Once I check the context of
/sbin/iptables-multi-1.4.7
it will show the incorrect context as below- ls -lZ
/sbin/iptables-multi-1.4.7
output-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /sbin/iptables-multi-1.4.7
Run
the below command to correct the Selinux contextrestorecon -R -v /sbin/
then
run the ls
-lZ
command which show the correct context-rwxr-xr-x. root root system_u:object_r:iptables_exec_t:s0 /sbin/iptables-multi-1.4.7
Then
restart the fail2ban service.
No comments:
Post a Comment