New version of sshd changes daemon name from sshd to sshd-session. Fail2ban filter therefore doesn't match, because it expect sshd in the __prefix_line. Changing _dameon = sshd to _daemon = (sshd|sshd-session) solves this issue. Reproducible: Always
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f40d76b04279142985ca0da8048356d34557849 commit 8f40d76b04279142985ca0da8048356d34557849 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-07-04 00:52:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-07-04 00:53:45 +0000 net-analyzer/fail2ban: fix openssh-9.8 compat openssh-9.8 changes services names and binary layout. Closes: https://bugs.gentoo.org/935392 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/fail2ban/fail2ban-1.1.0-r1.ebuild | 136 +++++++++++++++++++++ .../files/fail2ban-1.1.0-openssh-9.8.patch | 75 ++++++++++++ 2 files changed, 211 insertions(+)
Note that the security upgrade part isn't really so relevant here as 9.8 isn't stabled (so it was just a new release).
Posted to distros ML: https://lore.kernel.org/distributions/87h6ckyck8.fsf@gentoo.org/T/#u.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a74794caf315f33baf0a2ca7ee9da1aa649b85fd commit a74794caf315f33baf0a2ca7ee9da1aa649b85fd Author: Sam James <sam@gentoo.org> AuthorDate: 2024-08-29 01:53:56 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-29 01:53:56 +0000 net-analyzer/fail2ban: fix openssh-9.8 compat harder; openrc tweak * Fix OpenSSH 9.8 harder by backporting more patches from upstream * Backport mjo's OpenRC init script tweak for nftables Bug: https://bugs.gentoo.org/935392 Closes: https://bugs.gentoo.org/936838 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild | 138 +++++++++++++++++++++ .../files/fail2ban-1.1.0-openrc-nftables.patch | 25 ++++ .../files/fail2ban-1.1.0-openssh-9.8-fixups.patch | 40 ++++++ 3 files changed, 203 insertions(+)
