936838 – net-analyzer/fail2ban-1.1.0-r1 stopped processing sshd

Bug 936838 - net-analyzer/fail2ban-1.1.0-r1 stopped processing sshd

Summary: net-analyzer/fail2ban-1.1.0-r1 stopped processing sshd

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Sam James

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-07-28 15:15 UTC by Alexandre Ferreira
Modified:	2024-08-29 01:55 UTC (History)
CC List:	2 users (show)

See Also:	935392
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandre Ferreira 2024-07-28 15:15:58 UTC

fail2ban stopped banning based on sshd entries on journald

Reproducible: Always

Steps to Reproduce:
1. run fail2ban
2. no sshd ban occurs
3.



The line "journalmatch = _SYSTEMD_UNIT=ssh.service + _COMM=ssh" on file /etc/fail2ban/filter.d/sshd.conf is incorrect and was preventing fail2ban to work. The correct entry is "journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=ssh"

Comment 1 Alfred Wingate 2024-07-28 15:28:38 UTC

You are presumably using an older version of openssh.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f40d76b04279142985ca0da8048356d34557849

Comment 2 Alexandre Ferreira 2024-07-28 15:52:31 UTC

I am using openssh-9.8_p1-r2 and it installs sshd:
# emerge --oneshot -pv openssh

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 3.32 s (backtrack: 0/20).

[ebuild   R    ] net-misc/openssh-9.8_p1-r2::gentoo  USE="pam pie ssl -audit (-debug) -kerberos -ldns -libedit -livecd -security-key (-selinux) -static -test -verify-sig (-xmss)" 0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB

# grep systemd /var/db/pkg/net-misc/openssh-9.8_p1-r2/CONTENTS 
dir /usr/lib/systemd
dir /usr/lib/systemd/system
obj /usr/lib/systemd/system/sshd@.service c8978a9f3584c8757490f2a1a79c2c24 1720882797
obj /usr/lib/systemd/system/sshd.service 033c6f370f93608645b0fb2eed6a1e02 1720882797
obj /usr/lib/systemd/system/sshd.socket 4735139e66316cdf102cb99d716ad6aa 1720882797

 * Searching for /usr/lib/systemd/system/sshd.service ... 
net-misc/openssh-9.8_p1-r2 (/usr/lib/systemd/system/sshd.service)

Comment 3 Larry the Git Cow gentoo-dev

2024-08-29 01:55:22 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a74794caf315f33baf0a2ca7ee9da1aa649b85fd

commit a74794caf315f33baf0a2ca7ee9da1aa649b85fd
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-08-29 01:53:56 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-08-29 01:53:56 +0000

    net-analyzer/fail2ban: fix openssh-9.8 compat harder; openrc tweak
    
    * Fix OpenSSH 9.8 harder by backporting more patches from upstream
    * Backport mjo's OpenRC init script tweak for nftables
    
    Bug: https://bugs.gentoo.org/935392
    Closes: https://bugs.gentoo.org/936838
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild     | 138 +++++++++++++++++++++
 .../files/fail2ban-1.1.0-openrc-nftables.patch     |  25 ++++
 .../files/fail2ban-1.1.0-openssh-9.8-fixups.patch  |  40 ++++++
 3 files changed, 203 insertions(+)