Closed opoplawski closed 7 months ago
In the meantime I'm adding this to the fail2ban policy:
gen_require(`
attribute logfile;
')
allow fail2ban_t logfile:dir { watch_dir_perms };
allow fail2ban_t logfile:file { watch_file_perms };
Adding 2 interfaces, the logfile attribute should cover all log files except audit log which is intentional.
As there were no comments, I am going to merge the PR as is.
fail2ban needs to be able to read and watch just about any logfile. We already use:
But this doesn't seem to give us the following:
I see
logging_watch_all_log_dirs_path
- but that only gives permission for dirs. I think we need alogging_watch_all_logs
interface.Thoughts?