fwcheck_psad does not handle installed but not running firewalld service

[rathann]

This was reported in Fedora bug tracker (https://bugzilla.redhat.com/show_bug.cgi?id=1394902).

Description of problem: Setting psad on my system shows error in /var/log/psad/fw_check because I have firewalld installed but not running. I set my firewall with /etc/sysconfig/iptables and using iptables.service

Version-Release number of selected component (if applicable):

psad-2.4.3-3.fc24.x86_64
perl-IPTables-Parse-1.6.1-2.fc24.noarch
perl-IPTables-ChainMgr-1.5-2.fc24.noarch
firewalld-0.4.4.1-1.fc24.noarch

How reproducible: Always

Steps to Reproduce:

1. Have firewalld installed but not running systemctl stop firewalld.service
2. Adjust config in /etc/psad/psad.conf if necessary
3. Add -j LOG entries to INPUT and FORWARD iptables chains
4. run: fwcheck_psad
5. check result in root email and or in /var/log/psad/fw_check

Actual results: I get an error saying there is no default logging rule.

Expected results: That the ruleset is present and the firewall config is a success.

Additional info: As a work around, I renamed the firewall-cmd executable:

mv /usr/bin/firewall-cmd /usr/bin/firewall-cmd.orig

After that, fwcheck_psad now works.

The problem is that the fwcheck_psad script and perl-IPTables-Parse only check for the presence of firewall-cmd, not to see if it actually works (the firewalld service is running). Therefore it fails.

[mrash]

Thanks for reporting this. I'll get it fixed.

[mrash]

This has been fixed in psad-2.4.5 (just released), but it requires using two new config variables in psad.conf: ENABLE_OVERRIDE_FW_CMD and FW_CMD.