From 2a2c09482572c3f35ca392ad42d2566898bf7b22 Mon Sep 17 00:00:00 2001 From: Eric Light Date: Tue, 22 Mar 2016 15:28:21 +1300 Subject: [PATCH] Hide fail2ban open+deleted file warning with grsec One of the features in grsecurity also prevents Fail2Ban from creating a temp file under /var/tmp. I've been unable to pinpoint the line in fail2ban which causes the issue, but have confirmed it's related to Fail2Ban. Note: disabling the PaX MPROTECT function on /usr/bin/python will also resolve this issue, but it's better to keep MPROTECT on. --- include/tests_logging | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/include/tests_logging b/include/tests_logging index d7e3e6b6..8ecf358a 100644 --- a/include/tests_logging +++ b/include/tests_logging @@ -474,8 +474,15 @@ if [ ! "${LSOFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking deleted files in file table" if [ ${SKIPTEST} -eq 0 ]; then - LogText "Test: checking deleted files but are still in use" - FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort -u` + LogText "Test: checking deleted files that are still in use" + + if [ -e /dev/grsec ]; then + # grsecurity causes Fail2Ban to hold onto deleted in-use files in /var/tmp + FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information|fail2ban" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort -u` + else + FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort -u` + fi + if [ ! "${FIND}" = "" ]; then LogText "Result: found one or more files which are deleted, but still in use" for I in ${FIND}; do