Hide fail2ban open+deleted file warning with grsec

One of the features in grsecurity also prevents Fail2Ban from creating a temp file under /var/tmp.  I've been unable to pinpoint the line in fail2ban which causes the issue, but have confirmed it's related to Fail2Ban.

Note: disabling the PaX MPROTECT function on /usr/bin/python will also resolve this issue, but it's better to keep MPROTECT on.

1 files changed, 9 insertions, 2 deletions

diff --git a/include/tests_logging b/include/tests_logging
index d7e3e6b6..8ecf358a 100644
--- a/include/tests_logging
+++ b/include/tests_logging
@@ -474,8 +474,15 @@
     if [ ! "${LSOFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking deleted files in file table"
     if [ ${SKIPTEST} -eq 0 ]; then
-        LogText "Test: checking deleted files but are still in use"
-        FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort -u`
+        LogText "Test: checking deleted files that are still in use"
+        
+        if [ -e /dev/grsec ]; then
+            # grsecurity causes Fail2Ban to hold onto deleted in-use files in /var/tmp
+            FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information|fail2ban" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort -u`
+        else
+            FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort -u`
+        fi
+
         if [ ! "${FIND}" = "" ]; then
             LogText "Result: found one or more files which are deleted, but still in use"
             for I in ${FIND}; do