Distro 1.89.210.57-2 and fail2ban

DrDarko · March 3, 2012, 3:43pm

For some reason, fail2ban config in the latest Distro download points to /var/log/asterisk/fail2ban instead of /var/log/asterisk/full

All you need to do to make fail2ban work is to edit /etc/fail2ban/jail.local, edit the logpath variable and restart fail2ban.

DrDarko · March 3, 2012, 4:25pm

I did those changes (logger_logfiles_custom.conf and jail.local), restarted asterisk and fail2ban and everything works without any issues now.

Fail2ban should work much faster this way since there is really a lot less info to parse.

As an afterthought, maybe (in some future update) you should add these two lines to the /etc/fail2ban/asterisk.conf

NOTICE.* .*: Failed to authenticate user .*@<HOST>.* NOTICE.* .*: Sending fake auth rejection for device .*@<HOST>.*
A lot of times brute force attacks result in “Sending fake auth…” so this does help with keeping those script kiddies at bay.

Anyway, great job and fast response.

Thanks…

tonyclewis · March 3, 2012, 3:49pm

Actually do not edit that file. We purposely setup a new log file for fail2ban with just notices in it so the log file is smaller for fail2ban to parse and can react quicker.

Just add this to your /etc/asterisk/logger_logfiles_custom.conf

fail2ban => notice

I fixed it just now in all version of the Distro that uses the new fail2ban RPM. Not sure how I missed setting up the log file at install time.

nuronce · September 5, 2012, 1:42pm

Hi, I have 2 questions.
I am running 1.815.210.58-1 why is the fail2ban version 0.8.4 from 2009 when the latest version is 0.8.7 from 7/2012 ?

ALSO

I am getting these warnings after upgrade to 2.10

WARNING ‘action’ not defined in ‘php-url-fopen’. Using default value WARNING ‘action’ not defined in ‘lighttpd-fastcgi’. Using default value ERROR No file found for /var/log/asterisk/fail2ban ERROR No file found for /var/log/vsftpd.log

I guess the warnings are becuase PHP was updated, but fail2ban is out of date?

Thanks,
Ron

esarant · September 7, 2012, 11:00am

According to nuronce latest fail2ban is 0.8.7 or not?

Why do I have 0.8.6-9 ?

cat /etc/asterisk/freepbxdistro-version
1.815.210.58-1

yum list fail2ban Loaded plugins: fastestmirror, kmod Loading mirror speeds from cached hostfile Installed Packages fail2ban.noarch 0.8.6-9 installed

Thanks

system · June 4, 2014, 7:29pm