fail2ban 1 July 2015 fix

Distro Discussion & Help
1

Continuing the discussion from fail2ban fails 2 start:

(created this topic because this is more distro than general help)

(removed quotes cause it lost formatting)
This morning, AFTER pulling an update to the System Admin module (http://issues.freepbx.org/browse/FREEPBX-9581), I went and did yum update, which pulled the fail2ban update - after which it is faling to start, whereas it did work before;

Additionally, the status page shows me the fire icon and advice that it should be running, but the System Admin page shows it /is/ running.

Status:running

shows on intrusion detection no matter if I click Stop or Restart.

Doing it from console/ssh says:

[[email protected] ~]# service fail2ban restart
Stopping fail2ban: ERROR  Unable to contact server. Is it running?
                                                           [FAILED]
Starting fail2ban: WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
ERROR  Found no accessible config files for 'filter.d/asterisk-security' under /etc/fail2ban
ERROR  Unable to read the filter
ERROR  Errors in jail 'asterisk-iptables'. Skipping...
                                                           [FAILED]


[[email protected] ~]# yum info fail2ban
Loaded plugins: fastestmirror, kmod
Loading mirror speeds from cached hostfile
Installed Packages
Name        : fail2ban
Arch        : noarch
Version     : 0.8.14
Release     : 1.shmz65.1.8
Size        : 850 k
Repo        : installed
From repo   : schmooze-commercial
Summary     : Scan logfiles and ban ip addresses with too many password failures
URL         : http://fail2ban.sourceforge.net/
License     : GPL
Description : Fail2Ban monitors log files like /var/log/pwdfail or
            : /var/log/apache/error_log and bans failure-prone addresses. It
            : updates firewall rules to reject the IP address or executes user
            : defined commands.

Downgrading to previous version:

Removed:
  fail2ban.noarch 0:0.8.14-1.shmz65.1.8                                                                                           

Installed:
  fail2ban.noarch 0:0.8.14-1.shmz65.1.7

still the same, does not start (same error as above).

HTH.

EDIT:
by doing

cp /etc/fail2ban/filter.d/asterisk.conf /etc/fail2ban/filter.d/asterisk-security.conf

(iow. renaming the asterisk.conf filter file to astersk-security.conf filter),

seems to have fixed fail2ban, it is now starting

[[email protected] filter.d]# ls -l asterisk*
-rw-r--r-- 1 root root 2270 Aug 19  2014 asterisk.conf
-rw-r--r-- 1 root root 2270 Aug 19  2014 asterisk-security.conf
[[email protected] filter.d]# pwd
/etc/fail2ban/filter.d

then system overview is not showing the fail2ban error any more

EDIT2: system admin module still shows fail2ban status wrong (shows running all the time)

2

One might wonder how effective a set of rules from “Aug 19 2014” are, I think not so much for PJSIP and newer Asterii,

Do you get any “Bans” emailed to you or uncaught attempts at penetration in your log files?

Any IDS is only effective if it D’s the I’s :wink:

3

No, even the GUI (System Admin) shows no banned IP’s…

(because I have a firewall in front of my pbx that only allows sip and rtp to and from my sip providers’ /24 subnet, does not allow the big wide internet into my sip ports)

4

Then if you are comfortable that you are fully protected and don’t need any extra prophylaxis, rest peacefully you are absolutely safe as you have covered all problematic protocols and vulnerabilities, you can just uninstall fail2ban and not get those errors anymore :wink: