Fail2ban-fpbx-0.8.14-11.sng7 no working SNG7 (CentOS 7) 14.0.1.3

klistrod · July 27, 2017, 12:47pm

How can I install a newer version? fail2ban-server-0.9.6

fail2ban-fpbx-0.8.14-11.sng7 no working in SNG7 14.0.1.3 (CentOS 7)

[[email protected] ~]# fail2ban-client status
Status
|- Number of jail:      0
`- Jail list:
[[email protected] ~]#

/etc/fail2ban/jail.local

[DEFAULT]
ignoreip = 127.0.0.1
bantime  = 1800
findtime  = 600
maxretry = 5
backend = auto

[asterisk-iptables]
enabled  = true
filter = asterisk-security
action   = iptables-allports[name=SIP, protocol=all]
           sendmail[name=SIP, [email protected], [email protected]]
logpath  = /var/log/asterisk/fail2ban
maxretry = 5
bantime = 1800

[pbx-gui]
enabled  = true
filter   = freepbx
action   = iptables-allports[name=PBX-GUI, protocol=all]
           sendmail[name=PBX-GUI, [email protected], [email protected]]
logpath  = /var/log/asterisk/freepbx_security.log
maxretry = 5
bantime = 1800

[ssh-iptables]
enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail[name=SSH, [email protected], [email protected]]
logpath  = /var/log/secure
maxretry = 3

[apache-tcpwrapper]
enabled  = true
filter   = apache-auth
action   = iptables-allports[name=apache-auth, port=http, protocol=tcp]
           sendmail[name=apache-auth, [email protected], [email protected]]
logpath  = /var/log/httpd/error_log
maxretry = 3


[vsftpd-iptables]
enabled  = true
filter   = vsftpd
action   = iptables[name=FTP, port=ftp, protocol=tcp]
           sendmail[name=FTP, [email protected], [email protected]]
logpath  = /var/log/vsftpd.log
maxretry = 3
bantime  = 1800

[apache-badbots]
enabled  = true
filter   = apache-badbots
action   = iptables-multiport[name=BadBots, port="http,https"]
           sendmail[name=BadBots, [email protected], [email protected]]
logpath  = /var/log/httpd/*access_log
bantime  = 1800
maxretry = 1

# Jail for more extended banning of persistent abusers
# !!! WARNING !!!
#   Make sure that your loglevel specified in fail2ban.conf/.local
#   is not at DEBUG level -- which might then cause fail2ban to fall into
#   an infinite loop constantly feeding itself with non-informative lines
[recidive]
enabled  = true
filter   = recidive
logpath  = /var/log/fail2ban.log*
action   = iptables-allports[name=recidive, protocol=all]
           sendmail[name=recidive, [email protected], [email protected]]
bantime  = 604800  ; 1 week
findtime = 86400   ; 1 day
maxretry = 20

ngingras · July 27, 2017, 4:18pm

I’ve confirmed this on a few test builds. Also noticed that the log file /var/log/fail2ban.log is empty, but there seems to be some fail2ban stuff being logged to /var/log/messages (haven’t had time to dig much further.)

I reported the issue here:

https://issues.freepbx.org/browse/FREEPBX-15440

alenguav · August 26, 2017, 7:53pm

I checked the above link and according to the conversations it seems that the issue remains, so I was wondering what alternatives do we have for blocking offensive IPs?

tonyclewis · August 26, 2017, 9:58pm

You have to wait for the ticket to be resolved. If you install your own fail2ban not ours than you can’t manage it from the GUI.

waldrondigital · September 12, 2017, 10:29pm

Any status update on this? I too have a client with a new 14 install from ISO and fail2ban is doing nothing. I happened to notice this when I was in the asterisk console and saw 1000s of registration requests from the outside from an offending IP.

It first reported zero jails, then I reloaded and I have 7 jails. Still seems not to be blocking like it should. My FreePBX 13 installs all do this without issue.