I have successfully installed fail2ban on a debian wheezy server running asterisk 12 and freepbx 12. The set up has worked smoothly so far - however, I dont seem to be able to get rid of the ‘fire’ symbol next to fail2ban on the system status page.
I amended /etc/fail2ban/jail.local to include the following
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=myemailaddress.com, [email protected]_asterisk]
logpath = /var/log/asterisk/security
maxretry = 5
bantime = 259200
The asterisk filter at /etc/fail2ban/filter.d/asterisk.conf shows the following
Fail2Ban configuration file
$Revision: 250 $
Read common prefixes. If any customizations available – read them from
#before = common.conf
#_daemon = asterisk
Notes.: regex to match the password failures messages in the logfile. The
host must be matched by a group named “host”. The tag “” can
be used for standard IP/hostname matching and is only an alias for
failregex = SECURITY.* SecurityEvent=“FailedACL”.RemoteAddress=".+?/.+?//.+?".
Notes.: regex to ignore. If this regex matches, the line is ignored.
What more do I need to do to have freepbx update the status page