I have successfully installed fail2ban on a debian wheezy server running asterisk 12 and freepbx 12. The set up has worked smoothly so far - however, I dont seem to be able to get rid of the ‘fire’ symbol next to fail2ban on the system status page.
I amended /etc/fail2ban/jail.local to include the following
[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=myemailaddress.com, sender=fail2ban@lams_asterisk]
logpath = /var/log/asterisk/security
maxretry = 5
bantime = 259200
++++++++++++++++
The asterisk filter at /etc/fail2ban/filter.d/asterisk.conf shows the following
Fail2Ban configuration file
$Revision: 250 $
[INCLUDES]
Read common prefixes. If any customizations available – read them from
common.local
#before = common.conf
[Definition]
#_daemon = asterisk
Option: failregex
Notes.: regex to match the password failures messages in the logfile. The
host must be matched by a group named “host”. The tag “” can
be used for standard IP/hostname matching and is only an alias for
(?:::f{4,6}:)?(?P\S+)
Values: TEXT
failregex = SECURITY.* SecurityEvent=“FailedACL”.RemoteAddress=".+?/.+?//.+?".
SECURITY.* SecurityEvent=“InvalidAccountID”.RemoteAddress=".+?/.+?//.+?".
SECURITY.* SecurityEvent=“ChallengeResponseFailed”.RemoteAddress=".+?/.+?//.+?".
SECURITY.* SecurityEvent=“InvalidPassword”.RemoteAddress=".+?/.+?//.+?".
Option: ignoreregex
Notes.: regex to ignore. If this regex matches, the line is ignored.
Values: TEXT
ignoreregex =
===================
What more do I need to do to have freepbx update the status page