Fail2ban strange bahvior


#1

I just installed asteriskNOW 15 and reloaded a configuration from an older installation (Asterisk15). I have 2 issues that I wanted to see is anybody had a suggestion. This is the second one (separate post for issue 1).

We moved to a new location, and so there are a few changes. One change is that at the old location the entrance door was locked, and people had to be buzzed in. The intercom from the door worked through the phone system: Someone would press the button for us, this would activate the intercom, which would place a call to our office. So I had set up the phone number as a separate inbound route, with a separate extension. When someone pushed the intercom button, it would show up on the phone as “door” and I could pick it up and buzz the people in. That is gone, and I deleted the inbound route, as well as the extension, and I deleted the SIP channel on my phone.

Curiously, I am getting fail2ban messages that my phone tried multiple times to connect and was banned. However, when I look at the phone, it has several extensions connected, and the “door” channel is not listed anymore. Asterisk was rebooted several times, as was my phone. Why would Asterisk tell me that my phone was trying to connect?

Second (and I am not sure if this is related), I set up Asterisk to use my Gmail SMTP server. That works fine, I get my voice messages as email attachments. But the fail2ban messages are not being delivered. I get them a “failure to deliver” in my gmail account. Furthermore, they seem to be sent to "none@yourpbx.com" (which would explain the failure to deliver by gmail). Here is the text (masked the exact IP address of the phone)

Hi,
The IP 192.168.xxx.xxx has just been banned by Fail2Ban after
6 attempts against SIP on localhost.
Regards,

Fail2Ban

I had searched for "none@yourpbx.com", and found that there are possibly 4 files that need to be changed (fail2ban.conf), and fail2ban.local. as well as jail.conf and jail.local

fail2ban.conf does not seem to have any reference to an email or server, so there was nothing to change.
fail2ban.local only has a reference to the log file, so no changes there either.
Jail.conf also seems to be clear.
In jail.local I found a number of references to "none@yourpbx.com". These sere listings in the sections [pbx-gui], [asterisk-iptables], and others. I changed them all. Here is what they look like (masked email and sender addresses):

[asterisk-iptables]
enabled = true
filter = asterisk-security
action = iptables-allports[name=SIP, protocol=all]
sendmail[name=SIP, dest=mikexxxxx@xxxxx.com, sender=asterisk@xxxxxxx.com]
logpath = /var/log/asterisk/fail2ban

[pbx-gui]
enabled = true
filter = freepbx
action = iptables-allports[name=SIP, protocol=all]
sendmail[name=SIP, dest=mikexxxxx@xxxxx.com, sender=asterisk@xxxxxxx.com]
logpath = /var/log/asterisk/freepbx_security.log

[ssh-iptables]
enabled = true
filter = sshd
action = iptables-multiport[name=SSH, protocol=tcp, port=ssh]
sendmail[name=SSH, dest=mikexxxxx@xxxxx.com, sender=asterisk@xxxxxxx.com]
logpath = /var/log/secure

[apache-tcpwrapper]
enabled = true
filter = apache-auth
action = iptables-allports[name=apache-auth, protocol=all]
sendmail[name=apache-auth, dest=mikexxxxx@xxxxx.com, sender=asterisk@xxxxxxx.com]
logpath = /var/log/httpd/error_log

[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables-multiport[name=FTP, protocol=tcp, port=ftp]
sendmail[name=FTP, dest=mikexxxxx@xxxxx.com, sender=asterisk@xxxxxxx.com]

What I don’t understand is why the fail2ban messages are still sent to "non@yourpbx.com". Do I have to change more configuration files?

Also, fail2ban shows up in the Freepbx dashboard as a line with a green check mark. But I cannot find it in the Module administrator or anywhere else in the FreePBX Gui. Is that normal?


(system) closed #2

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.