I have been noticing, one by one, the multiple different servers I manage, a particular security concern. I use the fail2ban and I have it send me emails on attempts. The pattern I have noticed is I will receive emails of attempts that were banned, multiple ones in a row. When I log onto the server to check the status of it, I see right away that the firewall is disabled! I check on these frequently, at least once a week and I know they are always enabled and running. I enable the firewall, and monitor it afterwards, and there are no problems after that happens. But this has happened to three different FreePBX systems I manage. I don’t know if it’s coincidence but the only common factor I can see is that all of them had their Let’s Encrypt cert due to renew. They still had nearly a month left, so they were still valid, but there was a security message indicating it was due to for renewal and it hadn’t processed automatically yet. When I manually update the certificate, it processes normally and shows it is updated. I run this after the firewall was re-enabled. I do not know if this is a bug with this particular series of events, but as I mentioned, it has happened on multiple different servers. Any ideas?
They are all running the following versions:
Firewall Module 220.127.116.11
Certificate Manager Module 18.104.22.168