Tomorrow I’m going to install FreePBX Distro Stable-5.211.65-1.
After installation, I change all the password in very difficult passwords. My voip server is public, because my connection at home is to slow for it. So I have a server at my datacenter.
Can I remove fail2ban and install APF/BFD? If yes, can I remove fail2ban via:
chkconfig fail2ban off
service fail2ban stop
Is this a good way to do it or do you recommend too not uninstall fail2ban?
I’m not be able to intstall a VPN.
You are in the General Help section,if you installed fail2ban the “traditional” way, then you can remove if you want. If however you used the FreePBX/Schmooze distro, then you should ask in that forum as they install their own version of Fail2ban called intrusion detection system.
I suggest you might want to look at csf and use the csf.pre and csf.post scripts to stop/start fail2ban at the appropriate time (all are iptables based) but I agree you should have at least a software firewall running as well as your hardware border device. If your solution matches fail2ban’s regular expression parsing of your asterisk logs, then go for it, but it doess no harm to go the “belt and braces(suspenders)” route.
I also really like the apf firewall. It works well with both bfd and fail2ban.
As Dicko mentioned. I have never tried to rip fail2ban out of the Distro. Treat lightly.
Thank you both for your reply’s. I have APF running with fail2ban.
Please check that your implementation of fail2ban actually works, and it’s regexes are examining a correctly formatted log file . . . (plenty of recipes of how to do that in newer versions of asterisk out there in google land), there is nothing worse than a false sense of security
(actually there is worse, a big bill! )
Hi Dicko, haha yes, well I have a SIP provider on call credit. I only pay €15. So I can’t get a bill of €1000+.
APF doesn’t ban at this moment, so I think the settings are not correctly yet. Can you provide me a link?
I am not familiar with how APF monitors log files and ultimately bans them but csf and fail2ban both examine a specific log file , in this casev one that you will build that in newer versions of asterisk has security and notice events logged, (other events are spurious and a waste time and effort to parse) the process scans the file against regular expressions that extract the possible intruder ip from suspicious logged events. Each method csf,fail2ban and presumably APF do that with varying levels of latency, these regexes are sometimes out there in google land , for fail2ban for example
So, the answer to your question re AFP, is I don’t have one, for csf I have my own regexes developed, but I must say that a well configured fail2ban seems to work faster (python over perl I guess) . . .
Good Luck . . . .