I updated fail2ban from version 0.8.14 to 0.9.4 manually. After the update System Admin stopped displaying banned IPs in the Intrusion Detection section. IPTables still shows the correct banned IPs and I am receiving emails. What needs to be done to allow the Banned IP’s to display in the Intrusion Detection section of System Admin again.
Even though I went “outside” the supplied packages, everything works fine with the exception of not displaying the banned IPs in the Intrusion Detection section of System Admin. One could argue, it works better than it did with the older version of Fail2Ban. The problem is cosmetic only, it is still very easy to see the banned IPs from the command line.
I “seriously” do NOT understand people NOT wanting to explore. You should really consider not responding when your answer is completely opinion and holds absolutely no value when it comes to contributing towards a solution to the problem.
Actually it is highly likely that a copy of the /var/www/html/admin/modules/sysadmin/hooks/fail2ban-getbanned executable from a FreePBX 15 installation may solve the problem as it works with the newer version of Fail2Ban. It produces the file that is then displayed in the Intrusion Detection section of System Admin (with the proper formatting of course).
Don’t sweat it too much, both 0.9 and 0.10 work fine , just set the notifications for the jails you use and the level of detail you want, and you will be informed ASAP by email after a ban is set or unset .
Also the database is now maintained over a restart thats a really good thing. Further to make it all way more responsive add pyinotify to your os.
If you want to see “whats up” and have an sqlite3 client installed (and after a little RTFM)
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3
perhaps
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "select * from bans order by timeofban desc limit 3"
should satisfy the most inquisitive
There are an awful lot of other jails available that you might find useful also.
This is all very good information. I love the fact that the database is maintained over a restart. Also, the database commands are very useful.
I take it that there is no solution for displaying the banned IPs in the Intrusion Detection section of the System Admin module. I would imagine that doing so would require a new System Admin module that supports fail2ban 0.9.4 & 0.10.0 correct ?
I even went so far as to put up the newest version of FreePBX 15/Asterisk 16 and was shocked to find that the fail2ban that comes packaged with it is version 8.0.14.
We went ahead and put fail2ban 0.9.4 in place. It has too many benefits over the old version to ignore it. The only drawback is not being able to see the banned IP list in the Intrusion Detection section of System Admin. I wrote a command line tool to display all currently banned IP addresses and their jail.