I updated fail2ban from version 0.8.14 to 0.9.4 manually. After the update System Admin stopped displaying banned IPs in the Intrusion Detection section. IPTables still shows the correct banned IPs and I am receiving emails. What needs to be done to allow the Banned IP’s to display in the Intrusion Detection section of System Admin again.
FreePBX 14.0.13.26
System Admin 14.0.38.8
Thanks,
Bill Snyder
ummm, don’t go outside of the supplied packages?
Seriously. do not understand people manually changing something beyond the design and expecting it to all work perfectlyat
Does it suck the fail2ban is not $preferredversion? Sure.
Sorvani,
Even though I went “outside” the supplied packages, everything works fine with the exception of not displaying the banned IPs in the Intrusion Detection section of System Admin. One could argue, it works better than it did with the older version of Fail2Ban. The problem is cosmetic only, it is still very easy to see the banned IPs from the command line.
I “seriously” do NOT understand people NOT wanting to explore. You should really consider not responding when your answer is completely opinion and holds absolutely no value when it comes to contributing towards a solution to the problem.
By the way nice had dude … NOT !!
Trust me, I very much dislike how old some packages are in the distro.
But, having done my years as a software developer, I do understand where some of their reasons come from. Even if I disagree with their choice.
You should also take a look at the following thread: System Admin Pro does not show banned IP's
The exact same problem with an older version of FreePBX, and it has a solution. Imagine that !!
Actually it is highly likely that a copy of the /var/www/html/admin/modules/sysadmin/hooks/fail2ban-getbanned executable from a FreePBX 15 installation may solve the problem as it works with the newer version of Fail2Ban. It produces the file that is then displayed in the Intrusion Detection section of System Admin (with the proper formatting of course).
Don’t sweat it too much, both 0.9 and 0.10 work fine , just set the notifications for the jails you use and the level of detail you want, and you will be informed ASAP by email after a ban is set or unset .
Also the database is now maintained over a restart thats a really good thing. Further to make it all way more responsive add pyinotify to your os.
If you want to see “whats up” and have an sqlite3 client installed (and after a little RTFM)
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3
perhaps
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "select * from bans order by timeofban desc limit 3"
should satisfy the most inquisitive
There are an awful lot of other jails available that you might find useful also.
This is all very good information. I love the fact that the database is maintained over a restart. Also, the database commands are very useful.
I take it that there is no solution for displaying the banned IPs in the Intrusion Detection section of the System Admin module. I would imagine that doing so would require a new System Admin module that supports fail2ban 0.9.4 & 0.10.0 correct ?
I even went so far as to put up the newest version of FreePBX 15/Asterisk 16 and was shocked to find that the fail2ban that comes packaged with it is version 8.0.14.
Sorry, sysadmin is obfuscated and only available on their distro so only Sangoma can answer that.
In my case sysadmin is not even a possibility but work-arounds, like this one, are generally trivial.
We went ahead and put fail2ban 0.9.4 in place. It has too many benefits over the old version to ignore it. The only drawback is not being able to see the banned IP list in the Intrusion Detection section of System Admin. I wrote a command line tool to display all currently banned IP addresses and their jail.
Thanks DickO for all your help, much appreciated.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.