My setup is Ubuntu 20.04.
The log is huge despite no users or other activities. Where does this long comes from? What’s the deal with Mr Glue? What’s the issue…? How do solve it or turn it off?
5016453[2021-09-22 11:58:14] NOTICE[37180] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016454[2021-09-22 11:58:14] NOTICE[37180] manager.c: 51.15.145.81 failed to authenticate as 'glue'
5016455[2021-09-22 11:58:15] NOTICE[37186] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016456[2021-09-22 11:58:15] NOTICE[37186] manager.c: 51.15.145.81 failed to authenticate as 'glue'
5016457[2021-09-22 11:58:16] NOTICE[37189] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016458[2021-09-22 11:58:16] NOTICE[37189] manager.c: 51.15.145.81 failed to authenticate as 'glue'
5016459[2021-09-22 11:58:17] NOTICE[37205] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016460[2021-09-22 11:58:17] NOTICE[37205] manager.c: 51.15.145.81 failed to authenticate as 'glue'
5016461[2021-09-22 11:58:18] NOTICE[37211] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016462[2021-09-22 11:58:18] NOTICE[37211] manager.c: 51.15.145.81 failed to authenticate as 'glue'
5016463[2021-09-22 11:58:19] NOTICE[37212] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016464[2021-09-22 11:58:19] NOTICE[37212] manager.c: 51.15.145.81 failed to authenticate as 'glue'
5016465[2021-09-22 11:58:20] NOTICE[37235] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016466[2021-09-22 11:58:20] NOTICE[37235] manager.c: 51.15.145.81 failed to authenticate as 'glue'
5016467[2021-09-22 11:58:21] NOTICE[37236] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016468[2021-09-22 11:58:21] NOTICE[37236] manager.c: 51.15.145.81 failed to authenticate as 'glue'
5016469[2021-09-22 11:58:22] NOTICE[37242] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016470[2021-09-22 11:58:22] NOTICE[37242] manager.c: 51.15.145.81 failed to authenticate as 'glue'
5016471[2021-09-22 11:58:24] NOTICE[37245] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016472[2021-09-22 11:58:24] NOTICE[37245] manager.c: 51.15.145.81 failed to authenticate as 'glue'
5016473[2021-09-22 11:58:25] NOTICE[37246] manager.c: 51.15.145.81 tried to authenticate with nonexistent user 'glue'
5016474[2021-09-22 11:58:25] NOTICE[37246] manager.c: 51.15.145.81 failed to authenticate as 'glue'
as the others have said - someone (or more likely an automated system) is trying to access your server, because you have the AMI Port exposed to the internet.
Thank you for the reply! Soon after posting this a very skilled person arrived to our office and was asked to brighten up the light…! He found out that Macro was not marked in the list of Applications when compiling, so he marked it, compiled it and made a new install.
No, that’s true. Excuse me. That solved another issue that I did not write about. My iPhone and laptop could connect successfully but no calls were getting through. “Number is not available.” It was because PBX was expecting macro to take place but the application macro was not compiled and installed.
There are so many errors of different kinds and so much was solved yesterday and it’s difficult for me to keep it all apart! My fault!
xxxxxxxxxxxxxxxxxxxxx
Here are my Fail2Ban settings based on your suggestions:
sudo service fail2ban start
[12639]: ERROR Failed during configuration: Have not found any log file for asterisk jail
[12639]: ERROR Async configuration of server failed
Fail2ban will process any ‘jails’ in the ‘drop directory’ jail.d/ if any exist, also any in jail.local and jail.conf , It is suggested not to use suggest you don’t use jail.conf but copy and rename it to jail.local or create individual jails (named for their facility by convention like sshd.local or asterisk.local), at your preference.
To the OP, maybe you should start off with the ‘distro’ 'cos it does the heavy lifting for, you, Fail2ban is well documented in it’s source
But any jail you construct needs to have at least a log file that exists to follow, yours, ‘not so much’
Recipes for installing FreePBX on many ‘standard’ Lini including Ubuntu/Debian are documented in the Wiki at the top of this page.
i misread the screenshot and Dicko is absolutely correct.
I thought OP was editing “jail.d” as a file and not a directory that contained the asterisk file
That would work for a system that was logging to /var/log/asterisk/messages (which is probably not what it is doing)
Fail2ban’ asterisk ‘filter’ will define what gets caught in the monitored file, depending on your filter that would mostly be SIP over UDP/TCP/WSS/WS , so 80 and 443 would likely not be useful, 5038 is better managed by only listening it on your loopback interface (127.0.0.1). You need to match the ports watched to the way you have configured your channel drivers.