Did you read the documention about that? it basically reads the fail2ban log itself, and would only ban after in your case ten times the bantime of the underlying jail causing a Ban then an Unban on any particular host .
gcc (the c++ compiler asterisk uses) will compile best effort against the processor it is running under, in a virtualized KVM environment their is no knowledge of the real hardware, just whatever QEMU or whatever you are using presents it, give it a plain old i386 and if it fails to compile, take that up with QEMU or XEN or whatever you are using, if it compiles but doesnât run, a possibility I guess, then now you can start blaming your hardware, did you try any of that yet? I have and it works under everything I have thrown at it.
Hmm, virtual servers over a TimeWarner residential service? Hardly robust I would have thought :-), what is it like at 4:20 pm when the neighborhood kids all come home?
Yes, but after 50 times now still no one week ban peer the jail rule.
And running fail2ban-regex /var/log/fail2ban.log /etc/fail2ban/filter.d/asterisk.conf produces no matches.
Anyway the box I am discussing now is not a virtual machine. Itâs a Pentium 4 and Asterisk 11 would not compile correctly on it. It would get that same error in the bug report I listed above.
Well maybe a Pentium 4 is exceptiinal and wonât work but most will, even the original Pentium MMX
My install script in a VERY abbreviated form, with a few fail2ban specific debug routines added, which I use after booting machines real or virtual, with :-
#!/bin/bash
cat /proc/cpuinfo;cat /proc/partitions;free
read -p "Here is what you have to work with . . . . "
apt-get -y install multitail build-essential ncurses-dev libsqlite3-dev libssl-dev python-pyinotify
echo "check_mail:0" >> /etc/multitail.conf
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11-current.tar.gz
tar -zxsvf asterisk-11-current.tar.gz
cd asterisk-11.10.2/
./configure --disable-xmldoc
make
make install
make samples
make config
sed -i s'/^;dateformat=%F %T/dateformat=%F %T/' /etc/asterisk/logger.conf
echo "security = security,notice" >> /etc/asterisk/logger.conf
service asterisk start &
read -t 10 -p "Now for fail2ban , press any key or wait a few. . . "
cd /usr/src
wget https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.9.0
tar -zsxvf 0.9.0
cd fail2ban-0.9.0/
python setup.py install
sed -i s'/\[asterisk\]/\[asterisk\]\nenabled = true/' /etc/fail2ban/jail.conf
sed -i s'|/var/log/asterisk/messages|/var/log/asterisk/security|' /etc/fail2ban/jail.conf
fail2ban-client start;sleep 3
fail2ban-regex /var/log/asterisk/security /etc/fail2ban/filter.d/asterisk.conf
read -p "Fail2ban should be working now . . . ."
multitail /var/log/asterisk/security /var/log/fail2ban.log /var/log/mail.log
Dollars to donuts it will also work for @GeekBoy also . . .
Asterisk Module Loader configuration file
;
;
[modules]
autoload=yes
;
; Any modules that need to be loaded before the Asterisk core has been
; initialized (just after the logger has been initialized) can be loaded
; using 'preload'. This will frequently be needed if you wish to map all
; module configuration files into Realtime storage, since the Realtime
; driver will need to be loaded before the modules using those configuration
; files are initialized.
;
; An example of loading ODBC support would be:
;preload => res_odbc.so
;preload => res_config_odbc.so
;
; As FreePBX is using Local as the channel for queue members we need to make sure
; that pbx_config.so and chan_local.so are preloaded. If not, queue members
; will be marked as invalid until app_queue is reloaded.
preload => pbx_config.so
preload => chan_local.so
;
; Uncomment the following if you wish to use the Speech Recognition API
;preload => res_speech.so
;
; If you want, load the GTK console right away.
; KDE console is obsolete and was removed from Asterisk 2008-01-10
;
noload => pbx_gtkconsole.so
;load => pbx_gtkconsole.so
noload => pbx_kdeconsole.so
;
; Intercom application is obsoleted by
; chan_oss. Don't load it.
;
noload => app_intercom.so
;
; DON'T load the chan_modem.so, as they are obsolete in * 1.2
noload => chan_modem.so
noload => chan_modem_aopen.so
noload => chan_modem_bestdata.so
noload => chan_modem_i4l.so
; Trunkisavail is a broken module supplied by Trixbox
noload => app_trunkisavail.so
; Ensure that format_* modules are loaded before res_musiconhold
;load => format_ogg_vorbis.so
load => format_wav.so
load => format_pcm.so
; format_au.so is removed from Asterisk 1.4 and later, remove ; to enable
;load => format_au.so
; This isn't part of 'Asterisk' iteslf, it's part of asterisk-addons. If this isn't
; installed, asterisk will fail to start. But it does need to go here for native MOH
; to work using mp3's.
; Note that on a system with a high number of calls, using a compressed audio format for
; musiconhold takes CPU resources. Converting these files to ulaw/alaw makes the job
; much easier for your CPU.
load => format_mp3.so
load => res_musiconhold.so
;
; Load either OSS or ALSA, not both
; By default, load no console driver
;
noload => chan_alsa.so
noload => chan_oss.so
noload => app_directory_odbcstorage.so
noload => app_voicemail_odbcstorage.so
It does work if I manually local it. First time I have seen this. SIP is the core module of Asterisk and having to manually load it? I still need to test it I guess.
Did anybody came to the idea to check for a jail.local file?
I had a simular problem and it turned out the freepbx distribution comes with an /etc/jail2ban/jail.local file that overrides everything defined in jail.conf.
Putting the right configuration in the jail.local file solved my problem.
#1 You did not read the entire thread. The problem was running an old Asterisk 1.8.x with an updated fail2ban client. It needed the âsecurityâ log option to read it properly, which was not available in Asterisk 1.8.x.