Fail2ban fix for ASTPP

rgazetta

unread,

May 4, 2018, 8:31:00 AM5/4/18

to ASTPP

Hi,

We noticed that Fail2ban is installed and the configuration file looks fine with the ASTPP install script - but it fails to run and does not catch any hack attempts.

I test

fail2ban manual install and configuration script in the ASTPP github repository:

https://github.com/iNextrix/ASTPP/blob/f280c5aa91bd41732ffa37d74120cc5f0bfa168d/misc/contribution/Fail2ban.sh

But my iptables error;

Astp work in Debian 8

root@panel: /etc/init.d/iptables restart

bash: /etc/init.d/iptables: Arquivo ou diretÃ³rio nÃ£o encontrado

root@panel: /usr/sbin/iptables

bash: /usr/sbin/iptables: Arquivo ou diretÃ³rio nÃ£o encontrado

root@panel: iptables status

Bad argument `status'

Popov

unread,

May 5, 2018, 11:34:20 PM5/5/18

to ASTPP

Reginaldo, Debian works differently form CentOS and does not have service called iptables that needs to be restarted. All entries are loaded directly into linux kernel and available immediately. That might be an overkill but if you install webmin you will have web interface to control iptables and fail2ban along with many other options and not need to use CLI.

Regards,

Popov

Kavin Chauhan

unread,

May 7, 2018, 1:17:11 AM5/7/18

to ASTPP

Hi rgazetta,

Please use this steps, http://astpp.readthedocs.io/en/v3.6/Security/fail2ban.html

rgazetta

unread,

May 7, 2018, 12:07:42 PM5/7/18

to ASTPP

I've already performed these procedures, but the problem is that fail2ban does not block the attacks I'm receiving from the type below.

The lock only works if I do it manually.

2018-05-07 12:55:21.435487 [WARNING] sofia_reg.c:1737 SIP auth failure (REGISTER) on sofia profile 'LOCAL' for [5...@xxx.xxx.xxx.xxx] from ip 212.83.172.147

2018-05-07 12:55:21.455630 [WARNING] sofia_reg.c:1792 SIP auth challenge (REGISTER) on sofia profile 'LOCAL' for [9...@xxx.xxx.xxx.xxx] from ip 212.83.172.147

2018-05-07 12:55:21.575485 [WARNING] sofia_reg.c:1792 SIP auth challenge (REGISTER) on sofia profile 'LOCAL' for [21...@xxx.xxx.xxx.xxx] from ip 212.83.172.147

2018-05-07 12:55:21.875490 [WARNING] sofia_reg.c:2906 Can't find user [9...@xxx.xxx.xxx.xxx] from 212.83.172.147

You must define a domain called 'xxx.xxx.xxx.xxx' in your directory and add a user with the id="949" attribute

and you must configure your device to use the proper domain in it's authentication credentials.

2018-05-07 12:55:21.875490 [WARNING] sofia_reg.c:1737 SIP auth failure (REGISTER) on sofia profile 'LOCAL' for [9...@xxx.xxx.xxx.xxx] from ip 212.83.172.147

2018-05-07 12:55:21.875490 [WARNING] sofia_reg.c:2906 Can't find user [21...@xxx.xxx.xxx.xxx] from 212.83.172.147

You must define a domain called 'xxx.xxx.xxx.xxx' in your directory and add a user with the id="2133" attribute

and you must configure your device to use the proper domain in it's authentication credentials.

2018-05-07 12:55:21.875490 [WARNING] sofia_reg.c:1737 SIP auth failure (REGISTER) on sofia profile 'LOCAL' for [21...@xxx.xxx.xxx.xxx] from ip 212.83.172.147

2018-05-07 12:55:21.995486 [WARNING] sofia_reg.c:1792 SIP auth challenge (REGISTER) on sofia profile 'LOCAL' for [18...@xxx.xxx.xxx.xxx] from ip 212.83.172.147

2018-05-07 12:55:22.095484 [WARNING] sofia_reg.c:1792 SIP auth challenge (REGISTER) on sofia profile 'LOCAL' for [1...@xxx.xxx.xxx.xxx] from ip 212.83.172.147

2018-05-07 12:55:22.235506 [WARNING] sofia_reg.c:1792 SIP auth challenge (REGISTER) on sofia profile 'LOCAL' for [4...@xxx.xxx.xxx.xxx] from ip 212.83.172.147

2018-05-07 12:55:22.235506 [WARNING] sofia_reg.c:2906 Can't find user [18...@xxx.xxx.xxx.xxx] from 212.83.172.147

sman

unread,

May 7, 2018, 4:03:20 PM5/7/18

to ASTPP

Have you verified the f2b script is looking at the correct log file? If so then you need to test the rules it is using. Perhaps you need to add some to match those logs you posted. FusionPBX includes some freeswitch fail2ban filters so you can have a look at those for ideas.

rgazetta

unread,

May 7, 2018, 4:37:24 PM5/7/18

to ASTPP

Can help-me?

Em sexta-feira, 4 de maio de 2018 09:31:00 UTC-3, rgazetta escreveu:

Kavin Chauhan

unread,

May 8, 2018, 3:23:00 AM5/8/18

to ASTPP

Please send output of below.
1> ls -la /usr/local/freeswitch/log/freeswitch.log
2> tail -100 /var/log/fail2ban/fail2ban.log

On Friday, May 4, 2018 at 6:01:00 PM UTC+5:30, rgazetta wrote:

rgazetta

unread,

May 8, 2018, 8:22:07 AM5/8/18

to ASTPP

ls -la /usr/local/freeswitch/log/freeswitch.log

-rw-r--r-- 1 freeswitch daemon 69437367 Mai 8 09:20 /usr/local/freeswitch/log/freeswitch.log

tail -100 /var/log/fail2ban.log

2018-05-07 17:17:32,663 fail2ban.server [726]: INFO Stopping all jails

2018-05-07 17:17:33,575 fail2ban.jail [726]: INFO Jail 'freeswitch' stopped

2018-05-07 17:17:34,577 fail2ban.jail [726]: INFO Jail 'ssh' stopped

2018-05-07 17:17:34,578 fail2ban.server [726]: INFO Exiting Fail2ban

Em sexta-feira, 4 de maio de 2018 09:31:00 UTC-3, rgazetta escreveu:

rgazetta

unread,

May 10, 2018, 8:14:34 AM5/10/18

to ASTPP

solved

https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban

Em sexta-feira, 4 de maio de 2018 09:31:00 UTC-3, rgazetta escreveu:

Reply all

Reply to author

Forward