Fail2ban fix for ASTPP 3.5
266 views
Skip to first unread message
David Morris
Nov 17, 2017, 6:31:20 AM11/17/17
to ASTPP
Hi,
We noticed that Fail2ban is installed and the configuration file looks fine with the ASTPP install script - but it fails to run and does not catch any hack attempts.
When trying to manually start fail2ban we see that it does not start:
[user@switch] service fail2ban start
Starting fail2ban (via systemctl): Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
[FAILED]To fix this you need to create a directory at /var/run/fail2ban:
mkdir /var/run/fail2banNow start the service:
[user@switch] service fail2ban start
Starting fail2ban (via systemctl): [ OK ]I hope this helps!
David
pavyolo
Nov 17, 2017, 12:14:58 PM11/17/17
to as...@googlegroups.com
Thanks, I've tried this but seems the fail2ban service didn't even install, I used the quick setup method in centos 7, I selected yes to the fail2ban install but after install has completed I can't even run "service fail2ban start" as it returns error Failed, unit not found...
I've now manually installed fail2ban, and have run mkdir /var/run/fail2ban
the service starts, but since I manually installed it with yum install fail2ban....what further manual config will I need to tie it into ASTPP??
Emma
Nov 20, 2017, 7:45:25 PM11/20/17
to ASTPP
Thanks
David Morris
Nov 21, 2017, 5:15:02 AM11/21/17
to ASTPP
Hi pavyolo,
You need to make sure that you have the fail2ban rules for freeswitch.
There is a fail2ban manual install and configuration script in the ASTPP github repository:
Since you have already installed fail2ban yourself, then you could copy that script and delete lines 14 to 40 as these are the lines which download and install fail2ban.
The rest of the script will add the required configurations to fail2ban to make sure it can pickup and read the freeswitch log file and parse it to kick most hackers off.
I find some hackers now send REGISTER requests at slow intervals. This can't be picked up by fail2ban. Personally we only authenticate by source IP address so no one is able to REGISTER and the hackers cannot brute force.
Thanks,
David
pavyolo
Nov 24, 2017, 9:42:01 AM11/24/17
to ASTPP
Perfect, worked!
thanks David!
thanks David!
SessionHub
Feb 11, 2018, 9:33:20 AM2/11/18
to ASTPP
Hi David
The fix works, but after every reboot, it fails again. How can one make it permanent?
The fix works, but after every reboot, it fails again. How can one make it permanent?
On Friday, November 17, 2017 at 12:31:20 PM UTC+1, David Morris wrote:
Kavin Chauhan
Feb 12, 2018, 5:42:14 AM2/12/18
to ASTPP
Hi,
After reboot what issue you are facing exactly?
Please pass output of below command after reboot server.
1> iptables -L -n
2> systemctl status fail2ban
After reboot what issue you are facing exactly?
Please pass output of below command after reboot server.
1> iptables -L -n
2> systemctl status fail2ban
Reply all
Reply to author
Forward
0 new messages