Fail2ban --- Dicko, help needed pls

Amphibian

Joined
Sep 8, 2009
Messages
1,128
Likes
2
Points
38
#1
Dicko,

This is primarily directed to you as I see that you are in love with fail2ban.

Can you advise a link to info on how to obtain, install, and setup fail2ban on Elastix?

I went to their web site and see several links to different OS, but since I'm not familiar with this,

I would prefer a link that directly executes the method of installation and setup please sir.

I have read through several post and see where several are prod of fail2ban, but I haven't found anything on the actual setup.

I set up a Elastix machine for a class I was teaching, showing off the Elastix Software and such, and one of the students asked about security and protecting it from hackers. So we set this clean box with no actual VoIp trunks or Zap channels and plugged it to the Internet, and allowed it to run for three days. We went back after three days of no usage (just letting it run) and ran the /var/log/secure logs just to show the amount of failure attempts to get into the system. They were surprised (as I was somewhat to the amount) to see over 6000 (of last count) attempts by 22 different IP address using every name found in a child naming book that one could use and then some. A real eye opener.

I would like to try (with your kind help) the fail2ban and see how well it works and maybe show these same students how to use it.


Thanks
Amphibian
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2
I posted this a while back, (I couldn't find it until I used the search box ;) )

http://www.elastix.org/component/kunena ... g=en#16852

The script might need an update as I believe fail2ban has also updated its self but I'm pretty sure you can run that script and then just update fail2ban don't forget to also edit the files in /etc/fail2ban/ to suit.

dicko


I also encourage the use of a firewall of some type, for a simple (one or two interface) deployment I offer that Ramoncio posted about csf to configure iptables, ref:-


http://www.configserver.com/cp/csf.html

to wrap them both up, I add

csfpost.sh
#!/bin/sh
/etc/init.d/fail2ban start

and

csfpre.sh
#!/bin/sh
/etc/init.d/fail2ban stop

and do a

chkconfig fail2ban off



this is inelegant as it would better be done inside csf, essentially eliminating the need for fail2ban at all, but I'm lazy in working out the regex'es

as to the ssh noise I suggest you change the ssh port from 22
 

Amphibian

Joined
Sep 8, 2009
Messages
1,128
Likes
2
Points
38
#3
Thanks a bunch.

Ya, I tried the search box with "fail2ban", "fail2ban install" and numerous other ways and didn't see it, which isn't really hard with the amount of other stuff that comes back with a search.


I changed the ssh port right after the students seeing what they saw. I would say it was a good education for them.

Will try it out and go from there.

Once again, thank you for sharing your brain.


Amphibian
 

raxxal

Joined
Mar 7, 2010
Messages
10
Likes
0
Points
0
#4

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,901
Messages
130,885
Members
17,562
Latest member
colak
Top