Fail2ban --- Dicko, help needed pls

Discussion in 'General' started by Amphibian, Aug 1, 2010.

  1. Amphibian

    Joined:
    Sep 8, 2009
    Messages:
    1,128
    Likes Received:
    2
    Dicko,

    This is primarily directed to you as I see that you are in love with fail2ban.

    Can you advise a link to info on how to obtain, install, and setup fail2ban on Elastix?

    I went to their web site and see several links to different OS, but since I'm not familiar with this,

    I would prefer a link that directly executes the method of installation and setup please sir.

    I have read through several post and see where several are prod of fail2ban, but I haven't found anything on the actual setup.

    I set up a Elastix machine for a class I was teaching, showing off the Elastix Software and such, and one of the students asked about security and protecting it from hackers. So we set this clean box with no actual VoIp trunks or Zap channels and plugged it to the Internet, and allowed it to run for three days. We went back after three days of no usage (just letting it run) and ran the /var/log/secure logs just to show the amount of failure attempts to get into the system. They were surprised (as I was somewhat to the amount) to see over 6000 (of last count) attempts by 22 different IP address using every name found in a child naming book that one could use and then some. A real eye opener.

    I would like to try (with your kind help) the fail2ban and see how well it works and maybe show these same students how to use it.


    Thanks
    Amphibian
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    I posted this a while back, (I couldn't find it until I used the search box ;) )

    http://www.elastix.org/component/kunena ... g=en#16852

    The script might need an update as I believe fail2ban has also updated its self but I'm pretty sure you can run that script and then just update fail2ban don't forget to also edit the files in /etc/fail2ban/ to suit.

    dicko


    I also encourage the use of a firewall of some type, for a simple (one or two interface) deployment I offer that Ramoncio posted about csf to configure iptables, ref:-


    http://www.configserver.com/cp/csf.html

    to wrap them both up, I add

    csfpost.sh
    #!/bin/sh
    /etc/init.d/fail2ban start

    and

    csfpre.sh
    #!/bin/sh
    /etc/init.d/fail2ban stop

    and do a

    chkconfig fail2ban off



    this is inelegant as it would better be done inside csf, essentially eliminating the need for fail2ban at all, but I'm lazy in working out the regex'es

    as to the ssh noise I suggest you change the ssh port from 22
     
  3. Amphibian

    Joined:
    Sep 8, 2009
    Messages:
    1,128
    Likes Received:
    2
    Thanks a bunch.

    Ya, I tried the search box with "fail2ban", "fail2ban install" and numerous other ways and didn't see it, which isn't really hard with the amount of other stuff that comes back with a search.


    I changed the ssh port right after the students seeing what they saw. I would say it was a good education for them.

    Will try it out and go from there.

    Once again, thank you for sharing your brain.


    Amphibian
     
  4. raxxal

    Joined:
    Mar 7, 2010
    Messages:
    10
    Likes Received:
    0

Share This Page