I have recently tried to install fail2ban and as far as I can see I have followed all the steps on various forums.
However I noticed that on PIAF fail2ban appears in the trixbox config edit page but it has not appeared on my system.
Does anyone know anything about fail2ban and how to get it running??
Please help me (tearing my hair out)
Thankyou in advance
Whether or not the fail2ban config files appear on the TB edit config page is immaterial to whether or not fail2ban is enabled.
iptables -L -v will give you a good, solid indication of if you're running. And of course, the best option would be to simulate an attack on the system yourself by generating a handful of incorrect SIP registration attempts. Nothing better than actually seeing it work for yourself.
Josh
FluentStream Technologies - Integrate * Communicate
Here you will find pdf document with detailed instructions on how to install fail2ban on Trixbox. (*)
http://www.necits.com/misc/fail2ban.pdf
(*): Please note that I'm not trying it yet.
Regards,
Bao Nguyen.
----------------------
IT/VOIP consultancy, VOIP eStore, Support Forum
Bao Nguyen IT Co., Ltd.
http://www.baonguyen.vn
WE MAKE IT
Also--we included a script in the new beta (you can download it from the downloads page) which can auto-install and configure fail2ban for you! It uses strict, but reasonable default settings to help keep your server secure. If you'd like to use the script after installing the beta of trixbox, simply run
install-fail2ban
and that's it! Enjoy :)
Randall Degges
Lead Developer, RCI Telecommunications
projectb14ck - http://projectb14ck.org/ - Weblog
Hi Randall,
Is that script still in the downloads section i cant seems to find it.
thanks!
The script is built into all current trixbox releases. If you are running 2.6.2.3 or later, just type 'install-fail2ban' from the command line.
Randall Degges
Lead Developer, RCI Telecommunications
projectb14ck - http://projectb14ck.org/ - Weblog
thanks!
looks like i got a few errors trying to install it.
-------------------------------------------
Installing fail2ban
-------------------------------------------
--02:11:13-- http://superb-east.dl.sourceforge.net/sourceforge/fail2ban/fail2b...
Resolving superb-east.dl.sourceforge.net... 209.160.66.130
Connecting to superb-east.dl.sourceforge.net|209.160.66.130|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://prdownloads.sourceforge.net/fail2ban/fail2ban-0.8.3.tar.bz... [following]
--02:11:13-- http://prdownloads.sourceforge.net/fail2ban/fail2ban-0.8.3.tar.bz...
Resolving prdownloads.sourceforge.net... 216.34.181.59
Connecting to prdownloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://softlayer.dl.sourceforge.net/project/fail2ban/fail2ban-sta... [following]
--02:11:13-- http://softlayer.dl.sourceforge.net/project/fail2ban/fail2ban-sta...
Resolving softlayer.dl.sourceforge.net... 74.86.229.28
Connecting to softlayer.dl.sourceforge.net|74.86.229.28|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 64028 (63K) [application/x-bzip2]
Saving to: `fail2ban-0.8.3.tar.bz2'
100%[=======================================>] 64,028 --.-K/s in 0.1s
02:11:14 (625 KB/s) - `fail2ban-0.8.3.tar.bz2' saved [64028/64028]
Uncompressing fail2ban-0.8.3...
tar: bzip2: Cannot exec: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
/usr/local/sbin/install-fail2ban: line 37: cd: fail2ban-0.8.3: No such file or directory
python: can't open file 'setup.py': [Errno 2] No such file or directory
cp: cannot stat `/usr/src/fail2ban-0.8.3/files/redhat-initd': No such file or directory
chmod: cannot access `/etc/init.d/fail2ban': No such file or directory
/usr/local/sbin/install-fail2ban: line 42: /etc/fail2ban/filter.d/asterisk.conf: No such file or directory
/usr/local/sbin/install-fail2ban: line 82: /etc/fail2ban/jail.conf: No such file or directory
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter nat [ OK ]
Unloading iptables modules: [ OK ]
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore: line 11 failed
[FAILED]
fail2ban: unrecognized service
fail2ban: unrecognized service
Chain INPUT (policy ACCEPT 4 packets, 160 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 10 packets, 1808 bytes)
pkts bytes target prot opt in out source destination
error reading information on service fail2ban: No such file or directory
Everything looks good... Finished!
By default, fail2ban is configured to have very sane, but strict, default rules
If you would like to configure your fail2ban by hand, edit:
/etc/fail2ban/filter.d/asterisk.conf
/etc/fail2ban/jail.conf
/etc/asterisk/logger.conf
You may also want to read about the iptables firewall and how it works!
Looks like your download was corrupted. Do the following and try again:
rm /usr/src/fail*
Randall Degges
Lead Developer, RCI Telecommunications
projectb14ck - http://projectb14ck.org/ - Weblog
thanks again for your help. i got the same error
Had iptables installed and configured first and fail2ban installed ok I think. But I don't see a rule for it in iptables. Should I see a rule for fail2ban?
# Accept traffic from internal interfaces
-A INPUT ! -i eth1 -j ACCEPT
# Accept traffic with the ACK flag set
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
# Allow incoming data that is part of a connection we established
-A INPUT -m state --state ESTABLISHED -j ACCEPT
# Allow data that is related to existing connections
-A INPUT -m state --state RELATED -j ACCEPT
# Accept responses to DNS queries
-A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
# Accept responses to our pings
-A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
# Accept notifications of unreachable hosts
-A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
# Accept notifications to reduce sending speed
-A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
# Accept notifications of lost packets
-A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
# Accept notifications of protocol problems
-A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
# Accept incoming hamachi
-A INPUT -p udp -m udp --dport 12976 -j ACCEPT
COMMIT
never mind my question, this is how you check for fail2ban:
[trixbox1.localdomain sysconfig]# iptables -L -v
Chain INPUT (policy DROP 1 packets, 265 bytes)
pkts bytes target prot opt in out source destination
0 0 fail2ban-ProFTPD tcp -- any any anywhere anywhere tcp dpt:ftp
12112 1532K fail2ban-ASTERISK all -- any any anywhere anywhere
558 51749 fail2ban-BadBots tcp -- any any anywhere anywhere multiport dports http,https
370 31280 fail2ban-SSH tcp -- any any anywhere anywhere tcp dpt:ssh
9677 1061K ACCEPT all -- !eth1 any anywhere anywhere
93 4836 ACCEPT tcp -- any any anywhere anywhere tcp flags:ACK/ACK
2374 469K ACCEPT all -- any any anywhere anywhere state ESTABLISHED
0 0 ACCEPT all -- any any anywhere anywhere state RELATED
0 0 ACCEPT udp -- any any anywhere anywhere udp spt:domain dpts:1024:65535
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:12976
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 11735 packets, 2466K bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-ASTERISK (1 references)
pkts bytes target prot opt in out source destination
12112 1532K RETURN all -- any any anywhere anywhere
Chain fail2ban-BadBots (1 references)
pkts bytes target prot opt in out source destination
558 51749 RETURN all -- any any anywhere anywhere
Chain fail2ban-ProFTPD (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
Chain fail2ban-SSH (1 references)
pkts bytes target prot opt in out source destination
370 31280 RETURN all -- any any anywhere anywhere
Ronald Cherry
Why not update your trix to version of 2.6.2.3 or higher ? You can do this via the maint gui - then goto packages and find the trixbox core to update.
Then it will install and configure your fail2ban -- with -- install-fail2ban as b14ck suggested.
JD
Jason S Derr, JDWEB.cc LLC
Creator of ASR Manager
Jason S Derr, JDWEB.cc LLC
Creator of ASR Manager
Ronald,
Fail2Ban only adds IPtables rules when an IP has been banned. You won't see any additional rules in your IPtables listing unless something has been banned. The way fail2ban works is it parses logfiles for various services (like asterisk, sshd, etc) and looks for repeated attempts to access the system unsuccessfully. Depending on the rules implemented, it will then ban those IP addresses accordingly.
Randall Degges
Lead Developer, RCI Telecommunications
projectb14ck - http://projectb14ck.org/ - Weblog
The Fail2Ban download seems to be broken:
--09:25:47-- http://superb-east.dl.sourceforge.net/sourceforge/fail2ban/fail2b...
Resolving superb-east.dl.sourceforge.net... 216.34.181.96
Connecting to superb-east.dl.sourceforge.net|216.34.181.96|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
09:25:55 ERROR 404: Not Found.
Also see: http://www.fail2ban.org/wiki/index.php/Downloads
There is a new revison: http://www.fail2ban.org/wiki/index.php/ChangeLog. You should be able to find it at sourceforge.net
Ronald Cherry
Ronald Cherry
I cant seam to download fail2ban also, getting the above errors and not in the repo of 2.6.2.3
Does anyone have the .tar file they could send me? If there is a need for it I could host the file on one of my web servers for others to use.
The easiest way to get it going is to fix the script that's included in trixbox
ssh into your trixbox machine go to /usr/local/sbin
nano install-fail2ban
edit the download line so it now says
DOWNLOAD=http://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2
Ctrl X to edit nano
Then run setup-fail2ban and it will install
It's anybody's guess why nobody has bothered to update this script in the latest releases, 0.8.4 has been around for a long time now.
Thanks for the updated DOWNLOAD path. I also had to change the VERSION=fail2ban-0.8.4 to get it to install.
I have fail to ban installed but it never seems to ban anything.
I have tried from my home to get banned registering a bad extension, but it never appears.
I do not have my home ip in the ignore list.
Hi, this might be a lame question, but rather than install a new version of TB to install fail2ban is it OK to copy the script on to a TB that doesn't have it an install fail2Ban
'Whatever you do DON'T press the red button'
theosaurus... a very intelligent, but extinct, person from geek mythology..
Btsteve- You may want to make sure it is installed correctly and running. I get ban notification emails on a daily basis.
Copyright © 2011 Fonality
Fonality and trixbox are trademarks of Fonality. Trademark Policy. Privacy Policy.
Asterisk is a trademark of Digium, Inc. Fonality and trixbox are not affiliated with, nor endorsed by Digium, Inc.
Member Since:
2008-12-03