1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. If you had a PIAF Forum account in the vBulletin days, log in with your old credentials. Otherwise, sign up again and we'll get you back in business as soon as we can.
  3. A serious FreePBX vulnerability has been reported. Update your Framework Module immediately. Click here for details.

Asterisk 1.8 Breaks Fail2Ban

Discussion in 'Bug Reporting and Fixes' started by wardmundy, Jan 30, 2011.

  1. wardmundy Nerd Uno

    The Fail2Ban Wiki is reporting that Asterisk 1.8 (again) improved things by changing the log entries for failed login attempts. The new 1.8 entries now include the port number, e.g.

    Nov  4 18:30:40 localhost asterisk[32229]: NOTICE[32257]:  chan_sip.c:23417 in handle_request_register: Registration from  'XXXXXXXXXXXXXXXXX' failed for '' - Wrong password
    This obviously breaks PIAF's existing Fail2Ban REGEX screening which looked for Wrong password immediately after the IP address.

    The fix is to log into your server as root and issue the following commands:

    cd /etc/fail2ban/filter.d
    wget http://pbxinaflash.net/source/fail2ban/asterisk18.conf
    mv asterisk.conf asterisk14.conf
    mv asterisk18.conf asterisk.conf
    service fail2ban restart

    NOTE: All Incredible PBX 1.8 future installs now include the patch provided you download a fresh copy of the .x installer.
  2. darmock PIAF Developer

    Just testing update-fixes to push this out via that method. Will let everyone know when they can get the automated version. Should not be too long

  3. mainenotarynet Not really a Guru - Just a long time user

    Mr Ward, Darmock;

    I have rentPBX and did this patch but it MADE my server unstable and I am locked out of SSH too.

    I have a ticket in to restore the old (now named asterisk14.conf) file back and restart my server as I am locked out now.

    Does this Fail2Ban conf need to have a 'special' rentpbx version made?

    Just asking.
  4. darmock PIAF Developer

    Good question. Sorry don't I have an answer for you. I am still testing Ward's patch to fail2ban so stay tuned. There are significant changes in the asterisk.conf file FYI.

    Generally Ward test's out the cloud/remote virtual/incredible PIAF and I test out the real boxes and virtual versions of PIAF. Trouble is there are now too many permutations of how PIAF can be installed and run to test every single one of them. However I am sure people say we whine too much about this being for free. 8^)

  5. mainenotarynet Not really a Guru - Just a long time user

    Thanks for the reply but it turns out I'm an idiot as I changed 2 passwords on the Piaf and forgot to update the phones as well which actually triggered the fail2ban to ban ME. to not ban me I need to put my public IP where? -- /etc/fail2ban/jail.conf or somewhere else?

    Yes I did correct my phones this time :)
  6. wardmundy Nerd Uno

    Thanks for the correction. We tested it on RentPBX before the patch announcement was ever made. :crazy:

    There's a reason why you should only make one change at a time and test, test, test.
  7. wardmundy Nerd Uno

    Running update-programs then update-fixes will get all existing PIAF-Purple systems upgraded automatically. All new installs now include the Fail2Ban fix. Thanks, Tom!

Share This Page