Asterisk 1.8 Breaks Fail2Ban

[wardmundy]

The Fail2Ban Wiki is reporting that Asterisk 1.8 (again) improved things by changing the log entries for failed login attempts. The new 1.8 entries now include the port number, e.g.

Nov  4 18:30:40 localhost asterisk[32229]: NOTICE[32257]:  chan_sip.c:23417 in handle_request_register: Registration from  'XXXXXXXXXXXXXXXXX' failed for '192.168.200.100:36998' - Wrong password

This obviously breaks PIAF's existing Fail2Ban REGEX screening which looked for Wrong password immediately after the IP address.


The fix is to log into your server as root and issue the following commands:

cd /etc/fail2ban/filter.d
wget http://pbxinaflash.net/source/fail2ban/asterisk18.conf
mv asterisk.conf asterisk14.conf
mv asterisk18.conf asterisk.conf
service fail2ban restart

NOTE: All Incredible PBX 1.8 future installs now include the patch provided you download a fresh copy of the .x installer.

 

[darmock]

Just testing update-fixes to push this out via that method. Will let everyone know when they can get the automated version. Should not be too long

Tom

 

[mainenotarynet]

Mr Ward, Darmock;

I have rentPBX and did this patch but it MADE my server unstable and I am locked out of SSH too.

I have a ticket in to restore the old (now named asterisk14.conf) file back and restart my server as I am locked out now.

Does this Fail2Ban conf need to have a 'special' rentpbx version made?

Just asking.

 

[darmock]

Good question. Sorry don't I have an answer for you. I am still testing Ward's patch to fail2ban so stay tuned. There are significant changes in the asterisk.conf file FYI.

Generally Ward test's out the cloud/remote virtual/incredible PIAF and I test out the real boxes and virtual versions of PIAF. Trouble is there are now too many permutations of how PIAF can be installed and run to test every single one of them. However I am sure people say we whine too much about this being for free. 8^)


Tom

 

[mainenotarynet]

Thanks for the reply but it turns out I'm an idiot as I changed 2 passwords on the Piaf and forgot to update the phones as well which actually triggered the fail2ban to ban ME. to not ban me I need to put my public IP where? -- /etc/fail2ban/jail.conf or somewhere else?

Yes I did correct my phones this time

 

[wardmundy]

Thanks for the correction. We tested it on RentPBX before the patch announcement was ever made.

There's a reason why you should only make one change at a time and test, test, test.

 

[wardmundy]

Running update-programs then update-fixes will get all existing PIAF-Purple systems upgraded automatically. All new installs now include the Fail2Ban fix. Thanks, Tom!