Following on from my earlier report with Fail2Ban issues, I am having increasing difficulties with my remote PIAF:
http://pbxinaflash.com/community/index.php?threads/fail2ban-not-running.16322/
As previously mentioned, I have two identical (hardware & OS Install) PBXes. They were set-up together and tested before one was deployed, and the other shelved for future, remote use. This was some time between Jan-Mar 2014.
The (now) deployed remote is PIAF 3.6.5, Green, Asterisk 11.7.0 & FreePBX 2.11.0.42. Both PBXes sit behind hardware firewalls, with no ports exposed.
The only difference in setup was that I may have enabled GV on the remote machine.
After deployment, the remote machine was patched for the various security issues that arose during the last year, resulting in the reported irregular behaviour of Fail2Ban. After this was apparently resolved, additional problems have surfaced.
Current symptoms:
I received a report from Google that it had blocked a 'suspicious login' on my GV account. The reported IP was actually from my own PBX's IP address, and had been up & running for two weeks.
With Fail2Ban running, CPU usage hovers around 100%, with increasing memory use by both Fail2Ban & Asterisk (700 MB real plus 300 MB virtual): the second (local) machine hovers around 200-300 MB of 1GB.
With Fail2Ban disabled, CPU reduces to 10% or less.
I have disabled GV, (and run the patch), as there may have been an additional conflict.
Since disabling Anonymous SIP/Guest, I have had no strange calls logged, and no unusual billing activity.
I have strong/unique passwords, and the system is accessed via VPN for admin.
Do I have a security issue, or is this a random unfortunate set of glitches caused by applying 'too many updates', or similar?
The remote system replaced an ageing Trixbox, which did not have all the security features of PIAF. After 6-7 years the hardware was due for renewal before it failed. The local & remote systems are connected via IAX over VPN.
Where else should I look? Is there a way to 'cleanse' the system, or initiate a remote re-install that zaps everything? I will not have physical access for some time. The system is headless, so no intervention is possible by helping hands.
Many thanks,
http://pbxinaflash.com/community/index.php?threads/fail2ban-not-running.16322/
As previously mentioned, I have two identical (hardware & OS Install) PBXes. They were set-up together and tested before one was deployed, and the other shelved for future, remote use. This was some time between Jan-Mar 2014.
The (now) deployed remote is PIAF 3.6.5, Green, Asterisk 11.7.0 & FreePBX 2.11.0.42. Both PBXes sit behind hardware firewalls, with no ports exposed.
The only difference in setup was that I may have enabled GV on the remote machine.
After deployment, the remote machine was patched for the various security issues that arose during the last year, resulting in the reported irregular behaviour of Fail2Ban. After this was apparently resolved, additional problems have surfaced.
Current symptoms:
I received a report from Google that it had blocked a 'suspicious login' on my GV account. The reported IP was actually from my own PBX's IP address, and had been up & running for two weeks.
With Fail2Ban running, CPU usage hovers around 100%, with increasing memory use by both Fail2Ban & Asterisk (700 MB real plus 300 MB virtual): the second (local) machine hovers around 200-300 MB of 1GB.
With Fail2Ban disabled, CPU reduces to 10% or less.
I have disabled GV, (and run the patch), as there may have been an additional conflict.
Since disabling Anonymous SIP/Guest, I have had no strange calls logged, and no unusual billing activity.
I have strong/unique passwords, and the system is accessed via VPN for admin.
Do I have a security issue, or is this a random unfortunate set of glitches caused by applying 'too many updates', or similar?
The remote system replaced an ageing Trixbox, which did not have all the security features of PIAF. After 6-7 years the hardware was due for renewal before it failed. The local & remote systems are connected via IAX over VPN.
Where else should I look? Is there a way to 'cleanse' the system, or initiate a remote re-install that zaps everything? I will not have physical access for some time. The system is headless, so no intervention is possible by helping hands.
Many thanks,