boeingpilot
Guru
- Joined
- Feb 4, 2008
- Messages
- 50
- Reaction score
- 2
I have two pretty much identical PIAF Green systems at two locations. When doing some routine maintenance, I noticed that Fail2Ban was not running. (Strange) I decided to look at this systems 'twin' and found the same thing.
I tried to restart Fail2Ban and got the following
Starting fail2ban: ERROR Found no accessible config files for 'filter.d/freepbx' under /etc/fail2ban
ERROR Unable to read the filter
ERROR Errors in jail 'pbx-gui'. Skipping..
Looking at the file directory for both, I found yes, there was no 'freebpbx.conf' file in /etc/fail2ban/filter.d. I then went to a third system that should be very close to these, and found the file there. I copied said file to one of the systems and then tried to restart. I then got.
Starting fail2ban: WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
ERROR No file(s) found for glob /var/log/asterisk/freepbx_security.log
ERROR Failed during configuration: Have not found any log file for pbx-gui jail
[FAILED]
Since it appeared that it wanted to see the log file, I tried generating one using
touch /var/log/asterisk/freepbx_security.log
Starting fail2ban then worked with the following warning
Starting fail2ban: WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
[ OK ]
All would've have seemed good, but I then noticed my server processor utilization taking off!
top - 09:39:20 up 36 days, 21:45, 2 users, load average: 0.85, 0.36, 0.18
Tasks: 127 total, 1 running, 126 sleeping, 0 stopped, 0 zombie
Cpu(s): 43.5%us, 1.2%sy, 0.0%ni, 45.4%id, 0.9%wa, 8.9%hi, 0.2%si, 0.0%st
Mem: 1029636k total, 990080k used, 39556k free, 188500k buffers
Swap: 1047992k total, 24248k used, 1023744k free, 430412k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
13275 root 20 0 166m 7136 2496 S 97.4 0.7 1:44.32 fail2ban-server
11 root 20 0 0 0 0 S 6.0 0.0 3191:39 events/0
11161 asterisk 20 0 97124 39m 11m S 1.0 3.9 204:31.67 asterisk
Other than a pretty stock PIAF Green installation, the two systems are set up for Schmoozecom's commercial modules and I have the System Admin module installed. I noticed that one of the options in that module is 'Intrusion Detection' (which I would've have though was fail2ban). Even before I tried to restart Fail2Ban, the module was showing intrusion detection active.
So, my questions --
- Is there a way to reinstall Fail2Ban so that it is configured like a fresh PIAF install?
- Why am I getting high processor utilization with Fail2Ban running (I had stop it, calls were breaking up terribly)
- Is the Schmoozecom module(s) breaking Fail2Ban?
This seems like a potential security threat, especially since some of the commercial modules are really useful, but you have to have the System Admin module installed to use them.
Thoughts?
I tried to restart Fail2Ban and got the following
Starting fail2ban: ERROR Found no accessible config files for 'filter.d/freepbx' under /etc/fail2ban
ERROR Unable to read the filter
ERROR Errors in jail 'pbx-gui'. Skipping..
Looking at the file directory for both, I found yes, there was no 'freebpbx.conf' file in /etc/fail2ban/filter.d. I then went to a third system that should be very close to these, and found the file there. I copied said file to one of the systems and then tried to restart. I then got.
Starting fail2ban: WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
ERROR No file(s) found for glob /var/log/asterisk/freepbx_security.log
ERROR Failed during configuration: Have not found any log file for pbx-gui jail
[FAILED]
Since it appeared that it wanted to see the log file, I tried generating one using
touch /var/log/asterisk/freepbx_security.log
Starting fail2ban then worked with the following warning
Starting fail2ban: WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
[ OK ]
All would've have seemed good, but I then noticed my server processor utilization taking off!
top - 09:39:20 up 36 days, 21:45, 2 users, load average: 0.85, 0.36, 0.18
Tasks: 127 total, 1 running, 126 sleeping, 0 stopped, 0 zombie
Cpu(s): 43.5%us, 1.2%sy, 0.0%ni, 45.4%id, 0.9%wa, 8.9%hi, 0.2%si, 0.0%st
Mem: 1029636k total, 990080k used, 39556k free, 188500k buffers
Swap: 1047992k total, 24248k used, 1023744k free, 430412k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
13275 root 20 0 166m 7136 2496 S 97.4 0.7 1:44.32 fail2ban-server
11 root 20 0 0 0 0 S 6.0 0.0 3191:39 events/0
11161 asterisk 20 0 97124 39m 11m S 1.0 3.9 204:31.67 asterisk
Other than a pretty stock PIAF Green installation, the two systems are set up for Schmoozecom's commercial modules and I have the System Admin module installed. I noticed that one of the options in that module is 'Intrusion Detection' (which I would've have though was fail2ban). Even before I tried to restart Fail2Ban, the module was showing intrusion detection active.
So, my questions --
- Is there a way to reinstall Fail2Ban so that it is configured like a fresh PIAF install?
- Why am I getting high processor utilization with Fail2Ban running (I had stop it, calls were breaking up terribly)
- Is the Schmoozecom module(s) breaking Fail2Ban?
This seems like a potential security threat, especially since some of the commercial modules are really useful, but you have to have the System Admin module installed to use them.
Thoughts?