Upgrade Fail2Ban NOW... see page 3 of this thread - Page 3

wardmundy · #21 10-07-08, 03:51 PM

Using the suggested setup with the current install of Fail2Ban will cause Fail2Ban to shut down abnormally which will leave you with NO PROTECTION so... hold off until we get a stable solution tested.

wardmundy · #22 10-12-08, 01:45 PM

OK. Here's a first cut at a script to upgrade your PBX in a Flash system (only) to Fail2Ban 0.8.3. It has been configured to protect against password attacks in SSH, Apache, and Asterisk SIP. Feedback appreciated.

Log into your server as root, and...

Code:

cd /root
mkdir fail2ban
cd fail2ban
wget http://pbxinaflash.net/source/fail2ban/fail2ban-update
chmod +x fail2ban-update
./fail2ban-update

Once the install finishes, be sure to check whether it's running. You should get two entries with this command:

Code:

ps aux | grep fail2ban-server

If not, restart the service and repeat the test again.

Code:

service fail2ban restart

We strongly recommend that you test all 3 password scenarios, i.e. log into your server 4 times with an incorrect SSH password; log into the FreePBX admin module 4 times with an incorrect maint password; use a softphone and log into a SIP extension on your server 4 times with an incorrect extension password. If you don't get blocked for 30 minutes in every case, there's a problem.

tel0p · #23 10-12-08, 05:16 PM

First I ran 'yum install fail2ban' then Ward's instructions (above), then changed the email address(es) in /etc/fail2ban/jail.conf, then ran 'service fail2ban restart' . All seems well.

I'm guessing I need to go in and make sure every one of my extensions has a hard to guess password now otherwise this does no good at all. (Assuming a bot would first try the obvious and get in under the radar in < 5 tries on my SIP port). Am I right?

wardmundy · #24 10-12-08, 05:52 PM

Yep. I'd try extensions 201, 501, and 701. And, if your extension passwords match your extension numbers, you're probably S.O.L.

tel0p · #25 10-12-08, 07:06 PM

Well, I wouldn't really be out of luck, i'd just need to be diligent in editing some files in /tftp, some extensions 'secrets' in FreePBX and rebooting my endpoints

rapidnet · #26 10-13-08, 06:18 AM

I followed your instructions, worked perfectly!

Thx!

tabbertmj · #27 10-13-08, 02:25 PM

I followed the instructions, not when I log in to the server, it shows "Fail2Ban" offline. When I start the service , then log off, and log back in, it shows offline again. I went and tried the upgrade again, same thing.

Any thoughts?

wardmundy · #28 10-13-08, 02:38 PM

First, it wouldn't have let you install it again unless you did something horribly wrong the first time. Use the directions provided above for testing. Ignore the fail2ban status message which currently reports on the old version... which, of course, is gone.

tabbertmj · #29 10-13-08, 03:10 PM

It did allow me to do it again. And it still shows offline when I log in.

wardmundy · #30 10-13-08, 03:33 PM

Please read the second and third sentences above.