Disable-Fail2ban

RonRussell

Guru
Joined
Mar 22, 2008
Messages
112
Reaction score
4
Location
Jax, FL
Fail2ban does not stop when using the "disable-fail2ban" script. I will try to find out why. In the mean time I stopped fail2ban using the Webmin - System - Bootup and Shutdown - Fail2ban module.

This is a new install of PBIAF 1.4

* Running Asterisk Version : Asterisk 1.4.21.2
* Asterisk Source Version : 1.4.21.2
* Zaptel Source Version : 1.4.12.1
* Libpri Source Version : 1.4.10.2
* Addons Source Version : 1.4.7
*****************************************
pbx.local on 192.168.xxx.xxx- eth0
CentOS release 5.2 (Final) :32 Bit Kernel: 2.6.18-92.1.22.el5
 

dswartz

Guru
Joined
Feb 17, 2009
Messages
1,056
Reaction score
0
I had the same problem. I hate fail2ban, but when I run the disable script, it tells me it isn't installed. I disabled it with the service and chkconfig commands on the CLI.
 

dswartz

Guru
Joined
Feb 17, 2009
Messages
1,056
Reaction score
0
aha.

[email protected]:~ $ fail2ban-client status
ERROR Unable to contact server. Is it running?


I assume this is because I disabled it manually? If so, the error was kinda non-intuitive. It never occurred to me that something needed to be running to disable it. Sorry for the false alarm.
 

RonRussell

Guru
Joined
Mar 22, 2008
Messages
112
Reaction score
4
Location
Jax, FL
Fail2ban was actually running on my server but the "disable-fail2ban" script returned a message saying it was not running.
 

darmock

PIAF Developer
Joined
Oct 18, 2007
Messages
2,892
Reaction score
98
Location
Florida
aha.

[email protected]:~ $ fail2ban-client status
ERROR Unable to contact server. Is it running?


I assume this is because I disabled it manually? If so, the error was kinda non-intuitive. It never occurred to me that something needed to be running to disable it. Sorry for the false alarm.
Yup I will rewrite it to provide better information. That particular code has not been touched in a while and it is on the list of rewrites for piaf 1.7
 

blanchae

Guru
Joined
Mar 12, 2008
Messages
1,910
Reaction score
9
Location
Calgary, Alberta, Canada
Alternative to stopping fail2ban:

From the Linux command prompt type: "service fail2ban stop"

To start fail2ban: "service fail2ban start"

To reload fail2ban if you have a banned IP: "service fail2ban restart"
Restarting will "clear" the ban.

To prevent fail2ban from banning IPs on the local network or other places: Modify /etc/fail2ban/jail.conf look for the line:

#ignoreip 127.0.0.1 192.168.1.24/24 ....

uncomment it by removing the # and then change the IP addresses. To have fail2ban ignore network 192.168.20.0 (255.255.255.0), add 192.168.20.0/24 to the above line. You can add as many networks as you like. Just leave a space.

Just a note, if you have a VPN or a tunnel, you should add its network too. I've had the tunnel banned!

You can see if fail2ban has banned an IP by checking /var/log/fail2ban.log. It will indicate banned and unbanned IP addresses.
 

dswartz

Guru
Joined
Feb 17, 2009
Messages
1,056
Reaction score
0
Note: if you want to stop fail2ban permanently, don't just use the service command, as if you reboot piaf for some reason, you will be surprised to see it is running again. You would also need to do "chkconfig fail2ban off".
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,251
Reaction score
2,670
The usual warnings apply. Be sure you know what you're doing before you try any of this. And... if you disable or adjust the security mechanisms in PBX in a Flash, you're on your own when the house of cards comes tumbling down and the next phone bill arrives. :rolleyes5:
 

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,460
Messages
138,091
Members
14,621
Latest member
Mac-Gayver