Disable-Fail2ban

RonRussell

Guru
Joined
Mar 22, 2008
Messages
112
Reaction score
4
Fail2ban does not stop when using the "disable-fail2ban" script. I will try to find out why. In the mean time I stopped fail2ban using the Webmin - System - Bootup and Shutdown - Fail2ban module.

This is a new install of PBIAF 1.4

* Running Asterisk Version : Asterisk 1.4.21.2
* Asterisk Source Version : 1.4.21.2
* Zaptel Source Version : 1.4.12.1
* Libpri Source Version : 1.4.10.2
* Addons Source Version : 1.4.7
*****************************************
pbx.local on 192.168.xxx.xxx- eth0
CentOS release 5.2 (Final) :32 Bit Kernel: 2.6.18-92.1.22.el5
 

dswartz

Guru
Joined
Feb 17, 2009
Messages
1,056
Reaction score
0
I had the same problem. I hate fail2ban, but when I run the disable script, it tells me it isn't installed. I disabled it with the service and chkconfig commands on the CLI.
 

darmock

PIAF Developer
Joined
Oct 18, 2007
Messages
2,892
Reaction score
98
First I have heard about it. I will look into it.


Tom
 

dswartz

Guru
Joined
Feb 17, 2009
Messages
1,056
Reaction score
0
root@pbx:~ $ disable-fail2ban
You don't appear to have fail2ban installed! Please run update-scripts16 and update-fixes16 again!
 

dswartz

Guru
Joined
Feb 17, 2009
Messages
1,056
Reaction score
0
aha.

root@pbx:~ $ fail2ban-client status
ERROR Unable to contact server. Is it running?


I assume this is because I disabled it manually? If so, the error was kinda non-intuitive. It never occurred to me that something needed to be running to disable it. Sorry for the false alarm.
 

RonRussell

Guru
Joined
Mar 22, 2008
Messages
112
Reaction score
4
Fail2ban was actually running on my server but the "disable-fail2ban" script returned a message saying it was not running.
 

darmock

PIAF Developer
Joined
Oct 18, 2007
Messages
2,892
Reaction score
98
aha.

root@pbx:~ $ fail2ban-client status
ERROR Unable to contact server. Is it running?


I assume this is because I disabled it manually? If so, the error was kinda non-intuitive. It never occurred to me that something needed to be running to disable it. Sorry for the false alarm.

Yup I will rewrite it to provide better information. That particular code has not been touched in a while and it is on the list of rewrites for piaf 1.7
 

blanchae

Guru
Joined
Mar 12, 2008
Messages
1,910
Reaction score
9
Alternative to stopping fail2ban:

From the Linux command prompt type: "service fail2ban stop"

To start fail2ban: "service fail2ban start"

To reload fail2ban if you have a banned IP: "service fail2ban restart"
Restarting will "clear" the ban.

To prevent fail2ban from banning IPs on the local network or other places: Modify /etc/fail2ban/jail.conf look for the line:

#ignoreip 127.0.0.1 192.168.1.24/24 ....

uncomment it by removing the # and then change the IP addresses. To have fail2ban ignore network 192.168.20.0 (255.255.255.0), add 192.168.20.0/24 to the above line. You can add as many networks as you like. Just leave a space.

Just a note, if you have a VPN or a tunnel, you should add its network too. I've had the tunnel banned!

You can see if fail2ban has banned an IP by checking /var/log/fail2ban.log. It will indicate banned and unbanned IP addresses.
 

dswartz

Guru
Joined
Feb 17, 2009
Messages
1,056
Reaction score
0
Note: if you want to stop fail2ban permanently, don't just use the service command, as if you reboot piaf for some reason, you will be surprised to see it is running again. You would also need to do "chkconfig fail2ban off".
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
The usual warnings apply. Be sure you know what you're doing before you try any of this. And... if you disable or adjust the security mechanisms in PBX in a Flash, you're on your own when the house of cards comes tumbling down and the next phone bill arrives. :rolleyes5:
 

Members online

Forum statistics

Threads
25,778
Messages
167,504
Members
19,199
Latest member
leocipriano
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top