[Freeswitch-users] Getting fail2ban working properly

Don Hawkins hawkins at hawkinsegroup.com
Thu Sep 8 22:23:55 MSD 2016


I cleared out the logs and reloaded fail2ban. Going back to look at the
logs again now and I don't even see an attempt to load the FreeSwitch
filter.

fail2ban.log:

2016-09-08 18:21:16,855 fail2ban.server [3576]: INFO    Changed logging
target to /var/log/fail2ban.log for Fail2ban v0.8.13
2016-09-08 18:21:16,856 fail2ban.jail   [3576]: INFO    Creating new jail
'ssh'
2016-09-08 18:21:16,856 fail2ban.jail   [3576]: INFO    Jail 'ssh' uses
pyinotify
2016-09-08 18:21:16,862 fail2ban.jail   [3576]: INFO    Initiated
'pyinotify' backend
2016-09-08 18:21:16,864 fail2ban.filter [3576]: INFO    Added logfile =
/var/log/auth.log
2016-09-08 18:21:16,866 fail2ban.filter [3576]: INFO    Set maxRetry = 6
2016-09-08 18:21:16,867 fail2ban.filter [3576]: INFO    Set findtime = 600
2016-09-08 18:21:16,868 fail2ban.actions[3576]: INFO    Set banTime = 1800
2016-09-08 18:21:16,889 fail2ban.jail   [3576]: INFO    Creating new jail
'ssh-ddos'
2016-09-08 18:21:16,890 fail2ban.jail   [3576]: INFO    Jail 'ssh-ddos'
uses pyinotify
2016-09-08 18:21:16,896 fail2ban.jail   [3576]: INFO    Initiated
'pyinotify' backend
2016-09-08 18:21:16,898 fail2ban.filter [3576]: INFO    Added logfile =
/var/log/auth.log
2016-09-08 18:21:16,900 fail2ban.filter [3576]: INFO    Set maxRetry = 6
2016-09-08 18:21:16,901 fail2ban.filter [3576]: INFO    Set findtime = 600
2016-09-08 18:21:16,902 fail2ban.actions[3576]: INFO    Set banTime = 1800
2016-09-08 18:21:16,910 fail2ban.jail   [3576]: INFO    Jail 'ssh' started
2016-09-08 18:21:16,914 fail2ban.jail   [3576]: INFO    Jail 'ssh-ddos'
started


On Thu, Sep 8, 2016 at 1:53 AM, Mirko Brankovic <mirkobrankovic at gmail.com>
wrote:

> On ubuntu it is called :
> Chain fail2ban-freeswitch (1 references)
>
> iptables -L should give you the chain if F2B started correctly, otherwise
> see the fail2ban log for errors.
>
>
>
> On Thu, Sep 8, 2016 at 7:42 AM, Jurijs Ivolga <jurijs.ivolga at gmail.com>
> wrote:
>
>> Hi,
>>
>> I configured fail2ban several times a while ago, but not with
>> freeswitch...
>>
>> If you see that rules are missing, just add them and you can use SSH
>> rules as template. I believe it should make a trick.
>>
>> And I see from you rules, that you are allowing all traffic and this is
>> really bad idea...
>>
>> You should drop everything and allow only needed traffic.
>>
>> With kind regards,
>>
>> Jurijs
>>
>> On Thu, Sep 8, 2016 at 12:15 AM, Don Hawkins <hawkins at hawkinsegroup.com>
>> wrote:
>>
>>> Thanks for the reply!
>>>
>>> *Fail2Ban is running:*
>>> root at sip:/etc/fail2ban# fail2ban-client start
>>> ERROR  Server already running
>>>
>>>
>>> *I added everything in /etc/fail2ban/jail.conf*
>>>
>>> [ssh]
>>> enabled  = true
>>> port     = 22
>>> filter   = sshd
>>> logpath  = /var/log/auth.log
>>> maxretry = 6
>>>
>>> [freeswitch]
>>> enabled  = true
>>> port     = 5060,5061,5080,5081
>>> filter   = freeswitch
>>> logpath  = /var/log/freeswitch/freeswitch.log
>>> maxretry = 10
>>>
>>>
>>> *I also created /etc/fail2ban/filter.d/freeswitch.conf* as shown on
>>> https://github.com/fail2ban/fail2ban/blob/master/config/f
>>> ilter.d/freeswitch.conf
>>>
>>>
>>> *root at sip:/etc/fail2ban/filter.d# iptables -S*
>>> -P INPUT ACCEPT
>>> -P FORWARD ACCEPT
>>> -P OUTPUT ACCEPT
>>> -N fail2ban-ssh
>>> -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
>>>
>>>
>>> As you can see when running iptables -S it shoes the "fail2ban-ssh" rule
>>> but nothing about FreeSwitch.
>>>
>>>
>>> Any help is appreciated.
>>>
>>>
>>>
>>> On Wed, Sep 7, 2016 at 11:01 AM, jungle Boogie <jungleboogie0 at gmail.com>
>>> wrote:
>>>
>>>> On 7 September 2016 at 08:33, Don Hawkins <hawkins at hawkinsegroup.com>
>>>> wrote:
>>>> > It keeps saying it's not there, but I did add it, is there something
>>>> I'm
>>>> > missing?
>>>>
>>>> How did you add it? Is fail2ban running? Have you restarted your
>>>> computer after setting up fail2ban? If you do iptables -S, do you see
>>>> the rules?
>>>>
>>>>
>>>> --
>>>> -------
>>>> inum: 883510009027723
>>>> sip: jungleboogie at sip2sip.info
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>>
>>> --
>>> Sincerely,
>>> Don Hawkins
>>> CEO
>>> Hawkins Enterprise Group LLC
>>> http://hawkinsegroup.com
>>> Zello PTT <http://zello.com>: push2don
>>> P: 469-214-5044
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
> Regards,
> Mirko
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Sincerely,
Don Hawkins
CEO
Hawkins Enterprise Group LLC
http://hawkinsegroup.com
Zello PTT <http://zello.com>: push2don
P: 469-214-5044
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160908/be49cbb2/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list