vicidial.org

[root2]

Hi Everyone,

Has anyone been successful in installing fail2ban on goautodial 2.1..I tried installing it but I get this error "iptables: No chain/target/match by that name" when type iptables -L -V

I laready changed the ignoreip edited to 127.0.0.1 192.168.1.0/24.

Thanks again guys in advance!

Installing Fail2ban in centos
1.yum install fail2ban
If your CentOS doesn't find the package, please execute the following command and then try again.
2.rpm -Uvh http://download.fedora.redhat.com/pub/e ... noarch.rpm
3.yum install python iptables
or
wget http://downloads.sourceforge.net/projec ... r=transact
tar -xf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
cp files/redhat-initd /etc/init.d/fail2ban
chkconfig --add fail2ban
chkconfig fail2ban on

Once installing the Fail2ban create asteirsk.conf file under the fail2ban directory

4. vi /etc/fail2ban/filter.d/asterisk.conf

and copy and paste the below

# ===================
# /etc/fail2ban/filter.d/asterisk.conf
# Fail2Ban configuration file
#
#
# $Revision: 250 $
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
#The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias
#for
# (?:::f{4,6}:)?(?PS+)
# Values: TEXT
#

failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' (from <HOST>)
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')


# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
# ===================
Add the [asterisk-iptables] section to your /etc/fail2ban/jail.conf file :
# /etc/fail2ban/jail.conf
#====================



5 . Save and exit the file
6. vi /etc/fail2ban/jail.conf
go to the last line of theis file and paste the below lines there

[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK,
dest=youremailaddress@somewhere.com, sender=fail2ban@somewhere.com]
logpath = /var/log/asterisk/full
maxretry = 5
bantime = 600
#====================


7. Also in /etc/fail2ban/jail.conf file you want to add your own IP address range ( ours is192.168.1.0 ) :
ignoreip = 127.0.0.1 192.168.1.0/24

8. make the fail2ban to start at startup
chkconfig fail2ban on
9. start the fail2ban now
/etc/init.d/fail2ban start
10 . now check whether the fail2ban is installed properly to detect the attacks
iptables -L –v
You should see "fail2ban-ASTERISK" in your iptables output.

11. now try to register a extension from outside with wrong password or worng extension and run the iptables command to see the blocked ip addresses

[williamconley]

funny, i always thought fail2ban was already installed in goautodial. but we don't use it ... we use pure whitelist only.

[gardo]

It's not part of GoAutoDial CE 2.1 32bit. However, it's installed by default on the 64bit version: http://goautodial.org/projects/goautodialce/wiki/64bit. GoAutoDial CE v3.0 will also have it out of the box for both 32bit and 64bit versions.

[williamconley]

have you instituted dynamic good guys yet? (Whitelist with Dynamic agent bypass port ... already released the package on Viciwiki.com)

[callcrazy]

@root2 - The switches are case sensitive. The help says -v and you show -V.