vicidial.org

Hi Everyone,

Has anyone been successful in installing fail2ban on goautodial 2.1..I tried installing it but I get this error "iptables: No chain/target/match by that name" when type iptables -L -V

I laready changed the ignoreip edited to 127.0.0.1 192.168.1.0/24.

Thanks again guys in advance!

Installing Fail2ban in centos
1.yum install fail2ban
If your CentOS doesn't find the package, please execute the following command and then try again.
2.rpm -Uvh http://download.fedora.redhat.com/pub/e ... noarch.rpm
3.yum install python iptables
or
wget http://downloads.sourceforge.net/projec ... r=transact
tar -xf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
cp files/redhat-initd /etc/init.d/fail2ban
chkconfig --add fail2ban
chkconfig fail2ban on

Once installing the Fail2ban create asteirsk.conf file under the fail2ban directory

4. vi /etc/fail2ban/filter.d/asterisk.conf

and copy and paste the below

# ===================
# /etc/fail2ban/filter.d/asterisk.conf
# Fail2Ban configuration file
#
#
# $Revision: 250 $
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
#The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias
#for
# (?:::f{4,6}:)?(?PS+)
# Values: TEXT
#

failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' (from <HOST>)
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')


# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
# ===================
Add the [asterisk-iptables] section to your /etc/fail2ban/jail.conf file :
# /etc/fail2ban/jail.conf
#====================



5 . Save and exit the file
6. vi /etc/fail2ban/jail.conf
go to the last line of theis file and paste the below lines there

[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK,
dest=youremailaddress@somewhere.com, sender=fail2ban@somewhere.com]
logpath = /var/log/asterisk/full
maxretry = 5
bantime = 600
#====================


7. Also in /etc/fail2ban/jail.conf file you want to add your own IP address range ( ours is192.168.1.0 ) :
ignoreip = 127.0.0.1 192.168.1.0/24

8. make the fail2ban to start at startup
chkconfig fail2ban on
9. start the fail2ban now
/etc/init.d/fail2ban start
10 . now check whether the fail2ban is installed properly to detect the attacks
iptables -L –v
You should see "fail2ban-ASTERISK" in your iptables output.

11. now try to register a extension from outside with wrong password or worng extension and run the iptables command to see the blocked ip addresses

funny, i always thought fail2ban was already installed in goautodial. but we don't use it ... we use pure whitelist only.

It's not part of GoAutoDial CE 2.1 32bit. However, it's installed by default on the 64bit version: http://goautodial.org/projects/goautodialce/wiki/64bit. GoAutoDial CE v3.0 will also have it out of the box for both 32bit and 64bit versions.

have you instituted dynamic good guys yet? (Whitelist with Dynamic agent bypass port ... already released the package on Viciwiki.com)

@root2 - The switches are case sensitive. The help says -v and you show -V.