install fail2ban

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

install fail2ban

Postby cvillarreal77 » Sat May 28, 2016 9:31 pm

hy..

i recently install vicibox 7.03

and i looked that fail2ban is installed.

my question is.. is it work? how do i know?

thanks
cvillarreal77
 
Posts: 92
Joined: Wed Dec 16, 2015 3:38 pm

Re: install fail2ban

Postby williamconley » Sat May 28, 2016 10:06 pm

That question belongs on a Fail2Ban board. Or an IPtables Board.

however: "iptables-save" will display your present iptables configuration (contrary to what it sounds like, this does not "save" anything, but merely displays the iptables configuration by dumping it to the console so you can see the configuration).

You should find a few references to fail2ban in the configuration dump if it's active.

We recommend whitelist lockdown instead of fail2ban, however, especially for a PBX such as Vicidial.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: install fail2ban

Postby cvillarreal77 » Sat May 28, 2016 11:10 pm

ohh thank for respondme too quickcly

and another question..

wich configuration recomend me for a topology like this:

internet--> router cisco with access list with nat ip public to vicidial ------> vicidial with one network card

is necesary enable the firewall if i use access-list ?
cvillarreal77
 
Posts: 92
Joined: Wed Dec 16, 2015 3:38 pm

Re: install fail2ban

Postby williamconley » Sat May 28, 2016 11:13 pm

if you are asking if you should use a firewall in vicidial when you already have a firewall in the router ... that's kinda a trick question.

if you have already built a whitelist firewall, why do YOU think you need another one?
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: install fail2ban

Postby cvillarreal77 » Sat May 28, 2016 11:30 pm

ohh ok i understand thank you very much :)

another question :D

well i only implement fail2ban only for block ssh connections..

my question is

i can update fail2ban ?

this is becouse the acttualy jail.conf dont have option for enable one only jail


example::

#
# JAILS
#

#
# SSH servers
#

[sshd]

port = ssh
logpath = %(sshd_log)s


[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
port = ssh
logpath = %(sshd_log)s
cvillarreal77
 
Posts: 92
Joined: Wed Dec 16, 2015 3:38 pm

Re: install fail2ban

Postby williamconley » Sat May 28, 2016 11:33 pm

close port 22 in your whitelist system except for (of course) your IP.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: install fail2ban

Postby cvillarreal77 » Wed Jun 01, 2016 3:19 pm

ok thank you very much..
cvillarreal77
 
Posts: 92
Joined: Wed Dec 16, 2015 3:38 pm

Re: install fail2ban

Postby marcinstopa » Mon Jun 06, 2016 5:14 am

I am stucked with the same problem too! :(
I also answered YES to both ipv4 and ipv6 rules on iptables-persistent installation.
I don't really know what to do.
marcinstopa
 
Posts: 1
Joined: Mon Jun 06, 2016 2:43 am

Re: install fail2ban

Postby williamconley » Mon Jun 06, 2016 11:16 am

Follow the instructions for Dynamic Good Guys whitelist firewall system. Note that the "lockdown" before installation is all you need to do, installing DGG is only necessary to make it easy to add allowed IPs.

Unfortunately DGG is not yet updated for Vicibox 7, but there is a thread somewhere on the Vicidial forum that shows the changes necessary if you wanted to install DGG all the way (making it easy to add a new IP to the whitelist, without using 'yast firewall').
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 14 guests