Add Asterisk jail to fail2ban

stephdl · August 10, 2018, 5:16pm

I need this bug is verified before to release the new fail2ban statistics feature…please go on

mrmarkuz · August 10, 2018, 7:38pm

The jail should be enabled you can check it by fail2ban-client status asterisk
Check the UI, a new fieldset switch exists Communication it replaces Instant messaging
With the asterisk auth checkbox you can disable the jail if needed (/etc/fail2ban/jail.local check [asterisk]-> false or true)
On a real asterisk server you should wait to see the bans and if they are not false positive
The maxretry value is the double of the general maxretry value (/etc/fail2ban/jail.local check [asterisk])

The jail is disabled if the asterisk service is disabled (/etc/fail2ban/jail.local check [asterisk])

I disabled the asterisk service via shell and ui, did “signal-event nethserver-fail2ban-save” but the jail is still up and the config file is unchanged.

I tested on a VM with only green interface and port forwarding from the router. As client I used microsip with a wrong password to simulate bans.

stephdl · August 11, 2018, 6:45am

sorry but I cannot reproduce, can you check again, this is what I did

[root@ns7loc15 ~]# config setprop asterisk status disabled
[root@ns7loc15 ~]# signal-event nethserver-fail2ban-save 
[root@ns7loc15 ~]# fail2ban-client status asterisk
ERROR  NOK: ('asterisk',)
Sorry but the jail 'asterisk' does not exist

[root@ns7loc15 ~]# config setprop asterisk status enabled
[root@ns7loc15 ~]# signal-event nethserver-fail2ban-save 
[root@ns7loc15 ~]# fail2ban-client status asterisk
Status for the jail: asterisk
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	0
|  `- File list:	/var/log/asterisk/full
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:

you can see also in /etc/fail2ban/jail.local that the jail is enabled/disabled

I used this rpm, is it the same ?

[root@ns7loc15 ~]# rpm -qa nethserver-fail2ban
nethserver-fail2ban-1.0.4-1.4.g41ce7d0.ns7.noarch

stephdl · August 11, 2018, 6:53am

what UI did you try, the Status/services UI stop only the service at the systemd level, nothing at the esmith layer

mrmarkuz · August 11, 2018, 7:36am

My fault. I only did a systemctl disable --now. Disabling asterisk via e-smith disables the fail2ban jail.

robb · August 11, 2018, 8:39am

Am I too paranoia when bells and whistles go off when I read such a thing? Is it necessary to make the GUI services status/stop option to also stop at e-smith layer level?

stephdl · August 11, 2018, 8:42am

I do not think so, this panel is here to manage the service restart/stop, if you want to disable completely a service, I suppose it is the role of the relevant configuration panel

for example you can stop fail2ban from the service panel, but I provide a status checkbox to disable the service in the fail2ban setting panel

stephdl · August 13, 2018, 4:06pm

@mrmarkuz can we release this rpm, does the jail is not too much aggressive and generate false positive (good guys banned) ?

merci par avance (thank in advance)

mrmarkuz · August 13, 2018, 8:40pm

On the test VM it works as expected, some bad guys were banned, my sip client still can connect.