I need this bug is verified before to release the new fail2ban statistics feature…please go on
The jail should be enabled you can check it by fail2ban-client status asterisk
Check the UI, a new fieldset switch exists Communication it replaces Instant messaging
With the asterisk auth checkbox you can disable the jail if needed (/etc/fail2ban/jail.local check [asterisk]-> false or true)
On a real asterisk server you should wait to see the bans and if they are not false positive
The maxretry value is the double of the general maxretry value (/etc/fail2ban/jail.local check [asterisk])
The jail is disabled if the asterisk service is disabled (/etc/fail2ban/jail.local check [asterisk])
I disabled the asterisk service via shell and ui, did “signal-event nethserver-fail2ban-save” but the jail is still up and the config file is unchanged.
I tested on a VM with only green interface and port forwarding from the router. As client I used microsip with a wrong password to simulate bans.
sorry but I cannot reproduce, can you check again, this is what I did
[root@ns7loc15 ~]# config setprop asterisk status disabled [root@ns7loc15 ~]# signal-event nethserver-fail2ban-save [root@ns7loc15 ~]# fail2ban-client status asterisk ERROR NOK: ('asterisk',) Sorry but the jail 'asterisk' does not exist [root@ns7loc15 ~]# config setprop asterisk status enabled [root@ns7loc15 ~]# signal-event nethserver-fail2ban-save [root@ns7loc15 ~]# fail2ban-client status asterisk Status for the jail: asterisk |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /var/log/asterisk/full `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list:
you can see also in
/etc/fail2ban/jail.local that the jail is enabled/disabled
I used this rpm, is it the same ?
[root@ns7loc15 ~]# rpm -qa nethserver-fail2ban nethserver-fail2ban-1.0.4-1.4.g41ce7d0.ns7.noarch
what UI did you try, the Status/services UI stop only the service at the systemd level, nothing at the esmith layer
My fault. I only did a
systemctl disable --now. Disabling asterisk via e-smith disables the fail2ban jail.
Am I too paranoia when bells and whistles go off when I read such a thing? Is it necessary to make the GUI services status/stop option to also stop at e-smith layer level?
I do not think so, this panel is here to manage the service restart/stop, if you want to disable completely a service, I suppose it is the role of the relevant configuration panel
for example you can stop fail2ban from the service panel, but I provide a status checkbox to disable the service in the fail2ban setting panel
@mrmarkuz can we release this rpm, does the jail is not too much aggressive and generate false positive (good guys banned) ?
merci par avance (thank in advance)
On the test VM it works as expected, some bad guys were banned, my sip client still can connect.