Difference between revisions of "Fail2Ban"

From Kolmisoft Wiki
Jump to navigationJump to search
m
Line 35: Line 35:


'''213.197.141.162 is the address of KolmiSoft support office. Please leave it here.'''
'''213.197.141.162 is the address of KolmiSoft support office. Please leave it here.'''
=Questions=
==How do i unblock all ip addresses?==
Use this command:
iptables -F #be carefull, this command erases your iptables rules.

Revision as of 12:52, 30 August 2010

Fail2Ban

What is a Fail2Ban?

Fail2Ban is an intrusion prevention framework, it protects you sip devices from brute force registration attacks

How can I install Fail2Ban?

Just run the script /usr/src/mor/sh_scripts/fail2ban_install_vX.sh, where X is the script version number, to install this software.

/usr/src/mor/sh_scripts/fail2ban_install_vX.sh

How Fail2Ban works?

Fail2Ban checks Asterisk log: /var/log/asterisk/messages and counts unsuccessful sip registration attempts. When it counts to 5 - bans the abusive user for a specified amount of time (600 seconds by default).

These settings can be adjusted in /etc/fail2ban/jail.conf:

[asterisk-iptables]
enabled  = true
filter   = asterisk
action   = iptables-allports[name=ASTERISK, port=5060, protocol=udp]
logpath  = /var/log/asterisk/messages
maxretry = 5
bantime = 600

maxretry - maximum number of retries allowed

bantime - ban time is seconds

You will also find a section [DEFAULT] in jail.conf. In this section you will find variable ignoreip here mor install script places addresses that are ignored and will not be banned. Add here additional addresses if you find you need to do this.

[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 192.168.0.1/16 10.0.0.0/8 127.0.0.1/8 172.16.0.0/12 213.197.141.162  192.168.0.158

213.197.141.162 is the address of KolmiSoft support office. Please leave it here.

Questions

How do i unblock all ip addresses?

Use this command:

iptables -F #be carefull, this command erases your iptables rules.