Oops. The filter file should be /etc/fail2ban/filter.d/pbx-gui.conf
On 19/10/2016 18:27, Nick Howitt wrote:
> You'll want a jail something like:
>
> [pbx-gui]
> enabled = true
> port = 80,443
> logpath = /var/log/asterisk/freepbx_security.log*
> maxretry = 2
>
>
> This assumes a default action of iptables-multiport. I've put a * in the
> log path to pick up old log files as well.
>
> Then filter file /etc/fail2ban/filter.d/pbx-gui with:
>
> [INCLUDES]
> before = common.conf
>
> [Definition]
> failregex = Authentication failure for \S* from <HOST>$
>
> It also assumes the IP address is not enclosed by a <>. If it is, change
> <HOST> to \<<HOST>\>
>
> Nick
>
> On 19/10/2016 09:07, Anthony Griffiths wrote:
>> I'm running centos 6.8 and I've installed freepbx-13 and
>> fail2ban-0.9.4-2.el6.noarch, which I got from 'yum install fail2ban'.
>> I'm trying to create a jail to block failed login attempts in the
>> freepbx GUI. One accesses the freepbx gui in a browser so it's
>> http/https access.
>> I tried this in jail.local: (copied from an earlier version of
>> jail.local on a freepbx-disto machine)
>> -------------
>> [pbx-gui]
>> port = http,https
>> action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s",
>> protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
>> %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
>> logpath = /var/log/asterisk/freepbx_security.log
>> maxretry = 2
>> --------------
>> but it doesn't work. I don't know whether this should be an apache
>> jail or a seperate [pbx-gui] jail. The failed gui logins are logged
>> in:
>> /var/log/asterisk/freepbx_security.log. A typical failed login looks
>> like this in the log file:
>> ------------------
>> [2016-10-19 07:39:17] {"username":"gffddf","extdisplay":false}
>> [2016-10-19 07:39:17] Authentication failure for gffddf from <ip-address>
>> -------------------
>> I have searched on google but everything I found refers to earlier
>> versions on freepbx and fail2ban and I can't make sense of it when
>> trying to translate it to the new jail.local file in fail2ban-0.9..
>> Thanks for any help
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Fail2ban-users mailing list
>> Fail2ban-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
