Main Page

From F2BShare

Jump to: navigation, search

Welcome to the Fail2ban Data Sharing Application Site

Site is under development

We've recently had several phone systems that have been under heavy attack. We're using fail2ban but that doesn't seem very proactive to me. I've been using denyhosts (http://denyhosts.sf.net) on our systems for a few years and I've been really happy how the number of ssh login attempts drops off after installing that. However, I've been unable to find anything similar for Fail2ban and Asterisk doesn't use hosts.deny so they don't work together.

I decided that it really wouldn't be too difficult to put together a solution that would allow me to preemptively block attackers. Hackers can attack one of the pbxs I manage but the others will know they're coming and will lock oute the ip address first. I've written a small server that sits on one of my web sites and manages the list. At present the program requires a username and password to access. I'm not sure what I'll end up doing with that but if you want to start using it just request an account here Request Account

I've prepopulated the database with information from the VoIP Abuse Project (http://www.infiltrated.net/voipabuse/) and I'm feeding a couple of my servers into it also. Currently the server does not expire bans but I plan on adding that a little later. At present I have no need to open up access to systems once I've banned them.

Getting started

  1. Install Fail2ban and get it working. If you're going to be using it for Asterisk the following site is helpful (http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk)
  2. The first thing you need is an account.Request Account The username and password will be needed several places in the setup.
  3. Be sure to replace USER and PASS with your username and password.
  4. Manually run the following command to populate your fail2ban-share log. 
    wget -O /var/log/fail2ban-share.log "http://fail2ban.aleph-com.net/cgi-bin/report.cgi?username=USER&password=PASS&mode=UPDATE&increment_count=1&increment_type=HOUR"
  5. Add to cron. This sample shows once every hour. I would appreciate if you would randomize the time to keep the load on my systems spread out.
    1 * * * * wget -O /var/log/fail2ban-share.log "http://fail2ban.aleph-com.net/cgi-bin/report.cgi?username=USER&password=PASS&mode=UPDATE&increment_count=1&increment_type=HOUR" >/dev/null 2>&1
  6. Create Configuration Files. When you edit the jail.conf file you can chose which hosts you want to push to fail2ban-share. In the included example from my /etc/fail2ban/jail.conf I'm pushing Asterisk registry failures to the cloud. I'm also monitoring the downloaded file and firewalling out any systems that are banned. Sample Configuration Files
  7. Before restarting fail2ban please run the command in your cron once manually. Once fail2ban has been restarted run it again to get it started.

Server Details

Server

Tracker

Feature Requests / Bugs / Patches (https://sourceforge.net/tracker/?group_id=380254)

Retrieved from "http://www.f2bshare.org/index.php?title=Main_Page"
Personal tools