You'll want a jail something like:
[pbx-gui]
enabled = true
port = 80,443
logpath = /var/log/asterisk/freepbx_security.log*
maxretry = 2
This assumes a default action of iptables-multiport. I've put a * in the
log path to pick up old log files as well.
Then filter file /etc/fail2ban/filter.d/pbx-gui with:
[INCLUDES]
before = common.conf
[Definition]
failregex = Authentication failure for \S* from <HOST>$
It also assumes the IP address is not enclosed by a <>. If it is, change
<HOST> to \<<HOST>\>
Nick
On 19/10/2016 09:07, Anthony Griffiths wrote:
> I'm running centos 6.8 and I've installed freepbx-13 and
> fail2ban-0.9.4-2.el6.noarch, which I got from 'yum install fail2ban'.
> I'm trying to create a jail to block failed login attempts in the
> freepbx GUI. One accesses the freepbx gui in a browser so it's
> http/https access.
> I tried this in jail.local: (copied from an earlier version of
> jail.local on a freepbx-disto machine)
> -------------
> [pbx-gui]
> port = http,https
> action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s",
> protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
> %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
> logpath = /var/log/asterisk/freepbx_security.log
> maxretry = 2
> --------------
> but it doesn't work. I don't know whether this should be an apache
> jail or a seperate [pbx-gui] jail. The failed gui logins are logged
> in:
> /var/log/asterisk/freepbx_security.log. A typical failed login looks
> like this in the log file:
> ------------------
> [2016-10-19 07:39:17] {"username":"gffddf","extdisplay":false}
> [2016-10-19 07:39:17] Authentication failure for gffddf from <ip-address>
> -------------------
> I have searched on google but everything I found refers to earlier
> versions on freepbx and fail2ban and I can't make sense of it when
> trying to translate it to the new jail.local file in fail2ban-0.9..
> Thanks for any help
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
