Fail2Ban on Vicibox v9.0.3 Working!!

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

Fail2Ban on Vicibox v9.0.3 Working!!

Postby carpenox » Wed Jul 15, 2020 12:22 am

I have gotten fail2ban working on vicibox 9 if anyone is interested.
2 x Intel Xeon X3450 at 2.66GHz | 16GB DDR4
ViciBox v9.0.3 | Version: 2.14-772a | BUILD: 201004-1045 | SVN Version: 3305 | DB Schema Version: 1608 | Asterisk 13.34.0
http://www.CyburityLLC.com -: 844-PC-SATA-2 - :- www.contactcentersRus.com
carpenox
 
Posts: 706
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Fail2Ban on Vicibox v9.0.3 Working!!

Postby Kumba » Wed Jul 15, 2020 9:02 pm

If you can post a walk-through here that's 90% complete I can look at how I can integrate that with ViciBox.
Kumba
 
Posts: 871
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: Fail2Ban on Vicibox v9.0.3 Working!!

Postby carpenox » Thu Jul 16, 2020 11:09 am

OK no problem. I will setup one of my other servers with it today and write down the steps i used to get it working.
2 x Intel Xeon X3450 at 2.66GHz | 16GB DDR4
ViciBox v9.0.3 | Version: 2.14-772a | BUILD: 201004-1045 | SVN Version: 3305 | DB Schema Version: 1608 | Asterisk 13.34.0
http://www.CyburityLLC.com -: 844-PC-SATA-2 - :- www.contactcentersRus.com
carpenox
 
Posts: 706
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Fail2Ban on Vicibox v9.0.3 Working!!

Postby Kumba » Thu Jul 16, 2020 4:21 pm

Mostly I'd be using it to catch SIP scanners and try to feed that back into voipbl.org so that all of vicibox becomes one large crowd-sourced SIP blacklist generator.

That's my true ulterior motive. :)
Kumba
 
Posts: 871
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: Fail2Ban on Vicibox v9.0.3 Working!!

Postby carpenox » Thu Jul 16, 2020 9:22 pm

OK here it goes, its pretty much the same as the 8 install with a few minor changes.

zypper in fail2ban


nano /etc/fail2ban/jail.local


Code: Select all
[DEFAULT]
ignoreip = 127.0.0.1
bantime  = 6048000
findtime  = 600
maxretry = 5
backend = systemd

[asterisk-iptables]
enabled  = true
filter   = asterisk
action   = iptables-allports[name=SIP, protocol=all]
           sendmail[name=VICIBOX-ASTERISK-DETECTOR, dest=yourmail, sender=yourmail]
logpath  = /var/log/asterisk/messages
maxretry = 3
bantime = 6048000

[ssh-iptables]
enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail[name=VICIBOX-SSH-DETECTOR, dest=yourmail, sender=yourmail]
logpath  = /var/log/messages
maxretry = 3
bantime = 6048000

[apache-tcpwrapper]
enabled  = true
filter   = apache-auth
action   = iptables-allports[name=apache-auth, port=http, protocol=tcp]
           sendmail[name=VICIBOX-APACHE-DETECTOR, dest=yourmail, sender=yourmail]
logpath  = /var/log/apache2/error_log
maxretry = 3

[apache-badbots]
enabled  = true
filter   = apache-badbots
action   = iptables-multiport[name=BadBots, port="http,https"]
           sendmail[name=VICIBOX-BadBots-DETECTOR, dest=yourmail, sender=yourmail]
logpath  = /var/log/apache2/error_log
bantime  = 6048000
maxretry = 1

[pam-generic]
mode = normal
filter = pam-generic
action   = iptables-allports[name=pam-generic]
           sendmail[name=VICIBOX-PAM-DETECTOR, dest=yourmail, sender=yourmail]
bantime  = 6048000
maxretry = 5
enabled = true

[phpmyadmin-syslog]
mode = normal
filter = phpmyadmin-syslog
action   = iptables-allports[name=phpmyadmin-syslog, port=https, protocol=tcp]
           sendmail[name=VICIBOX-PHPMYADMIN-DETECTOR, dest=yourmail, sender=yourmail]
logpath  = /var/log/apache2/error_log
bantime  = 6048000
maxretry = 2
enabled = true


# Jail for more extended banning of persistent abusers
# !!! WARNING !!!
#   Make sure that your loglevel specified in fail2ban.conf/.local
#   is not at DEBUG level -- which might then cause fail2ban to fall into
#   an infinite loop constantly feeding itself with non-informative lines
[recidive]
enabled  = true
filter   = recidive
logpath  = /var/log/fail2ban.log*
action   = iptables-allports[name=recidive, protocol=all]
           sendmail[name=VICIBOX-BADBOY-DETECTOR, dest=yourmail, sender=yourmail]
bantime  = 6048000  ; 10 weeks
#findtime = 60480000   ; 5 hours
findtime = 43200   ; 12 hours
maxretry = 5


systemctl enable fail2ban


systemctl start fail2ban


fail2ban-client status


Advice: add your own ip as ignoreip to avoid risk getting banned from your own server
ignoreip = 127.0.0.1
ignoreip = yourserverip
ignoreip = yourofficeip




Let me know if it works.
Last edited by carpenox on Sat Jul 18, 2020 4:14 pm, edited 4 times in total.
2 x Intel Xeon X3450 at 2.66GHz | 16GB DDR4
ViciBox v9.0.3 | Version: 2.14-772a | BUILD: 201004-1045 | SVN Version: 3305 | DB Schema Version: 1608 | Asterisk 13.34.0
http://www.CyburityLLC.com -: 844-PC-SATA-2 - :- www.contactcentersRus.com
carpenox
 
Posts: 706
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Fail2Ban on Vicibox v9.0.3 Working!!

Postby carpenox » Sat Jul 18, 2020 6:52 am

I have a HUGE list of ip's if you want them, over 1700

Image
2 x Intel Xeon X3450 at 2.66GHz | 16GB DDR4
ViciBox v9.0.3 | Version: 2.14-772a | BUILD: 201004-1045 | SVN Version: 3305 | DB Schema Version: 1608 | Asterisk 13.34.0
http://www.CyburityLLC.com -: 844-PC-SATA-2 - :- www.contactcentersRus.com
carpenox
 
Posts: 706
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Fail2Ban on Vicibox v9.0.3 Working!!

Postby carpenox » Sat Jul 18, 2020 9:12 pm

Kumba wrote:Mostly I'd be using it to catch SIP scanners and try to feed that back into voipbl.org so that all of vicibox becomes one large crowd-sourced SIP blacklist generator.

That's my true ulterior motive. :)



you would have to turn whitelist off for that right? not a bad idea though. Maybe setup a honeypot just for that....

here is a failed list of ssh and pam failed tries.... https://www.cyburity.tk/d0wnl0ads/ssh-iptables.txt - theres like 1900 here in just a couple days
2 x Intel Xeon X3450 at 2.66GHz | 16GB DDR4
ViciBox v9.0.3 | Version: 2.14-772a | BUILD: 201004-1045 | SVN Version: 3305 | DB Schema Version: 1608 | Asterisk 13.34.0
http://www.CyburityLLC.com -: 844-PC-SATA-2 - :- www.contactcentersRus.com
carpenox
 
Posts: 706
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: Google [Bot] and 16 guests