Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-16104

"Upstream" Fail2ban via rsyslog and iptables FORWARD chain

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Accepted
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Fail2Ban
    • Labels:
      None
    • ToDo:
    • Asterisk Version:
      13
    • Distro Version:
      13
    • Distro:
      Self Install CentOS 6.X

      Description

      With our hosted setup, we have configured our guests to ship their logs off to the host(s) via rsyslog. The host puts all of the logs from the guests into a single log file and then uses fail2ban to analyze the logs and applies the block rules on the FORWARD chain, thereby blocking a bad actor from reaching any of the guests. This set up also helps in blocking attacks where an attacker will only try once per guest and move on.

       

      Once we implemented this setup and verified it's functionality we went through all of the guests and turned fail2ban, to save CPU cycles and disk IO, but now, we have a bunch of guests that are displaying a warning on the dashboard that fail2ban is not running.

       

      Is there anything that can be done about the dashboard alert? I do understand that this set up will not apply to the majority of users. 

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ftwrobert Robert Johnson
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.