FOP Password
- Thread starter Squishy
- Start date
Thank you Mr. Mundy. Nice article. Great advice.
Even though there were log entries for banned
IPs in /var/log/fail2ban.log, I wanted to make
sure we were getting maximum protection, so:
find / -name "*jail.conf*"
Nothing showed. Confirm:
ps aux | grep fail2ban-server | grep -v grep
Nothing.
OK, let's upgrade:
cd /root
mkdir fail2ban
cd fail2ban
wget http://pbxinaflash.net/source/fail2ban/fail2ban-update
chmod +x fail2ban-update
./fail2ban-update
service fail2ban restart
Now looking even better.
Love that SIP lockout. Since we allow our phones to
go all over the world, don't want to restrict to a
particular IP range. We use very secure passwords
on the extensions, so a bot will locked out quickly
thanks to fail2ban.
Wondering if http/https is protected by fail2ban
as well? From the log file it appears to be. But
on http://nerdvittles.com/?p=580 it only says:
"FTP, SSH, SIP, and IAX..."
Things we do that weren't mentioned in that article:
Don't use passwords on SSH, only keys. Restrict
SSH logins in hosts.allow to certain IPs
Run ZenMap against the server before putting on
a real world IP. Close all unused ports in iptables.
On ports that are open, try to use https.
Even though there were log entries for banned
IPs in /var/log/fail2ban.log, I wanted to make
sure we were getting maximum protection, so:
find / -name "*jail.conf*"
Nothing showed. Confirm:
ps aux | grep fail2ban-server | grep -v grep
Nothing.
OK, let's upgrade:
cd /root
mkdir fail2ban
cd fail2ban
wget http://pbxinaflash.net/source/fail2ban/fail2ban-update
chmod +x fail2ban-update
./fail2ban-update
service fail2ban restart
Now looking even better.
Love that SIP lockout. Since we allow our phones to
go all over the world, don't want to restrict to a
particular IP range. We use very secure passwords
on the extensions, so a bot will locked out quickly
thanks to fail2ban.
Wondering if http/https is protected by fail2ban
as well? From the log file it appears to be. But
on http://nerdvittles.com/?p=580 it only says:
"FTP, SSH, SIP, and IAX..."
Things we do that weren't mentioned in that article:
Don't use passwords on SSH, only keys. Restrict
SSH logins in hosts.allow to certain IPs
Run ZenMap against the server before putting on
a real world IP. Close all unused ports in iptables.
On ports that are open, try to use https.
Forum statistics
Get 3CX - Absolutely Free!
Link up your team and customers 
Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Verify your Email
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.