Debian 11 and Fail2ban Issues

Status
Not open for further replies.

Scuzz

New Member
Feb 7, 2019
19
2
3
49
I have noticed when installing fusionpbx on Debian 11 that fail2ban seems to be processing lines with uuid's and receiving index out of range errors in the fail2ban log.
After installing fusionpbx /var/log/fail2ban looks normal until you register a phone and make a call with it, thats when the logs start to fill up with Index out of range errors.

If anyone gets bored and feels like spinning up a quick vm to check this it would surely be appreciated but its been going on for months now and i dont feel comfortable running Debian 11 untl its resolved.

No issues with Debian 10
 

Scuzz

New Member
Feb 7, 2019
19
2
3
49
Attach copy of the logs...
Sorry it took so long i been busy.


I just made a domain and manually registered a phone to get logs quickly, no inbound our outbound routes added yet but i get errors either way.
This is with the latest fusionpbx installed as of yesterday and fail2ban version 11.2 on Debian 11

2022-08-01 10:44:56,865 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 v=0', caught exception: IndexError('string index out of range')
2022-08-01 10:44:56,866 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 v=0', caught exception: IndexError('string index out of range')
2022-08-01 10:44:56,868 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 v=0', caught exception: IndexError('string index out of range')
2022-08-01 10:44:56,870 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 v=0', caught exception: IndexError('string index out of range')
2022-08-01 10:44:56,871 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 v=0', caught exception: IndexError('string index out of range')
2022-08-01 10:44:56,873 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 v=0', caught exception: IndexError('string index out of range')
2022-08-01 10:44:57,392 fail2ban.filter [647]: INFO [nginx-dos] Ignore 127.0.0.1 by ignoreself rule
2022-08-01 10:44:58,876 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 s=A conversation', caught exception: IndexError('string index out of range')
2022-08-01 10:44:58,876 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 s=A conversation', caught exception: IndexError('string index out of range')
2022-08-01 10:44:58,877 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 s=A conversation', caught exception: IndexError('string index out of range')
2022-08-01 10:44:58,877 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 s=A conversation', caught exception: IndexError('string index out of range')
2022-08-01 10:44:58,877 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 s=A conversation', caught exception: IndexError('string index out of range')
2022-08-01 10:44:58,878 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 s=A conversation', caught exception: IndexError('string index out of range')
2022-08-01 10:45:00,878 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 c=IN IP4 172.16.1.67', caught exception: IndexError('string index out of range')
2022-08-01 10:45:00,878 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 c=IN IP4 172.16.1.67', caught exception: IndexError('string index out of range')
2022-08-01 10:45:00,879 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 c=IN IP4 172.16.1.67', caught exception: IndexError('string index out of range')
2022-08-01 10:45:00,879 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 c=IN IP4 172.16.1.67', caught exception: IndexError('string index out of range')
2022-08-01 10:45:00,879 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 c=IN IP4 172.16.1.67', caught exception: IndexError('string index out of range')
2022-08-01 10:45:00,879 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 c=IN IP4 172.16.1.67', caught exception: IndexError('string index out of range')
2022-08-01 10:45:02,881 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 t=0 0', caught exception: IndexError('string index out of range')
2022-08-01 10:45:02,881 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 t=0 0', caught exception: IndexError('string index out of range')
2022-08-01 10:45:02,881 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 t=0 0', caught exception: IndexError('string index out of range')
2022-08-01 10:45:02,881 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 t=0 0', caught exception: IndexError('string index out of range')
2022-08-01 10:45:02,882 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 t=0 0', caught exception: IndexError('string index out of range')
2022-08-01 10:45:02,882 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 t=0 0', caught exception: IndexError('string index out of range')
2022-08-01 10:45:04,882 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:0 PCMU/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:04,883 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:0 PCMU/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:04,884 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:0 PCMU/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:04,884 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:0 PCMU/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:04,885 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:0 PCMU/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:04,885 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:0 PCMU/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:06,885 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:8 PCMA/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:06,885 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:8 PCMA/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:06,886 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:8 PCMA/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:06,886 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:8 PCMA/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:06,886 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:8 PCMA/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:06,886 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:8 PCMA/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:08,888 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:102 G726-32/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:08,888 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:102 G726-32/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:08,888 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:102 G726-32/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:08,888 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:102 G726-32/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:08,888 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:102 G726-32/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:08,888 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:102 G726-32/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:10,890 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:18 G729/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:10,891 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:18 G729/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:10,891 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:18 G729/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:10,891 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:18 G729/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:10,891 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:18 G729/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:10,891 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:18 G729/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:12,892 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:18 annexb=no', caught exception: IndexError('string index out of range')
2022-08-01 10:45:12,892 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:18 annexb=no', caught exception: IndexError('string index out of range')
2022-08-01 10:45:12,892 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:18 annexb=no', caught exception: IndexError('string index out of range')
2022-08-01 10:45:12,892 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:18 annexb=no', caught exception: IndexError('string index out of range')
2022-08-01 10:45:12,892 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:18 annexb=no', caught exception: IndexError('string index out of range')
2022-08-01 10:45:12,892 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:18 annexb=no', caught exception: IndexError('string index out of range')
2022-08-01 10:45:14,894 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:4 G723/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:14,894 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:4 G723/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:14,894 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:4 G723/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:14,895 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:4 G723/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:14,895 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:4 G723/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:14,895 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:4 G723/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:16,896 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:97 iLBC/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:16,897 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:97 iLBC/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:16,897 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:97 iLBC/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:16,898 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:97 iLBC/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:16,898 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:97 iLBC/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:16,898 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:97 iLBC/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:18,897 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:97 mode=20', caught exception: IndexError('string index out of range')
2022-08-01 10:45:18,897 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:97 mode=20', caught exception: IndexError('string index out of range')
2022-08-01 10:45:18,899 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:97 mode=20', caught exception: IndexError('string index out of range')
2022-08-01 10:45:18,899 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:97 mode=20', caught exception: IndexError('string index out of range')
2022-08-01 10:45:18,900 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:97 mode=20', caught exception: IndexError('string index out of range')
2022-08-01 10:45:18,900 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=fmtp:97 mode=20', caught exception: IndexError('string index out of range')
2022-08-01 10:45:20,899 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:108 AMR/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:20,900 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:108 AMR/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:20,900 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:108 AMR/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:20,900 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:108 AMR/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:20,902 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:108 AMR/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:20,902 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:108 AMR/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:22,902 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:9 G722/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:22,903 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:9 G722/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:22,903 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:9 G722/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:22,904 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:9 G722/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:22,904 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:9 G722/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:22,905 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:9 G722/8000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:24,905 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:109 AMR-WB/16000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:24,905 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:109 AMR-WB/16000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:24,905 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:109 AMR-WB/16000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:24,905 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:109 AMR-WB/16000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:24,906 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:109 AMR-WB/16000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:24,906 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 a=rtpmap:109 AMR-WB/16000', caught exception: IndexError('string index out of range')
2022-08-01 10:45:26,908 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 ', caught exception: IndexError('string index out of range')
2022-08-01 10:45:26,910 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 ', caught exception: IndexError('string index out of range')
2022-08-01 10:45:26,910 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 ', caught exception: IndexError('string index out of range')
2022-08-01 10:45:26,911 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 ', caught exception: IndexError('string index out of range')
2022-08-01 10:45:26,912 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 ', caught exception: IndexError('string index out of range')
2022-08-01 10:45:26,913 fail2ban.filter [647]: ERROR Failed to process line: '32143156-5f12-4814-b15e-5479b7395271 ', caught exception: IndexError('string index out of range')
 
Last edited:

hfoster

Active Member
Jan 28, 2019
674
80
28
34
Fail2Ban wigs out on the lines that don't have a timestamp. It's possible to modify the filters to ignore the date entirely.


Allegedly putting: datepattern = {NONE} on the freeswitch specific filters should sort it. I have not tested it yet though, I might give this a spin tomorrow. My test platform doesn't have any phones on it at the moment.
 

Scuzz

New Member
Feb 7, 2019
19
2
3
49
Allegedly putting: datepattern = {NONE} on the freeswitch specific filters should sort it. I have not tested it yet though, I might give this a spin tomorrow. My test platform doesn't have any phones on it at the moment.
hfoster thank you for replying, Im not sure if i have already tried that already since i have been reading and researching these errors and have found the same material.
Ill give it another go and report back.
 

Scuzz

New Member
Feb 7, 2019
19
2
3
49
So i just tried adding datepattern = {NONE} to all three freeswitch filters and still no luck.
After restarting my server the errors still persist.

This is my /etc/fail2ban/filter.d/freeswitch.conf

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
datepattern = {NONE}
ignoreregex =
 

Scuzz

New Member
Feb 7, 2019
19
2
3
49
I’m using Debian 11 and have no issues at all.
Hi gflow, I have tested new installs of fusionpbx on Debian 11 with OVH and Vultre with the same results with both providers.
fail2ban looks and seems to operate like normal until you make or receive a phone call.
That’s when you will notice the Index out of range error.
Im not sure how long your install of Debian 11 was but I’m certain something has changed, perhaps maybe the version of fail2ban you have installed as well.
My version of fail2ban is 11.2
 

gflow

Active Member
Aug 25, 2019
261
28
28
I'm running debian 11 with latest master branch FusionPBX and Fail2ban 11.2. I've been using this for about 4 months now, not huge call volume but i've had no issues.
 

Scuzz

New Member
Feb 7, 2019
19
2
3
49
gflow, im stumped on this one, I was hoping someone would be willing to spin up a vm and test this but nobody has so far.
Thank you for replying though.
 

hfoster

Active Member
Jan 28, 2019
674
80
28
34
I am getting the error, no doubt about it. It's not crashing Fail2Ban though, just throwing an exception about that line for all the SDP headers.

How I've managed to supress that error is by adding datepattern = {NONE} to all the filters that read that file and are enabled:

  • freeswitch.conf
  • freeswitch-ip.conf
  • freeswitch-acl.conf
  • sip-auth-failure.conf
Makes the log a lot more useful again.
 
  • Like
Reactions: Scuzz

Scuzz

New Member
Feb 7, 2019
19
2
3
49
I am getting the error, no doubt about it. It's not crashing Fail2Ban though, just throwing an exception about that line for all the SDP headers.

How I've managed to supress that error is by adding datepattern = {NONE} to all the filters that read that file and are enabled:

  • freeswitch.conf
  • freeswitch-ip.conf
  • freeswitch-acl.conf
  • sip-auth-failure.conf
Makes the log a lot more useful again.
Thank you hfoster, so now you proved i wasnt crazy but just an idiot. I didnt take in to account the other jails that were also using /var/log/freeswitch/freeswitch.log when i added datepattern = {NONE} to the .conf files.

I appreciate you taking the time to look in to this and thank you again.
 

hfoster

Active Member
Jan 28, 2019
674
80
28
34
What is strange, is why other users on Debian 11 aren't seeing it? Maybe they're just not noticing it. I can't work it out.

Also, something is afoot. Mark has just committed a change to the fail2ban configs disabling a few jails:


Maybe he's overhauling them as we speak.
 

Scuzz

New Member
Feb 7, 2019
19
2
3
49
Also, something is afoot. Mark has just committed a change to the fail2ban configs disabling a few jails:
Maybe he's overhauling them as we speak.
Yes i noticed that yesterday as well, looks like every jail reading the freeswitch.log is disabled for now by default.
 

Scuzz

New Member
Feb 7, 2019
19
2
3
49
@hfoster Im going to try a bare metal install on the weekend just to see if this is somehow vm related or not.
But i agree that its odd that nobody else is noticing this.
 

gflow

Active Member
Aug 25, 2019
261
28
28
@hfoster Im going to try a bare metal install on the weekend just to see if this is somehow vm related or not.
But i agree that its odd that nobody else is noticing this.
That's probably it, my master branch is about 1 month old.
 

markjcrane

Active Member
Staff member
Jul 22, 2018
447
162
43
49
If I disabled some of the fail2ban jails to do with FreeSWITCH that means I've enabled an alternative. Fail2ban while it has been helpful it has also caused many problems for people using FusionPBX. Likely FusionPBX project has lost many people because of fail2ban.

Some of the problems with fail2ban.
- Adding all customers and VoIP providers to ignoreip white list is really needed with fail2ban all in one line.
- Fail2ban reads logs after they happen so its re-active vs pro-active
- Reading the logs is resource intensive especially at scale
- White list would have been better to be database driven or dedicated file for the ignoreip white list
- Fail2ban lots of false positives harming your customers or blocking your voip provider

New install enables something called event_guard. Its job watch per-registration and registration events and block abuse.
- Use Access Controls as a white list.
- Use already registered SIP users as a white list

Requirement latest FusionPBX code and install as a service. Look at this commit to see how to install as a service on Debian and Ubuntu.
- https://github.com/fusionpbx/fusionpbx-install.sh/commit/d8b7f0e75c5c12357898e483c3fdc7a0109ecbd1
 

hfoster

Active Member
Jan 28, 2019
674
80
28
34
Indeed Mark, it is a bit of a sledgehammer to crack a nut sometimes. I understand why it's used, nobody really designs their software to be abused so it usually gets farmed off to Fail2Ban or a dedicated IPS.

My support desk underlings are going to be excited about not having to bother me about fail2bans from the looks of this event_guard. Currently they're self-sufficient on the 3CX side with the integrated whitelist/blacklist so this is just another thing that brings FusionPBX up to feature parity.

Thanks for your input on this thread, and thanks for all the work you do!
 
  • Like
Reactions: markjcrane

Scuzz

New Member
Feb 7, 2019
19
2
3
49
If I disabled some of the fail2ban jails to do with FreeSWITCH that means I've enabled an alternative. Fail2ban while it has been helpful it has also caused many

New install enables something called event_guard. Its job watch per-registration and registration events and block abuse.
- Use Access Controls as a white list.
- Use already registered SIP users as a white list

Requirement latest FusionPBX code and install as a service. Look at this commit to see how to install as a service on Debian and Ubuntu.
- https://github.com/fusionpbx/fusionpbx-install.sh/commit/d8b7f0e75c5c12357898e483c3fdc7a0109ecbd1
Thank you markjcrane for the information. This is defiantly a step in the right direction but just to be clear, when you said - Use already registered SIP users as a white list, Does that actually mean you have to have a sip user account setup or just a registered extension?.
 
Last edited:

markjcrane

Active Member
Staff member
Jul 22, 2018
447
162
43
49
Fail2ban you could have one to hundreds of phones registered behind the same IP address. One phone is setup wrong and has a failed registration and it then bans the IP address and all phones behind that IP are banned.

The registered extension comes from an IP address and successfully registered. Another extension has the wrong info but comes from the same IP address is not blocked it gets a response from freeswitch and can continue to send bad registrations. and other phones behind the same IP address are not blocked. If we were to block it then it could block many other phones behind the same IP address that are already registered.
 
Status
Not open for further replies.