Webmin Setup
The simplest and best way to get Webmin is to use automatic webmin-setup-repo.sh
script to configure repositories on your RHEL or Debian derivative systems. It can be done in two easy steps:
$curl -o webmin-setup-repo.sh https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh
sudo sh webmin-setup-repo.sh
This script will automatically setup our repository and install our GPG keys on your system, and provide webmin
package for installation and easy upgrades in the future.
Install
If Webmin repository was setup using our webmin-setup-repo.sh
as described above then Webmin can be installed as easy as:
$ sudo apt-get install webmin --install-recommends
Access
Open ports for both Webmin and Freeswitch.
$ ufw allow 10000/tcp
$ ufw allow 3478:3479/udp
$ ufw allow 5060
$ ufw allow 5080
$ ufw allow 8021/tcp
$ ufw allow 16384:32768/udp
After successful Webmin installation, you can access its interface by entering https://<Your-Server-IP>:10000
in your browser..
Freeswitch Setup
$curl -sSL https://freeswitch.org/fsget | bash -s [Personal Access Token] release install
$ sudo apt install freeswitch-mod-flite fail2ban
Fail2ban Setup
Fail2ban’s jail.conf file contains a standard configuration for FreeSWITCH.
From Standard jail.conf
[shd] <-- Make sure that this section is empty.
[freeswitch]
enabled = true
port = 5060,5061
action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]
%(default/action_)s[name=%(__name__)s-udp, protocol="udp"]
logpath = /var/log/freeswitch/freeswitch.log
filter = freeswitch-ip
/etc/fail2ban/filter.d/freeswitch-ip.conf
# Fail2Ban configuration file
[Definition]
failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
ignoreregex =
Add the following line to the [DEFAULT] section of /etc/fail2ban/paths-debian.conf:
sshd_backend = systemd
In Webmin, go to Networking > Fail2ban Intrusion Detector and click on Filter Action Jails. Click on Freeswitch in the list and change ‘Check for log file updates using‘ to systemd and click on the ‘Save’ button.
Usage
To check the status of fail2ban:
$ systemctl status fail2ban.service
To check the IP addresses that were blocked:
$ fail2ban-client banned
Resources
https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Security/Fail2Ban_1049236/
https://github.com/fail2ban/fail2ban/issues/3567
https://stackoverflow.com/questions/3561289/what-ports-does-freeswitch-need-open