Difference between revisions of "Asterisk"
(New page: Hello all, I have fail2ban installed on CentOS 4.7 with Shoreline Firewall (Shorewall) and IpTables. This works well with SSH, Apache and Named bans. However, I am still trying to get it ...) |
|||
| Line 15: | Line 15: | ||
bantime = 259200 | bantime = 259200 | ||
| − | + | Here is the filter.d/asterisk file: | |
| + | |||
| + | # Fail2Ban configuration file | ||
| + | # | ||
| + | # | ||
| + | # $Revision: 250 $ | ||
| + | # | ||
| + | |||
| + | [INCLUDES] | ||
| + | |||
| + | # Read common prefixes. If any customizations available -- read them from | ||
| + | # common.local | ||
| + | #before = common.conf | ||
| + | |||
| + | |||
| + | [Definition] | ||
| + | |||
| + | #_daemon = asterisk | ||
| + | |||
| + | # Option: failregex | ||
| + | # Notes.: regex to match the password failures messages in the logfile. The | ||
| + | # host must be matched by a group named "host". The tag "<HOST>" can | ||
| + | # be used for standard IP/hostname matching and is only an alias for | ||
| + | # (?:::f{4,6}:)?(?P<host>\S+) | ||
| + | # Values: TEXT | ||
| + | # | ||
| + | |||
| + | failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password | ||
| + | NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found | ||
| + | NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch | ||
| + | NOTICE.* <HOST> failed to authenticate as '.*'$ | ||
| + | NOTICE.* .*: No registration for peer '.*' (from ) | ||
| + | NOTICE.* .*: Host failed MD5 authentication for '.*' (.*) | ||
| + | |||
| + | # Option: ignoreregex | ||
| + | # Notes.: regex to ignore. If this regex matches, the line is ignored. | ||
| + | # Values: TEXT | ||
| + | # | ||
| + | ignoreregex = | ||
| + | |||
| + | I cannot figure out why this is not banning. Do I have the right log file? This is the one I was directed to in the online instructions. Can anyone help me please? | ||
Thank you in advance for any assistance | Thank you in advance for any assistance | ||
Phil | Phil | ||
Revision as of 14:01, 17 December 2008
Hello all,
I have fail2ban installed on CentOS 4.7 with Shoreline Firewall (Shorewall) and IpTables. This works well with SSH, Apache and Named bans. However, I am still trying to get it to ban failed SIP registration attempts in Asterisk.
My jail.conf contains the following for Asterisk:
[asterisk-iptables]
enabled = true filter = asterisk action = iptables-allports[name=ASTERISK, protocol=all]
sendmail[name=ASTERISK, dest=phil@infinitygrp.co.uk, sender=fail2ban@asterisk1.local]
logpath = /var/log/messages maxretry = 2 bantime = 259200
Here is the filter.d/asterisk file:
- Fail2Ban configuration file
- $Revision: 250 $
[INCLUDES]
- Read common prefixes. If any customizations available -- read them from
- common.local
- before = common.conf
[Definition]
- _daemon = asterisk
- Option: failregex
- Notes.: regex to match the password failures messages in the logfile. The
- host must be matched by a group named "host". The tag "<HOST>" can
- be used for standard IP/hostname matching and is only an alias for
- (?:::f{4,6}:)?(?P<host>\S+)
- Values: TEXT
failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' (from )
NOTICE.* .*: Host failed MD5 authentication for '.*' (.*)
- Option: ignoreregex
- Notes.: regex to ignore. If this regex matches, the line is ignored.
- Values: TEXT
ignoreregex =
I cannot figure out why this is not banning. Do I have the right log file? This is the one I was directed to in the online instructions. Can anyone help me please?
Thank you in advance for any assistance
Phil
