Asterisk
Hello all,
I have fail2ban installed on CentOS 4.7 with Shoreline Firewall (Shorewall) and IpTables. This works well with SSH, Apache and Named bans. However, I am still trying to get it to ban failed SIP registration attempts in Asterisk.
My jail.conf contains the following for Asterisk:
[asterisk-iptables]
enabled = true filter = asterisk action = iptables-allports[name=ASTERISK, protocol=all]
sendmail[name=ASTERISK, dest=you@yourmail.co.uk, sender=fail2ban@local.local]
logpath = /var/log/messages maxretry = 2 bantime = 259200
Here is the filter.d/asterisk file:
- Fail2Ban configuration file
- $Revision: 250 $
[INCLUDES]
- Read common prefixes. If any customizations available -- read them from
- common.local
- before = common.conf
[Definition]
- _daemon = asterisk
- Option: failregex
- Notes.: regex to match the password failures messages in the logfile. The
- host must be matched by a group named "host". The tag "<HOST>" can
- be used for standard IP/hostname matching and is only an alias for
- (?:::f{4,6}:)?(?P<host>\S+)
- Values: TEXT
failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' (from )
NOTICE.* .*: Host failed MD5 authentication for '.*' (.*)
- Option: ignoreregex
- Notes.: regex to ignore. If this regex matches, the line is ignored.
- Values: TEXT
ignoreregex =
I cannot figure out why this is not banning. Do I have the right log file? This is the one I was directed to in the online instructions. Can anyone help me please?
Thank you in advance for any assistance on our essays.
Phil
