[asterisk-users] fail2ban does not work for my asterisk installation

Kyle Kienapfel doctor.whom at gmail.com
Mon Aug 2 21:37:18 CDT 2010


On Mon, Aug 2, 2010 at 12:15 PM, mosbah abdelkader
<mosbah.abdelkader at gmail.com> wrote:
> Thanks for your reply.
>
>
> My configuration is correct. It works with ssh: many attacks have been stopped. Also, the config has worked for asterisk one time: I have seen that in the fail2ban.log file.
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

pgmr at prometheus:/var/log/asterisk# sudo cat /etc/fail2ban/filter.d/asterisk.conf
# http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
[Definition]

#_daemon = asterisk

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
Wrong password
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
No matching peer found
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
Username/auth name mismatch
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
Device does not match ACL
            NOTICE.* <HOST> failed to authenticate as '.*'$
            NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)
            NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
            NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
ACL error \(permit/deny\)

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
pgmr at prometheus:/var/log/asterisk# sudo

I don't see slashes in front of the brackets on what you posted to the
mailing list. I'm posting my config to see if the mailing list mangles
it or not.



More information about the asterisk-users mailing list