[asterisk-users] sip attack.. fail2ban not stopping attack
Daniel Tryba
daniel at tryba.nl
Mon Dec 27 16:50:18 UTC 2010
On Mon, Dec 27, 2010 at 10:20:13AM -0500, dave george wrote:
[snip fail2ban config]
Well, all looks fine. Your filter is correct. Your message log is also in the
correct format. You can test this with:
fail2ban-regex /var/log/asterisk/messages /etc/fail2ban/filter.d/asterisk.conf
So is fail2ban actually running (like someone already suggested)?
$ ps auxwww | grep fail
Other things it could be:
-a broken backend in jail.conf (try polling).
-running as an unprivileged user (can't read asterisk/messages).
--
When you do things right, people won't be sure you've done anything at all.
Daniel Tryba
More information about the asterisk-users
mailing list