[asterisk-users] SEMI OFF-TOPIC - Fail2ban
Michelle Dupuis
mdupuis at ocg.ca
Fri Jan 9 17:24:09 CST 2015
I'd suggest taking a look at the free edition of SecAst (www.generationd.com). It handles these messages perfectly (and can also use AMI security events) - so you don't need to constantly be updating fail2ban rules. It's a drop in replacement for fail2ban.
-M-
P.S. My opinions are my own and do not necessarily represent those of my employer. As an employee of Generation D System you can bet my opinions are biased though!
________________________________________
From: asterisk-users-bounces at lists.digium.com <asterisk-users-bounces at lists.digium.com> on behalf of ricky gutierrez <xserverlinux at gmail.com>
Sent: Friday, January 9, 2015 3:02 PM
To: Asterisk Users List
Subject: Re: [asterisk-users] SEMI OFF-TOPIC - Fail2ban
2015-01-09 3:53 GMT-06:00 Stefan Gofferje <lists at home.gofferje.net>:
>
> Do you really want to detect "ChallengeSent"? That should occur also on
> legitimate login processes...
>
Hi , strange thing is that I still have not this asterisk in
production and I see many attempts Connection.
Now keep in mind that when a connection of authentication is
successful the message changes and is not exactly what you mention:
## SecurityEvent="SuccessfulAuth",EventTV="1420832883-140932",####
I think this type of connection attempts messages with my asterisk
that fail2ban not detected.
I'm no expert, but the log not lie ;)
regardss
--
rickygm
http://gnuforever.homelinux.com
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list