[asterisk-users] fail2ban Asterisk 13.13.1
Антон Сацкий
satskiy.a at gmail.com
Wed Mar 1 13:16:35 CST 2017
Think that U should ask in Fain2ban LIST
2017-03-01 20:29 GMT+02:00 Motty Cruz <motty.cruz at gmail.com>:
> Hello, fail2ban does not ban offending IP.
>
>
>
> NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>'
> failed for 'offending-IP:53417' - Wrong password
>
> NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>'
> failed for ‘offending-IP:53911' - Wrong password
>
>
>
> systemctl status fail2ban
>
> ● fail2ban.service - Fail2Ban Service
>
> Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled;
> vendor preset: disabled)
>
> Active: active (running) since Wed 2017-03-01 00:40:43 PST; 470min ago
>
> Docs: man:fail2ban(1)
>
>
>
> jail.local
>
> [DEFAULT]
>
> # "bantime" is the number of seconds that a host is banned.
>
> bantime = -1
>
>
>
> # A host is banned if it has generated "maxretry" during the last
> "findtime"
>
> # seconds.
>
> findtime = 300
>
>
>
> # "maxretry" is the number of failures before a host get banned.
>
> maxretry = 3
>
>
>
> [asterisk-iptables]
>
> enable = true
>
> port = 5060,5061
>
> filter = asterisk
>
> action = iptables-allports[name=ASTERISK, protocol=all]
>
> sendmail[name=ASTERISK, dest=motty at email.com, sender=
> fail2ban at asterisk-ip.com]
>
> #action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s",
> protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
>
> %(banaction)s[name=%(__name__)s-udp, port="%(port)s",
> protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
>
> %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
>
> logpath = /var/log/asterisk/messages
>
> maxretry = 3
>
> findtime = 300
>
> bantime = -1
>
>
>
>
>
> in filter.d
>
> asterisk.conf
>
> failregex = ^%(__prefix_line)s%(log_prefix)s Registration from '[^']*'
> failed for '<HOST>(:¥d+)?' - (Wrong password|Username/auth name mismatch|No
> matching peer found|Not a local domain|Device does not match ACL|Peer is
> not supposed to register|ACL error ¥(permit/deny¥)|Not a local domain)$
>
> ^%(__prefix_line)s%(log_prefix)s Call from '[^']*'
> ¥(<HOST>:¥d+¥) to extension '[^']*' rejected because extension not found in
> context
>
> ^%(__prefix_line)s%(log_prefix)s Host <HOST> failed to
> authenticate as '[^']*'$
>
> ^%(__prefix_line)s%(log_prefix)s No registration for peer
> '[^']*' ¥(from <HOST>¥)$
>
> ^%(__prefix_line)s%(log_prefix)s Host <HOST> failed MD5
> authentication for '[^']*' ¥([^)]+¥)$
>
> ^%(__prefix_line)s%(log_prefix)s Failed to authenticate
> (user|device) [^@]+@<HOST>¥S*$
>
> ^%(__prefix_line)s%(log_prefix)s hacking attempt detected
> '<HOST>'$
>
> ^%(__prefix_line)s%(log_prefix)s SecurityEvent="(FailedACL|
> InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="([¥
> d-]+|%(iso8601)s)",Severity="[¥w]+",Service="[¥w]+",
> EventVersion="¥d+",AccountID="(¥d*|<unknown>)",SessionID=".+
> ",LocalAddress="IPV[46]/(UDP|TCP|WS)/[¥da-fA-F:.]+/¥d+",
> RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HOST>/¥d+"(,Challenge="[¥w/]+")?(,
> ReceivedChallenge="¥w+")?(,Response="¥w+",ExpectedResponse="¥w*")?(,
> ReceivedHash="[¥da-f]+")?(,ACLName="¥w+")?$
>
> ^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP
> connection from <HOST>"$
>
> ^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from
> '[^']*' failed for '<HOST>(?::¥d+)?'¥s¥(callid: [^¥)]*¥) - (?:No matching
> endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to
> authenticate)¥s*$
>
>
>
> failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
> Wrong password
>
> NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' -
> No matching peer found
>
> NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No
> matching peer found
>
> NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
> Username/auth name mismatch
>
> NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
> Device does not match ACL
>
> NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Peer
> is not supposed to register
>
> NOTICE.* .*: Registration from '.*' failed for '<HOST>' - ACL
> error (permit/deny)
>
> NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
> Device does not match ACL
>
> NOTICE.* <HOST> failed to authenticate as '.*'$
>
> NOTICE.* .*: No registration for peer '.*' ¥(from <HOST>¥)
>
> NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*'
> (.*)
>
> NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
>
> NOTICE.* .*: Sending fake auth rejection for device
> .*¥<sip:.*¥@<HOST>¥>;tag=.*
>
> NOTICE.* .*: Registration from '¥".*¥".*' failed for '<HOST>'
> - No matching peer found
>
> NOTICE.* .*: Registration from '¥".*¥".*' failed for '<HOST>'
> - Wrong password
>
>
>
> ignoreregex =
>
>
>
> Thanks
>
> Motty
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
Best regards
Antony
tel. +380669197533
tel2. +380636564340
Paypal http://paypal.me/Satskiy
<http://paypal.me/Satskiy?ppid=PPC000654&cnac=PL&rsta=en_PL(en_DK)&cust=NN8XJS9XEP22C&unptid=21db79ac-ef8d-11e5-9553-9c8e992ea258&t=&cal=4d776c21ca7d2&calc=4d776c21ca7d2&calf=4d776c21ca7d2&unp_tpcid=ppme-social-business-profile-created&page=main:email&pgrp=main:email&e=op&mchn=em&s=ci&mail=sys>
satskiy.a at gmail.com <mail%3Asatskiy.a at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170301/fecb2bc0/attachment.html>
More information about the asterisk-users
mailing list