Re: [asterisk-users] fail2ban does not work for my asterisk installation
Kyle Kienapfel doctor.whom at gmail.com writes: NOTICE.* .*: Registration from '.*' failed for 'HOST' - ACL error \(permit/deny\) I don't see slashes in front of the brackets on what you posted to the mailing list. I'm posting my config to see if the mailing list mangles it or not. I think Kyle found the OP's issue. Additionally, the - ACL error (permit/deny) log message was found in asterisk 1.2.x and no longer seems to occur in the later versions of asterisk. Lonnie -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] fail2ban does not work for my asterisk installation
Thank you doctor whom, It is working for me now. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] fail2ban does not work for my asterisk installation
Thanks for your reply. My configuration is correct. It works with ssh: many attacks have been stopped. Also, the config has worked for asterisk one time: I have seen that in the fail2ban.log file. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] fail2ban does not work for my asterisk installation
On Mon, Aug 2, 2010 at 12:15 PM, mosbah abdelkader
mosbah.abdelka...@gmail.com wrote:
Thanks for your reply.
My configuration is correct. It works with ssh: many attacks have been
stopped. Also, the config has worked for asterisk one time: I have seen that
in the fail2ban.log file.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
p...@prometheus:/var/log/asterisk# sudo cat /etc/fail2ban/filter.d/asterisk.conf
# http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named host. The tag HOST can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?Phost\S+)
# Values: TEXT
#
failregex = NOTICE.* .*: Registration from '.*' failed for 'HOST' -
Wrong password
NOTICE.* .*: Registration from '.*' failed for 'HOST' -
No matching peer found
NOTICE.* .*: Registration from '.*' failed for 'HOST' -
Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for 'HOST' -
Device does not match ACL
NOTICE.* HOST failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' \(from HOST\)
NOTICE.* .*: Host HOST failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@HOST.*
NOTICE.* .*: Registration from '.*' failed for 'HOST' -
ACL error \(permit/deny\)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
p...@prometheus:/var/log/asterisk# sudo
I don't see slashes in front of the brackets on what you posted to the
mailing list. I'm posting my config to see if the mailing list mangles
it or not.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] fail2ban does not work for my asterisk installation
The failregex statement in my jail.conf file is: * failregex* = NOTICE.* .*: Registration from '.*' failed for 'HOST' - Wrong password NOTICE.* .*: Registration from '.*' failed for 'HOST' - No matching peer found NOTICE.* .*: Registration from '.*' failed for 'HOST' - Username/auth name mismatch NOTICE.* .*: Registration from '.*' failed for 'HOST' - Device does not match ACL NOTICE.* HOST failed to authenticate as '.*'$ NOTICE.* .*: No registration for peer '.*' (from HOST) NOTICE.* .*: Host HOST failed MD5 authentication for '.*' (.*) NOTICE.* .*: Registration from '.*' failed for 'HOST' - ACL error (permit/deny) This is a log entry in /var/log/asterisk/full that shows the scan being performed: *2010-08-01 07:00:13 NOTICE[22540] chan_sip.c: Registration from '123456sip:123...@' failed for '193.158.62.48' - ACL error (permit/deny)* The problem is that fail2ban does not detect this attack that was performed for an amount of time of about half an hour. Please help me identify the problem. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] fail2ban does not work for my asterisk installation
On Sun, Aug 1, 2010 at 2:27 PM, mosbah abdelkader mosbah.abdelka...@gmail.com wrote: The failregex statement in my jail.conf file is: Aren't the regex supposed to be in filters/myjail.conf ? Are you testing the regex with the fail2ban-regex client? Maybe you need to avoid some of the quotes and simplify the expressions, then play with the regex tests. /r -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
