Think that U should ask in Fain2ban LIST 2017-03-01 20:29 GMT+02:00 Motty Cruz <[email protected]>:
> Hello, fail2ban does not ban offending IP. > > > > NOTICE[29784] chan_sip.c: Registration from > '"user3"<sip:1005@asterisk-ip:5060>' > failed for 'offending-IP:53417' - Wrong password > > NOTICE[29784] chan_sip.c: Registration from > '"user3"<sip:1005@asterisk-ip:5060>' > failed for ‘offending-IP:53911' - Wrong password > > > > systemctl status fail2ban > > ● fail2ban.service - Fail2Ban Service > > Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; > vendor preset: disabled) > > Active: active (running) since Wed 2017-03-01 00:40:43 PST; 470min ago > > Docs: man:fail2ban(1) > > > > jail.local > > [DEFAULT] > > # "bantime" is the number of seconds that a host is banned. > > bantime = -1 > > > > # A host is banned if it has generated "maxretry" during the last > "findtime" > > # seconds. > > findtime = 300 > > > > # "maxretry" is the number of failures before a host get banned. > > maxretry = 3 > > > > [asterisk-iptables] > > enable = true > > port = 5060,5061 > > filter = asterisk > > action = iptables-allports[name=ASTERISK, protocol=all] > > sendmail[name=ASTERISK, [email protected], sender= > [email protected]] > > #action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", > protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] > > %(banaction)s[name=%(__name__)s-udp, port="%(port)s", > protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] > > %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"] > > logpath = /var/log/asterisk/messages > > maxretry = 3 > > findtime = 300 > > bantime = -1 > > > > > > in filter.d > > asterisk.conf > > failregex = ^%(__prefix_line)s%(log_prefix)s Registration from '[^']*' > failed for '<HOST>(:¥d+)?' - (Wrong password|Username/auth name mismatch|No > matching peer found|Not a local domain|Device does not match ACL|Peer is > not supposed to register|ACL error ¥(permit/deny¥)|Not a local domain)$ > > ^%(__prefix_line)s%(log_prefix)s Call from '[^']*' > ¥(<HOST>:¥d+¥) to extension '[^']*' rejected because extension not found in > context > > ^%(__prefix_line)s%(log_prefix)s Host <HOST> failed to > authenticate as '[^']*'$ > > ^%(__prefix_line)s%(log_prefix)s No registration for peer > '[^']*' ¥(from <HOST>¥)$ > > ^%(__prefix_line)s%(log_prefix)s Host <HOST> failed MD5 > authentication for '[^']*' ¥([^)]+¥)$ > > ^%(__prefix_line)s%(log_prefix)s Failed to authenticate > (user|device) [^@]+@<HOST>¥S*$ > > ^%(__prefix_line)s%(log_prefix)s hacking attempt detected > '<HOST>'$ > > ^%(__prefix_line)s%(log_prefix)s SecurityEvent="(FailedACL| > InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="([¥ > d-]+|%(iso8601)s)",Severity="[¥w]+",Service="[¥w]+", > EventVersion="¥d+",AccountID="(¥d*|<unknown>)",SessionID=".+ > ",LocalAddress="IPV[46]/(UDP|TCP|WS)/[¥da-fA-F:.]+/¥d+", > RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HOST>/¥d+"(,Challenge="[¥w/]+")?(, > ReceivedChallenge="¥w+")?(,Response="¥w+",ExpectedResponse="¥w*")?(, > ReceivedHash="[¥da-f]+")?(,ACLName="¥w+")?$ > > ^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP > connection from <HOST>"$ > > ^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from > '[^']*' failed for '<HOST>(?::¥d+)?'¥s¥(callid: [^¥)]*¥) - (?:No matching > endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to > authenticate)¥s*$ > > > > failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - > Wrong password > > NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - > No matching peer found > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No > matching peer found > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - > Username/auth name mismatch > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - > Device does not match ACL > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Peer > is not supposed to register > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - ACL > error (permit/deny) > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - > Device does not match ACL > > NOTICE.* <HOST> failed to authenticate as '.*'$ > > NOTICE.* .*: No registration for peer '.*' ¥(from <HOST>¥) > > NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' > (.*) > > NOTICE.* .*: Failed to authenticate user .*@<HOST>.* > > NOTICE.* .*: Sending fake auth rejection for device > .*¥<sip:.*¥@<HOST>¥>;tag=.* > > NOTICE.* .*: Registration from '¥".*¥".*' failed for '<HOST>' > - No matching peer found > > NOTICE.* .*: Registration from '¥".*¥".*' failed for '<HOST>' > - Wrong password > > > > ignoreregex = > > > > Thanks > > Motty > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk. > org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- Best regards Antony tel. +380669197533 tel2. +380636564340 Paypal http://paypal.me/Satskiy <http://paypal.me/Satskiy?ppid=PPC000654&cnac=PL&rsta=en_PL(en_DK)&cust=NN8XJS9XEP22C&unptid=21db79ac-ef8d-11e5-9553-9c8e992ea258&t=&cal=4d776c21ca7d2&calc=4d776c21ca7d2&calf=4d776c21ca7d2&unp_tpcid=ppme-social-business-profile-created&page=main:email&pgrp=main:email&e=op&mchn=em&s=ci&mail=sys> [email protected] <mail%[email protected]>
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
