On Mon, 2020-11-23 at 16:22 -0500, Sean Bright wrote: > On 11/23/2020 4:09 AM, Mohit Dhiman wrote: > > can anyone please recommend any existing external scripts that can > > parse the Asterisk security logs and possibly take appropriate > > actions like IP blocking. > > Fail2ban
I wrote one years ago that I still use: https://github.com/fredposner/scripts/blob/master/asterisk/check-failed-regs.pl You'll need to make a chain called "asterisk" in iptables. Also, we started providing a pro-active block to sip attacks with apiban in January. There's a go client that will update iptables as well: https://github.com/palner/apiban -- Fred Posner f...@qxork.com https://qxork.com Direct/SMS: +1 (336) 439-3733 Need Fred? Call Fred. 336-HEY-FRED Matrix: @fred:matrix.lod.com -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
