Thank you guys, I tried fail2ban and it worked but i'll also try Fred's recommendation to see which one will be the best for my use case as I will be deploying the solution to a lot of Asterisk servers.
On Tue, 24 Nov 2020, 3:02 am Fred Posner, <f...@qxork.com> wrote: > On Mon, 2020-11-23 at 16:22 -0500, Sean Bright wrote: > > On 11/23/2020 4:09 AM, Mohit Dhiman wrote: > > > can anyone please recommend any existing external scripts that can > > > parse the Asterisk security logs and possibly take appropriate > > > actions like IP blocking. > > > > Fail2ban > > I wrote one years ago that I still use: > > > > https://github.com/fredposner/scripts/blob/master/asterisk/check-failed-regs.pl > > You'll need to make a chain called "asterisk" in iptables. > > Also, we started providing a pro-active block to sip attacks with > apiban in January. There's a go client that will update iptables as > well: > > https://github.com/palner/apiban > > -- > Fred Posner > f...@qxork.com > https://qxork.com > Direct/SMS: +1 (336) 439-3733 > > Need Fred? Call Fred. 336-HEY-FRED > Matrix: @fred:matrix.lod.com > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-dev mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-dev
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
