>> >> I'm using the Fail2ban. I configuration below. I want to try to >> prevent the continuous password. Fail2ban password that does not >> prevent this form. (Asterisk 1.8 / Elastix interface) >>
hi Asterisk version 1.8 Fail2ban version 0.8.14 config: https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/asterisk.conf But it does not prevent. On Sun, Sep 13, 2015 at 7:11 PM, Carlos Chavez <cur...@telecomabmex.com> wrote: > On 2015-09-13 10:16, Gokan Atmaca wrote: >> >> Hello >> >> I'm using the Fail2ban. I configuration below. I want to try to >> prevent the continuous password. Fail2ban password that does not >> prevent this form. (Asterisk 1.8 / Elastix interface) >> >> What could be the problem ? >> >> Asterisk log; >> "Registration from '<sip:3...@sip.x.eu;transport=UDP>' failed for >> 'x.x.x.x:32956' - Wrong password" >> >> >> Fail2ban asterisk filter; >> >> # Fail2Ban filter for asterisk authentication failures >> # >> >> [INCLUDES] >> >> # Read common prefixes. If any customizations available -- read them from >> >> # common.local >> before = common.conf >> >> >> [Definition] >> >> _daemon = asterisk >> >> __pid_re = (?:\[\d+\]) >> >> # All Asterisk log messages begin like this: >> log_prefix= (?:NOTICE|SECURITY)%(__pid_re)s:?(?:\[C-[\da-f]*\])? >> \S+:\d*( in \w+:)? >> >> failregex = ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Registration >> from '[^']*' failed for '<HOST>(:\d+)?' - (Wrong >> password|Username/auth name mismatch|No m$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Call from >> '[^']*' \(<HOST>:\d+\) to extension '\d+' rejected because extension >> not found in context 'de$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Host <HOST> >> failed to authenticate as '[^']*'$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s No registration >> for peer '[^']*' \(from <HOST>\)$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Host <HOST> >> failed MD5 authentication for '[^']*' \([^)]+\)$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Call from >> '[^']*' \(<HOST>:\d+\) to extension '\d+' rejected because extension >> not found in context 'de$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Host <HOST> >> failed to authenticate as '[^']*'$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s No registration >> for peer '[^']*' \(from <HOST>\)$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Host <HOST> >> failed MD5 authentication for '[^']*' \([^)]+\)$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Failed to >> authenticate (user|device) [^@]+@<HOST>\S*$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s >> (?:handle_request_subscribe: )?Sending fake auth rejection for >> (device|user) \d*<sip:[^@]+@<HOST>>;tag=$ >> ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s >> >> SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="[\d-]+",S$ >> >> ^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])? >> )Ext\. s: "Rejecting unknown SIP connection from <HOST>"$ >> >> ignoreregex = >> >> >> # Author: Xavier Devlamynck / Daniel Black >> # >> # General log format - main/logger.c:ast_log >> # Address format - ast_sockaddr_stringify >> # >> # First regex: channels/chan_sip.c >> # >> # main/logger.c:ast_log_vsyslog - "in {functionname}:" only occurs in s > > > In the fail2ban website they have several versions of asterisk.conf > depending on the version of Asterisk you are using. If you have the latest > fail2ban that one has the version for Asterisk 11. Go there and download > the correct version for your setup. > > -- > Telecomunicaciones Abiertas de México S.A. de C.V. > Carlos Chávez > dCAP #1349 > +52 (55)9116-91161 > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
