Le 08/06/2019 à 05:20, John T. Bittner a écrit :
Hopefully, this helps someone else.
This seems to be working for me.
# Fail2Ban configuration file
[INCLUDES]
#before = common.conf
[Definition]
failregex = NOTICE.* .*: Request \'REGISTER\' from '.*' failed for
'<HOST>:.*' .* - No matching endpoint found
NOTICE.* .*: Request \'REGISTER\' from '.*' failed for
'<HOST>:.*' .* - Failed to authenticate
NOTICE.* .*: Request \'REGISTER\' from '.*' failed for
'<HOST>:.*' .* - Error to authenticate
NOTICE.* .*: Request \'INVITE\' from '.*' failed for
'<HOST>:.*' .*
John Bittner
Xaccel
[...]
We have this rules:
[INCLUDES]
# Read common prefixes. If any customizations available -- read them
from
# common.local
before = common.conf
[Definition]
_daemon = asterisk
__pid_re = (?:\s*\[\d+\])
iso8601 = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+[+-]\d{4}
# All Asterisk log messages begin like this:
log_prefix= (?:NOTICE|SECURITY|WARNING)%(__pid_re)s:?(?:\[C-[\da-f]*\])?
[^:]+:\d*(?:(?: in)? \w+:)?
prefregex = ^%(__prefix_line)s%(log_prefix)s <F-CONTENT>.+</F-CONTENT>$
failregex = ^Registration from '[^']*' failed for '<HOST>(:\d+)?' -
(?:Wrong password|Username/auth name mismatch|No matching peer found|Not
a local domain|Device does not ma
tch ACL|Peer is not supposed to register|ACL error \(permit/deny\)|Not a
local domain)$
^Call from '[^']*' \(<HOST>:\d+\) to extension '[^']*'
rejected because extension not found in context
^(?:Host )?<HOST> (?:failed (?:to authenticate\b|MD5
authentication\b)|tried to authenticate with nonexistent user\b)
^No registration for peer '[^']*' \(from <HOST>\)$
^hacking attempt detected '<HOST>'$
^SecurityEvent="(?:FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)"(?:(?:,(?!RemoteAddress=)\w+="[^"]*")*|.*?),RemoteAddress="IPV[46]/(UDP|TCP
|WS)/<HOST>/\d+"(?:,(?!RemoteAddress=)\w+="[^"]*")*$
^"Rejecting unknown SIP connection from <HOST>"$
^Request (?:'[^']*' )?from '(?:[^']*|.*?)' failed for
'<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - (?:No matching endpoint
found|Not match Endpoint(?: Contact)? ACL|(?
:Failed|Error) to authenticate)\s*$
# FreePBX (todo: make optional in v.0.10):
#
^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])?
)[^:]+: Friendly Scanner from <HOST>$
ignoreregex =
datepattern = {^LN-BEG}
# Author: Xavier Devlamynck / Daniel Black
--
Daniel
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
