Привет.
Помогите плиз
Замучился просто капец какой то, 2 дня а результат нулевой
Имеется asterisk 1.8
fail2ban 0.8
fail2ban-ssh банит и присылает уведомления, а вот по sip нет.
Перепробовал уже все шаблоны что нашел в интернете.
Вот конфиги:
asterisk.conf
# Fail2Ban configuration file
#
#
# $Revision: 251 $
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
# Asterisk 1.8 uses Host:Port format which is reflected here
failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Wrong password
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Device does not match ACL
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Peer is not supposed to register
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - ACL error (permit/deny)
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Device does not match ACL
NOTICE.* .*: Registration from '\".*\".*' failed for '<HOST>:.*' - No matching peer found
NOTICE.* .*: Registration from '\".*\".*' failed for '<HOST>:.*' - Wrong password
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
NOTICE.* .*: <HOST> failed to authenticate as '.*'
NOTICE.* .*: <HOST> tried to authenticate with nonexistent user '.*'
VERBOSE.*SIP/<HOST>-.*Received incoming SIP connection from unknown peer
...
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
jail.conf
[ssh]
enabled = true
port = ssh
bantime = 3600
filter = sshd
logpath = /var/log/auth.log
maxretry = 4
bantime = 86400
[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=root, sender=root@pbx.idp.com.ua]
logpach = /var/log/asterisk/messages
maxretry = 5
bantime = 259200
findtime = 3600
fail2ban-regex /var/log/asterisk/messages /etc/fail2ban/filter.d/asterisk.conf
Running tests
=============
Use failregex filter file : asterisk, basedir: /etc/fail2ban
Use log file : /var/log/asterisk/messages
Use encoding : UTF-8
Results
=======
Failregex: 116334 total
|- #) [# of hits] regular expression
| 1) [34594] NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Wrong password
| 2) [81740] NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching peer found
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [95453] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)?
`-
Lines: 123861 lines, 0 ignored, 116334 matched, 7527 missed [processed in 19.08 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 7527 lines
спросил
2015-09-29 17:26:56 +0400
Аноним
обновитесь с версии epel - там уже банит нормально
awsswa ( 2015-09-29 17:32:15 +0400 )редактироватьИзвиняюсь за тупой вопрос но epel это как?
testsia ( 2015-09-29 17:37:42 +0400 )редактироватьУ меня ubuntu ставил apt-get install fail2ban
testsia ( 2015-09-29 17:39:18 +0400 )редактировать