Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [asterisk-tcp]
- enabled = true
- filter = asterisk
- action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
- # sendmail-whois[My Server, dest=myemail@example.com, sender=fail2ban@myserversdomainame.com]
- logpath = /var/log/asterisk/messages
- bantime = 604800 ; 1 week
- findtime = 28800 ; 1 day
- maxretry = 4
- [asterisk-udp]
- enabled = true
- filter = asterisk
- action = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
- # sendmail-whois[name=My Server, dest=myemail@example.com, sender=fail2ban@myserversdomainame.com]
- logpath = /var/log/asterisk/messages
- bantime = 604800 ; 1 week
- findtime = 28800 ; 1 day
- maxretry = 4
- [asterisk-iptables]
- enabled = true
- filter = asterisk
- action = iptables-allports[name=asterisk, protocol=all]
- # sendmail-whois[name=My Server, dest=myemail@example.com, sender=fail2ban@myserversdomainame.com]
- logpath = /var/log/asterisk/security
- bantime = 604800 ; 1 week
- findtime = 28800 ; 1 day
- maxretry = 4
- # Fail2Ban configuration file
- #
- #
- # $Revision: 250 $
- #
- [INCLUDES]
- # Read common prefixes. If any customizations available -- read them from
- # common.local
- #before = common.conf
- [Definition]
- #_daemon = asterisk
- # Option: failregex
- # Notes.: regex to match the password failures messages in the logfile. The
- # host must be matched by a group named "host". The tag "<HOST>" can
- # be used for standard IP/hostname matching and is only an alias for
- # (?:::f{4,6}:)?(?P<host>\S+)
- # Values: TEXT
- #
- failregex = SECURITY.* SecurityEvent="FailedACL".*RemoteAddress=".+?/.+?/<HOST>/.+?".*
- SECURITY.* SecurityEvent="InvalidAccountID".*RemoteAddress=".+?/.+?/<HOST>/.+?".*
- SECURITY.* SecurityEvent="ChallengeResponseFailed".*RemoteAddress=".+?/.+?/<HOST>/.+?".*
- SECURITY.* SecurityEvent="InvalidPassword".*RemoteAddress=".+?/.+?/<HOST>/.+?".*
- # Option: ignoreregex
- # Notes.: regex to ignore. If this regex matches, the line is ignored.
- # Values: TEXT
- #
- ignoreregex =
- [2015-04-23 13:29:52] SECURITY[30549] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1429810192-157871",Severity="Error",Service="SIP",EventVersion="2",AccountID="100",SessionID="0x7ff24806a428",LocalAddress="IPV4/UDP/50.248.225.203/5060",RemoteAddress="IPV4/UDP/192.187.115.214/5104",Challenge="1e883ad3",ReceivedChallenge="1e883ad3",ReceivedHash="94a91e1acaa21aba706fb3fdb8806d55"
- [2015-04-23 13:29:58] SECURITY[30549] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1429810198-858898",Severity="Error",Service="SIP",EventVersion="2",AccountID="2001",SessionID="0x7ff24805d1f8",LocalAddress="IPV4/UDP/50.248.225.203/5060",RemoteAddress="IPV4/UDP/192.187.115.214/5084",Challenge="24e9888e",ReceivedChallenge="24e9888e",ReceivedHash="3fd246592e70bc79f4d89a12a3fbc7c1"
- [2015-04-23 13:30:08] SECURITY[30549] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1429810208-121434",Severity="Error",Service="SIP",EventVersion="2",AccountID="311",SessionID="0x7ff2480efa08",LocalAddress="IPV4/UDP/50.248.225.203/5060",RemoteAddress="IPV4/UDP/192.187.115.214/5064",Challenge="42496ecf",ReceivedChallenge="42496ecf",ReceivedHash="7b299606203187ef0b1d17b67f4cd16d"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement