MRG: merge in freeswitch

2014-01-04 12:24:40 +11:00 · 2014-01-04 12:24:40 +11:00 · 23f0b854da
parent 973cef3f52 69b3a1cf64
commit 23f0b854da
4 changed files with 45 additions and 0 deletions
--- a/2
+++ b/2
@ -54,6 +54,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
  - filter.d/nsd.conf -- also amended Unix date template to match nsd format
  - Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543
  - Added filter.d/horde
+  - Added filter for freeswitch. Thanks Jim and editors and authors of 
+    http://wiki.freeswitch.org/wiki/Fail2ban

 - Enhancements:
  - loglines now also report "[PID]" after the name portion
--- a/config/filter.d/freeswitch.conf
+++ b/config/filter.d/freeswitch.conf
@ -0,0 +1,21 @@
+# Fail2Ban configuration file
+#
+# In freeswitch configuration: <param name="log-auth-failures" value="true"/>
+#
+# In the fail2ban jail.local file for this filter set ignoreip to the internal
+# IP addresses on your LAN.
+#
+
+[Definition]
+
+failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>$
+            ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\] from <HOST>$
+
+ignoreregex =
+
+# Author: Rupa SChomaker, soapee01, Daniel Black
+# http://wiki.freeswitch.org/wiki/Fail2ban
+# Thanks to Jim on mailing list of samples and guidance
+#
+# No need to match the following. Its a duplicate of the SIP auth regex.
+#  ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$
--- a/config/jail.conf
+++ b/config/jail.conf
@ -382,6 +382,17 @@ action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
 logpath  = /var/log/asterisk/messages
 maxretry = 10

+
+[freeswitch]
+
+enabled  = false
+filter   = freeswitch
+logpath  = /var/log/freeswitch.log
+maxretry = 10
+action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
+           iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
+
+
 #  Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
 #  use [asterisk] for new jails
 [asterisk-tcp]
--- a/testcases/files/logs/freeswitch
+++ b/testcases/files/logs/freeswitch
@ -0,0 +1,11 @@
+# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "81.94.202.251" }
+2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:1533 SIP auth challenge (INVITE) on sofia profile 'internal' for [011448708752617@192.168.2.51] from ip 81.94.202.251
+# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "5.11.47.236" }
+2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:1478 SIP auth failure (INVITE) on sofia profile 'internal' for [000972543480510@192.168.2.51] from ip 5.11.47.236
+# failJSON: { "time": "2013-12-31T17:39:54", "match": false }
+2013-12-31 17:39:54.767815 [DEBUG] sofia.c:7954 IP 185.24.234.141 Rejected by acl "domains". Falling back to Digest auth.
+
+# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "5.11.47.236" }
+2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:2531 Can't find user [1001@192.168.2.51] from 5.11.47.236
+# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "185.24.234.141" }
+2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:2531 Can't find user [100@192.168.2.51] from 185.24.234.141