mirror of https://github.com/fail2ban/fail2ban
MRG: merge in freeswitch
commit
23f0b854da
|
@ -54,6 +54,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
|
||||||
- filter.d/nsd.conf -- also amended Unix date template to match nsd format
|
- filter.d/nsd.conf -- also amended Unix date template to match nsd format
|
||||||
- Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543
|
- Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543
|
||||||
- Added filter.d/horde
|
- Added filter.d/horde
|
||||||
|
- Added filter for freeswitch. Thanks Jim and editors and authors of
|
||||||
|
http://wiki.freeswitch.org/wiki/Fail2ban
|
||||||
|
|
||||||
- Enhancements:
|
- Enhancements:
|
||||||
- loglines now also report "[PID]" after the name portion
|
- loglines now also report "[PID]" after the name portion
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
# In freeswitch configuration: <param name="log-auth-failures" value="true"/>
|
||||||
|
#
|
||||||
|
# In the fail2ban jail.local file for this filter set ignoreip to the internal
|
||||||
|
# IP addresses on your LAN.
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>$
|
||||||
|
^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\] from <HOST>$
|
||||||
|
|
||||||
|
ignoreregex =
|
||||||
|
|
||||||
|
# Author: Rupa SChomaker, soapee01, Daniel Black
|
||||||
|
# http://wiki.freeswitch.org/wiki/Fail2ban
|
||||||
|
# Thanks to Jim on mailing list of samples and guidance
|
||||||
|
#
|
||||||
|
# No need to match the following. Its a duplicate of the SIP auth regex.
|
||||||
|
# ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$
|
|
@ -382,6 +382,17 @@ action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
|
||||||
logpath = /var/log/asterisk/messages
|
logpath = /var/log/asterisk/messages
|
||||||
maxretry = 10
|
maxretry = 10
|
||||||
|
|
||||||
|
|
||||||
|
[freeswitch]
|
||||||
|
|
||||||
|
enabled = false
|
||||||
|
filter = freeswitch
|
||||||
|
logpath = /var/log/freeswitch.log
|
||||||
|
maxretry = 10
|
||||||
|
action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
|
||||||
|
iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
|
||||||
|
|
||||||
|
|
||||||
# Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
|
# Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
|
||||||
# use [asterisk] for new jails
|
# use [asterisk] for new jails
|
||||||
[asterisk-tcp]
|
[asterisk-tcp]
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "81.94.202.251" }
|
||||||
|
2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:1533 SIP auth challenge (INVITE) on sofia profile 'internal' for [011448708752617@192.168.2.51] from ip 81.94.202.251
|
||||||
|
# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "5.11.47.236" }
|
||||||
|
2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:1478 SIP auth failure (INVITE) on sofia profile 'internal' for [000972543480510@192.168.2.51] from ip 5.11.47.236
|
||||||
|
# failJSON: { "time": "2013-12-31T17:39:54", "match": false }
|
||||||
|
2013-12-31 17:39:54.767815 [DEBUG] sofia.c:7954 IP 185.24.234.141 Rejected by acl "domains". Falling back to Digest auth.
|
||||||
|
|
||||||
|
# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "5.11.47.236" }
|
||||||
|
2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:2531 Can't find user [1001@192.168.2.51] from 5.11.47.236
|
||||||
|
# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "185.24.234.141" }
|
||||||
|
2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:2531 Can't find user [100@192.168.2.51] from 185.24.234.141
|
Loading…
Reference in New Issue