github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

MRG: merge in freeswitch

pull/559/head
Daniel Black 2014-01-04 12:24:40 +11:00
parent 973cef3f52 69b3a1cf64
commit 23f0b854da
4 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -54,6 +54,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
- filter.d/nsd.conf -- also amended Unix date template to match nsd format - filter.d/nsd.conf -- also amended Unix date template to match nsd format
- Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543 - Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543
- Added filter.d/horde - Added filter.d/horde
- Added filter for freeswitch. Thanks Jim and editors and authors of
http://wiki.freeswitch.org/wiki/Fail2ban
- Enhancements: - Enhancements:
- loglines now also report "[PID]" after the name portion - loglines now also report "[PID]" after the name portion

21
config/filter.d/freeswitch.conf Normal file
View File

@ -0,0 +1,21 @@
# Fail2Ban configuration file
#
# In freeswitch configuration: <param name="log-auth-failures" value="true"/>
#
# In the fail2ban jail.local file for this filter set ignoreip to the internal
# IP addresses on your LAN.
#
[Definition]
failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>$
^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\] from <HOST>$
ignoreregex =
# Author: Rupa SChomaker, soapee01, Daniel Black
# http://wiki.freeswitch.org/wiki/Fail2ban
# Thanks to Jim on mailing list of samples and guidance
#
# No need to match the following. Its a duplicate of the SIP auth regex.
# ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$

11
config/jail.conf
View File

@ -382,6 +382,17 @@ action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
logpath = /var/log/asterisk/messages logpath = /var/log/asterisk/messages
maxretry = 10 maxretry = 10
[freeswitch]
enabled = false
filter = freeswitch
logpath = /var/log/freeswitch.log
maxretry = 10
action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
# Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed ) # Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
# use [asterisk] for new jails # use [asterisk] for new jails
[asterisk-tcp] [asterisk-tcp]

11
testcases/files/logs/freeswitch Normal file
View File

@ -0,0 +1,11 @@
# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "81.94.202.251" }
2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:1533 SIP auth challenge (INVITE) on sofia profile 'internal' for [011448708752617@192.168.2.51] from ip 81.94.202.251
# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "5.11.47.236" }
2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:1478 SIP auth failure (INVITE) on sofia profile 'internal' for [000972543480510@192.168.2.51] from ip 5.11.47.236
# failJSON: { "time": "2013-12-31T17:39:54", "match": false }
2013-12-31 17:39:54.767815 [DEBUG] sofia.c:7954 IP 185.24.234.141 Rejected by acl "domains". Falling back to Digest auth.
# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "5.11.47.236" }
2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:2531 Can't find user [1001@192.168.2.51] from 5.11.47.236
# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "185.24.234.141" }
2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:2531 Can't find user [100@192.168.2.51] from 185.24.234.141