Merge remote-tracking branch 'gh-magicrhesus/master'

* gh-magicrhesus/master: Add the INCLUDE section to use __pid_re feature Disable asterisk jail by default Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports Change NOTICE by NOTICE%(__pid_re)s Remove custom bantime Add sample log file for asterisk Add $ at the end of the failregex Add asterisk support Conflicts: config/jail.conf -- placed asterisk jails before recidive and added blank lines after the jail headers
2012-02-28 12:03:16 -05:00 · 2012-02-28 12:03:16 -05:00 · 71a3fb17e2
parent 42dd05210a 8c00ce0a65
commit 71a3fb17e2
3 changed files with 68 additions and 0 deletions
--- a/config/filter.d/asterisk.conf
+++ b/config/filter.d/asterisk.conf
@ -0,0 +1,39 @@
+# Fail2Ban configuration file
+#
+# Author: Xavier Devlamynck
+#
+# $Revision$
+#
+
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Wrong password$
+            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - No matching peer found$
+            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch$
+            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL$
+            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Peer is not supposed to register$
+            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - ACL error (permit/deny)$
+            NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$
+            NOTICE%(__pid_re)s .*: No registration for peer '.*' \(from <HOST>\)$
+            NOTICE%(__pid_re)s .*: Host <HOST> failed MD5 authentication for '.*' (.*)$
+            NOTICE%(__pid_re)s .*: Failed to authenticate user .*@<HOST>.*$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
--- a/config/jail.conf
+++ b/config/jail.conf
@ -264,6 +264,24 @@ action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
 logpath  = /var/log/named/security.log
 ignoreip = 168.192.0.1

+[asterisk-tcp]
+
+enabled  = false
+filter   = asterisk
+action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
+           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
+logpath  = /var/log/asterisk/messages
+maxretry = 10
+
+[asterisk-udp]
+
+enabled  = false
+filter	 = asterisk
+action   = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
+           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
+logpath  = /var/log/asterisk/messages
+maxretry = 10
+
 # Jail for more extended banning of persistent abusers
 # !!! WARNING !!!
 #   Make sure that your loglevel specified in fail2ban.conf/.local
--- a/testcases/files/logs/asterisk
+++ b/testcases/files/logs/asterisk
@ -0,0 +1,11 @@
+# Sample log files for asterisk 
+[2012-02-13 17:21:54] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - Wrong password
+[2012-02-13 17:18:22] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - No matching peer found
+[2012-02-13 17:21:21] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - Username/auth name mismatch
+[2012-02-13 17:32:01] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - Device does not match ACL
+[2012-02-13 17:34:10] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - Peer is not supposed to register
+[2012-02-13 17:36:23] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - ACL error (permit/deny)
+[2012-02-13 17:53:59] NOTICE[1638] chan_iax2.c: Host 1.2.3.4 failed to authenticate as 'Fail2ban'
+[2012-02-13 17:39:20] NOTICE[1638] chan_iax2.c: No registration for peer 'Fail2ban' (from 1.2.3.4)
+[2012-02-13 17:44:26] NOTICE[1638] chan_iax2.c: Host 1.2.3.4 failed MD5 authentication for 'Fail2ban' (e7df7cd2ca07f4f1ab415d457a6e1c13 != 53ac4bc41ee4ec77888ed4aa50677247)
+[2012-02-13 17:37:07] NOTICE[1638] chan_sip.c: Failed to authenticate user "Fail2ban" <sip:301@1.2.3.4>;tag=1r698745234