[AsteriskBrasil] Fail2Ban não bloqueia ataque

Silvio Garbes silviogarbes em gmail.com
Segunda Fevereiro 4 11:36:50 BRST 2013 

Em resposta a mensagem de "João Marcelo Queiroz" na pergunta de "Fail2Ban
não bloqueia ataque" em "Quarta Janeiro 5 10:40:26 BRST 2011".

Estive com o mesmo problema e descobri que da versão 1.8 do asterisk para a
versão 1.4 deve-se alterar o arquivo
"/etc/fail2ban/filter.d/asterisk.conf". No log do asterisk da versão 1.8 ou
superior a porta de destino vem junto com o log.

De:
failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - Wrong password$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - No matching peer found$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - Username/auth name mismatch$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - Device does not match ACL$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - Peer is not supposed to register$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - ACL error (permit/deny)$
            NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$
            NOTICE%(__pid_re)s .*: No registration for peer '.*' \(from
<HOST>\)$
            NOTICE%(__pid_re)s .*: Host <HOST> failed MD5 authentication
for '.*' (.*)$
            NOTICE%(__pid_re)s .*: Failed to authenticate user .*@<HOST>.*$


Para:
failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>:.*' - Wrong password$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>:.*' - No matching peer found$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>:.*' - Username/auth name mismatch$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>:.*' - Device does not match ACL$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>:.*' - Peer is not supposed to register$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>:.*' - ACL error (permit/deny)$
            NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$
            NOTICE%(__pid_re)s .*: No registration for peer '.*' \(from
<HOST>\)$
            NOTICE%(__pid_re)s .*: Host <HOST> failed MD5 authentication
for '.*' (.*)$
            NOTICE%(__pid_re)s .*: Failed to authenticate user .*@<HOST>.*$


Cordialmente,

Sílvio Garbes Lara
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20130204/946e95d5/attachment.htm

Mais detalhes sobre a lista de discussão AsteriskBrasil