<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Se for asterisk 1.8<br>
    <br>
    <meta http-equiv="content-type" content="text/html;
      charset=ISO-8859-1">
    <a
href="http://tuxmarcial.blogspot.com.br/2013/02/fail2ban-no-asterisk-18.html">http://tuxmarcial.blogspot.com.br/2013/02/fail2ban-no-asterisk-18.html</a><br>
    <br>
    <div class="moz-cite-prefix">Em 28-03-2013 17:23, Andr&eacute; Luis Ribeiro
      escreveu:<br>
    </div>
    <blockquote
cite="mid:CAG-+K=RqLyWAiN8xqQ_ynmG6YyZtLrpGxn4uqQ-kiNjJW0H1yg@mail.gmail.com"
      type="cite">
      <div dir="ltr">Boa Tarde
        <div><br>
        </div>
        <div>Cara, eu uso esse script para instalar nos meus servidores.
          Em todos os meus funcionam</div>
        <div><br>
        </div>
        <div>
          <div>apt-get -y install fail2ban</div>
          <div>echo "[asterisk-iptables]" &gt;&gt;
            /etc/fail2ban/jail.conf</div>
          <div>echo "enabled = true" &gt;&gt; /etc/fail2ban/jail.conf</div>
          <div>echo "filter = asterisk" &gt;&gt; /etc/fail2ban/jail.conf</div>
          <div>echo "action = iptables-allports[name=ASTERISK,
            protocol=all]" &gt;&gt; /etc/fail2ban/jail.conf</div>
          <div>echo "sendmail-whois[name=ASTERISK, dest=root, sender=<a
              moz-do-not-send="true" href="mailto:fail2ban@example.org">fail2ban@example.org</a>]"
            &gt;&gt; /etc/fail2ban/jail.conf</div>
          <div>echo "logpath = /var/log/asterisk/messages" &gt;&gt;
            /etc/fail2ban/jail.conf</div>
          <div>sed -i 's/bantime &nbsp;= 600/bantime &nbsp;= 7600/g'
            /etc/fail2ban/jail.conf</div>
          <div>sed -i 's/maxretry = 3/maxretry = 6/g'
            /etc/fail2ban/jail.conf</div>
          <div>touch /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>
            echo "" &gt; /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo "[INCLUDES]" &gt;&gt;
            /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo "" &gt;&gt; /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo "[Definition]" &gt;&gt;
            /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo "failregex = ^.* .*NOTICE.* .*: Registration from
            '.*' failed for '&lt;HOST&gt;' - Wrong password" &gt;&gt;
            /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo " &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ^.* .*NOTICE.* .*: Registration from
            '.*' failed for '&lt;HOST&gt;' - No matching peer found"
            &gt;&gt; /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo " &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ^.* .*NOTICE.* .*: Registration from
            '.*' failed for '&lt;HOST&gt;' - Username/auth name
            mismatch" &gt;&gt; /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo " &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ^.* .*NOTICE.* .*: Registration from
            '.*' failed for '&lt;HOST&gt;' - Device does not match ACL"
            &gt;&gt; /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo " &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ^.* .*NOTICE.* &lt;HOST&gt; failed to
            authenticate as '.*'\$" &gt;&gt;
            /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo " &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ^.* .*NOTICE.* .*: No registration for
            peer '.*' \(from &lt;HOST&gt;\)" &gt;&gt;
            /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo " &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ^.* .*NOTICE.* .*: Host &lt;HOST&gt;
            failed MD5 authentication for '.*' (.*)" &gt;&gt;
            /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo " &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ^.* .*NOTICE.* .*: Failed to
            authenticate user .*@&lt;HOST&gt;.*" &gt;&gt;
            /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo " &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ^.* .*NOTICE.* .*: Registration from
            '.*' failed for '&lt;HOST&gt;' - Device not configured to
            use this transport type" &gt;&gt;
            /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo " &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ^.* .*NOTICE.* .*: .*: Registration from
            '.*' failed for '&lt;HOST&gt;' - Device not configured to
            use this transport type" &gt;&gt;
            /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>echo "ignoreregex =" &gt;&gt;
            /etc/fail2ban/filter.d/asterisk.conf</div>
          <div>sed -i 's/dateformat=.*/dateformat=%F %T/g'
            /etc/asterisk/logger.conf</div>
          <div>sed -i '/^messages/d' /etc/asterisk/logger.conf</div>
          <div>echo "messages =&gt; verbose,warning,error,notice"
            &gt;&gt; /etc/asterisk/logger.conf</div>
          <div>asterisk -rx "logger reload"</div>
          <div><br>
          </div>
          <div class="gmail_extra"><br>
            <br>
            <div class="gmail_quote">
              On Mon, Feb 4, 2013 at 11:36 AM, Silvio Garbes <span
                dir="ltr">&lt;<a moz-do-not-send="true"
                  href="mailto:silviogarbes@gmail.com" target="_blank">silviogarbes@gmail.com</a>&gt;</span>
              wrote:<br>
              <blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                Em resposta a mensagem de "Jo&atilde;o Marcelo Queiroz"&nbsp;na
                pergunta de "Fail2Ban n&atilde;o bloqueia ataque" em "Quarta
                Janeiro 5 10:40:26 BRST 2011".
                <div><br>
                </div>
                <div>Estive com o mesmo problema e descobri que da
                  vers&atilde;o 1.8 do asterisk para a vers&atilde;o 1.4 deve-se
                  alterar o arquivo
                  "/etc/fail2ban/filter.d/asterisk.conf". No log do
                  asterisk da vers&atilde;o 1.8 ou superior a porta de destino
                  vem junto com o log.</div>
                <div><br>
                </div>
                <div>De:</div>
                <div>
                  <div>failregex = NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;' - Wrong
                    password$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;' - No matching
                    peer found$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;' - Username/auth
                    name mismatch$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;' - Device does
                    not match ACL$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;' - Peer is not
                    supposed to register$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;' - ACL error
                    (permit/deny)$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s &lt;HOST&gt;
                    failed to authenticate as '.*'$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: No
                    registration for peer '.*' \(from &lt;HOST&gt;\)$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Host
                    &lt;HOST&gt; failed MD5 authentication for '.*'
                    (.*)$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Failed to
                    authenticate user .*@&lt;HOST&gt;.*$</div>
                </div>
                <div><br>
                </div>
                <div><br>
                </div>
                <div>Para:</div>
                <div>
                  <div>failregex = NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;:.*' - Wrong
                    password$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;:.*' - No matching
                    peer found$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;:.*' -
                    Username/auth name mismatch$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;:.*' - Device does
                    not match ACL$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;:.*' - Peer is not
                    supposed to register$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Registration
                    from '.*' failed for '&lt;HOST&gt;:.*' - ACL error
                    (permit/deny)$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s &lt;HOST&gt;
                    failed to authenticate as '.*'$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: No
                    registration for peer '.*' \(from &lt;HOST&gt;\)$</div>
                  <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Host
                    &lt;HOST&gt; failed MD5 authentication for '.*'
                    (.*)$</div>
                  <div>
                    &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; NOTICE%(__pid_re)s .*: Failed to
                    authenticate user .*@&lt;HOST&gt;.*$</div>
                </div>
                <div><br>
                </div>
                <div><br clear="all">
                  <div>Cordialmente,<br>
                    <br>
                    S&iacute;lvio Garbes Lara<br>
                    <br>
                  </div>
                </div>
                <br>
                _______________________________________________<br>
                EBS MODULAR: 3 slots para combina&ccedil;&atilde;o entre E1, GSM, FXS
                ou FXO;<br>
                Linha de PORTEIROS IP, abrem at&eacute; 2 dispositivos com
                acesso IP remoto;<br>
                Conhe&ccedil;a esses e outros LAN&Ccedil;AMENTOS KHOMP em <a
                  moz-do-not-send="true" href="http://www.Khomp.com"
                  target="_blank">www.Khomp.com</a>&nbsp;<br>
                _______________________________________________<br>
                DIGIVOICE &nbsp;Fabricante de Placas de Voz e Channel Bank<br>
                20 anos de experi&ecirc;ncia com E1(R2/ISDN), FXS, FXO e GSM<br>
                Centro Treinamento - Curso de PABX IP - &nbsp;Asterisk &nbsp;-
                Site &nbsp;<a moz-do-not-send="true"
                  href="http://www.digivoice.com.br" target="_blank">www.digivoice.com.br</a><br>
                _______________________________________________<br>
                ALIGERA &#8211; Fabricante nacional de Gateways SIP-E1 para
                R2, ISDN e SS7.<br>
                Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.<br>
                Channel Bank &#8211; Appliance Asterisk - Acesse <a
                  moz-do-not-send="true"
                  href="http://www.aligera.com.br" target="_blank">www.aligera.com.br</a>.<br>
                _______________________________________________<br>
                Para remover seu email desta lista, basta enviar um
                email em branco para <a moz-do-not-send="true"
                  href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
              </blockquote>
            </div>
            <br>
            <br clear="all">
            <div><br>
            </div>
            -- <br>
            ___________________________________________<br>
            Andr&eacute; Luis Peres Ribeiro&nbsp; &nbsp;&nbsp; 16 92340876
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
Intercomunicadores para acesso remoto via rede IP. Conhe&ccedil;a em <a class="moz-txt-link-abbreviated" href="http://www.Khomp.com">www.Khomp.com</a>.
_______________________________________________
DIGIVOICE  Fabricante de Placas de Voz e Channel Bank
20 anos de experi&ecirc;ncia com E1(R2/ISDN), FXS, FXO e GSM
Centro Treinamento - Curso de PABX IP -  Asterisk  - Site  <a class="moz-txt-link-abbreviated" href="http://www.digivoice.com.br">www.digivoice.com.br</a>
_______________________________________________
ALIGERA &#8211; Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
Channel Bank &#8211; Appliance Asterisk - Acesse <a class="moz-txt-link-abbreviated" href="http://www.aligera.com.br">www.aligera.com.br</a>.
_______________________________________________
Para remover seu email desta lista, basta enviar um email em branco para <a class="moz-txt-link-abbreviated" href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a></pre>
    </blockquote>
    <br>
  </body>
</html>