Fail2ban asterisk AMI jail properties

stephdl · January 29, 2019, 7:49pm

stephdl · February 6, 2019, 3:30pm

Hi laylow

Would you mind to do some QA testing

Basically install nethserver-fail2ban from testing

yum install nethserver-fail2ban --enablerepo=nethserver-testing

then try to auto ban yourself from AMI or wait that other do it for you

Thank in advance

LayLow · February 6, 2019, 4:14pm

Will do tonight. Thanks!

LayLow · February 7, 2019, 11:48am

Everything up and running. Now harvasting attempts.

alefattorini · February 7, 2019, 3:34pm

I love this man!
@stephdl thanks so much.

LayLow · February 8, 2019, 6:28am

as per previous message, I installed the testing update. However I still get emails from fail2ban of 100+ or 200+ attempts:

Hi,

The IP 1.180.17.236 has just been banned by Fail2Ban after
283 attempts against asterisk.

Here is more information about 1.180.17.236

fail2ban-regex /var/log/asterisk/full /etc/fail2ban/filter.d/asterisk.conf --print-all-missed

shows no attempts (just normal asterisk log entries)

Would it be possible that the mails be about ‘cached’ banned IP’s or something like that?

I wonder if I miss a jail?

stephdl · February 8, 2019, 2:39pm

check the maxretry set for this jail, after that the --print-all-matched could be interested also, we could known what was caught

stephdl · February 11, 2019, 6:18pm

verified and released as update