Fail2ban asterisk AMI jail properties

fail2ban

(Stéphane de Labrusse) #21

(Stéphane de Labrusse) #22

Hi laylow

Would you mind to do some QA testing

Basically install nethserver-fail2ban from testing

yum install nethserver-fail2ban --enablerepo=nethserver-testing

then try to auto ban yourself from AMI or wait that other do it for you

Thank in advance


(HF) #23

Will do tonight. Thanks!


(HF) #24

Everything up and running. Now harvasting attempts.


(Alessio Fattorini) #25

I love this man!
@stephdl thanks so much.


(HF) #26

@stephdl,

as per previous message, I installed the testing update. However I still get emails from fail2ban of 100+ or 200+ attempts:


Hi,

The IP 1.180.17.236 has just been banned by Fail2Ban after
283 attempts against asterisk.

Here is more information about 1.180.17.236


fail2ban-regex /var/log/asterisk/full /etc/fail2ban/filter.d/asterisk.conf --print-all-missed

shows no attempts (just normal asterisk log entries)

Would it be possible that the mails be about ‘cached’ banned IP’s or something like that?


I wonder if I miss a jail?


(Stéphane de Labrusse) #27

check the maxretry set for this jail, after that the --print-all-matched could be interested also, we could known what was caught


(Stéphane de Labrusse) #28

verified and released as update