Fail2ban asterisk AMI jail properties

stephdl · 2019-01-29 19:49:26 UTC

stephdl · 2019-02-06 15:30:17 UTC

Hi laylow

Would you mind to do some QA testing

Basically install nethserver-fail2ban from testing

yum install nethserver-fail2ban --enablerepo=nethserver-testing

then try to auto ban yourself from AMI or wait that other do it for you

Thank in advance

LayLow · 2019-02-06 16:14:31 UTC

Will do tonight. Thanks!

LayLow · 2019-02-07 11:48:51 UTC

Everything up and running. Now harvasting attempts.

alefattorini · 2019-02-07 15:34:10 UTC

I love this man!
@stephdl thanks so much.

LayLow · 2019-02-08 06:28:05 UTC

as per previous message, I installed the testing update. However I still get emails from fail2ban of 100+ or 200+ attempts:

Hi,

The IP 1.180.17.236 has just been banned by Fail2Ban after
283 attempts against asterisk.

Here is more information about 1.180.17.236

fail2ban-regex /var/log/asterisk/full /etc/fail2ban/filter.d/asterisk.conf --print-all-missed

shows no attempts (just normal asterisk log entries)

Would it be possible that the mails be about ‘cached’ banned IP’s or something like that?

I wonder if I miss a jail?

stephdl · 2019-02-08 14:39:49 UTC

check the maxretry set for this jail, after that the --print-all-matched could be interested also, we could known what was caught

stephdl · 2019-02-11 18:18:52 UTC

verified and released as update