Fail2ban asterisk AMI jail properties


(Stéphane de Labrusse) #21

(Stéphane de Labrusse) #22

Hi laylow

Would you mind to do some QA testing

Basically install nethserver-fail2ban from testing

yum install nethserver-fail2ban --enablerepo=nethserver-testing

then try to auto ban yourself from AMI or wait that other do it for you

Thank in advance

(HF) #23

Will do tonight. Thanks!

(HF) #24

Everything up and running. Now harvasting attempts.

(Alessio Fattorini) #25

I love this man!
@stephdl thanks so much.

(HF) #26


as per previous message, I installed the testing update. However I still get emails from fail2ban of 100+ or 200+ attempts:


The IP has just been banned by Fail2Ban after
283 attempts against asterisk.

Here is more information about

fail2ban-regex /var/log/asterisk/full /etc/fail2ban/filter.d/asterisk.conf --print-all-missed

shows no attempts (just normal asterisk log entries)

Would it be possible that the mails be about ‘cached’ banned IP’s or something like that?

I wonder if I miss a jail?

(Stéphane de Labrusse) #27

check the maxretry set for this jail, after that the --print-all-matched could be interested also, we could known what was caught

(Stéphane de Labrusse) #28

verified and released as update