Created
September 23, 2013 02:02
-
-
Save gizmoguy/6665686 to your computer and use it in GitHub Desktop.
fail2ban for freeswitch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> /etc/fail2ban/jail.conf | |
[freeswitch] | |
enabled = true | |
port = 5060,5061,5080,5081 | |
filter = freeswitch | |
logpath = /var/log/freeswitch/freeswitch.log | |
maxretry = 10 | |
action = iptables-allports[name=freeswitch, protocol=all] | |
[freeswitch-dos] | |
enabled = true | |
port = 5060,5061,5080,5081 | |
filter = freeswitch-dos | |
logpath = /var/log/freeswitch/freeswitch.log | |
action = iptables-allports[name=freeswitch-dos, protocol=all] | |
maxretry = 50 | |
findtime = 30 | |
bantime = 6000 | |
> /etc/fail2ban/filter.d/freeswitch.conf | |
# Fail2Ban configuration file | |
# | |
# Author: Rupa SChomaker | |
# | |
[Definition] | |
# Option: failregex | |
# Notes.: regex to match the password failures messages in the logfile. The | |
# host must be matched by a group named "host". The tag "<HOST>" can | |
# be used for standard IP/hostname matching and is only an alias for | |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) | |
# Values: TEXT | |
# | |
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST> | |
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST> | |
# Option: ignoreregex | |
# Notes.: regex to ignore. If this regex matches, the line is ignored. | |
# Values: TEXT | |
# | |
ignoreregex = | |
> /etc/fail2ban/filter.d/freeswitch-dos.conf | |
# Fail2Ban configuration file | |
# | |
# Author: soapee01 | |
# | |
[Definition] | |
# Option: failregex | |
# Notes.: regex to match the password failures messages in the logfile. The | |
# host must be matched by a group named "host". The tag "<HOST>" can | |
# be used for standard IP/hostname matching and is only an alias for | |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) | |
# Values: TEXT | |
# | |
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST> | |
# Option: ignoreregex | |
# Notes.: regex to ignore. If this regex matches, the line is ignored. | |
# Values: TEXT | |
# | |
ignoreregex = |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment