[AsteriskBrasil] fail2ban não bloqueia tentativa de autenticação

[Danilo Almeida]

Olá galera.

já instalei o fail2ban em outros servidores (centOS 5.x, 6.2) e estão
funcionando normalmente, porém, instalei no centOS 6.4 e pelo visto não
esta bloqueando os IP com tentativas de autenticação no servidor.

Fiz alguns testes tentando logar ramal com senha errada por diversas vezes
e ele não bloqueou.

asterisk.conf

[INCLUDES]

before = common.conf

_daemon = asterisk

[Definition]

failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - Wrong password$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - No matching peer found$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - Username/auth name mismatch$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - Device does not match ACL$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - Peer is not supposed to register$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for
'<HOST>' - ACL error (permit/deny)$
            NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$
            NOTICE%(__pid_re)s .*: No registration for peer '.*' \(from
<HOST>\)$
            NOTICE%(__pid_re)s .*: Host <HOST> failed MD5 authentication
for '.*' (.*)$
            NOTICE%(__pid_re)s .*: Failed to authenticate user .*@<HOST>.*$

ignoreregex =


e no arquivo jail.conf adicionei o seguinte

[asterisk-iptables]

enabled  = true
filter   = asterisk
action   = iptables-allports[name=ASTERISK, protocol=all]
           sendmail-whois[name=ASTERISK, dest=root, sender=
daniloricalmeida em gmail.com]
logpath  = /var/log/asterisk/messages
maxretry = 5
bantime = 259200

starto ele, e aparece as seguinte mensagens:

# service fail2ban start
Iniciando o fail2ban:
Message from syslogd em ruffus at Jun 21 14:14:44 ...
 ¿<30>fail2ban.filter : INFO   Added logfile = /var/log/secure

Message from syslogd em ruffus at Jun 21 14:14:44 ...
 ¿<30>fail2ban.filter : INFO   Set maxRetry = 5

Message from syslogd em ruffus at Jun 21 14:14:44 ...
 ¿<30>fail2ban.filter : INFO   Set findtime = 600

Message from syslogd em ruffus at Jun 21 14:14:45 ...
 ¿<30>fail2ban.filter : INFO   Added logfile = /var/log/asterisk/messages

Message from syslogd em ruffus at Jun 21 14:14:45 ...
 ¿<30>fail2ban.filter : INFO   Set maxRetry = 5

Message from syslogd em ruffus at Jun 21 14:14:45 ...
 ¿<30>fail2ban.filter : INFO   Set findtime = 600

Message from syslogd em ruffus at Jun 21 14:14:45 ...
 ¿<30>fail2ban.filter : INFO   Added logfile = /var/log/asterisk/messages

Message from syslogd em ruffus at Jun 21 14:14:45 ...
 ¿<30>fail2ban.filter : INFO   Set maxRetry = 10

Message from syslogd em ruffus at Jun 21 14:14:45 ...
 ¿<30>fail2ban.filter : INFO   Set findtime = 600

Message from syslogd em ruffus at Jun 21 14:14:45 ...
 ¿<30>fail2ban.filter : INFO   Added logfile = /var/log/asterisk/messages

Message from syslogd em ruffus at Jun 21 14:14:45 ...
 ¿<30>fail2ban.filter : INFO   Set maxRetry = 10

Message from syslogd em ruffus at Jun 21 14:14:45 ...
 ¿<30>fail2ban.filter : INFO   Set findtime = 600
                                                           [  OK  ]

agradeço quem puder ajudar

-- 
*att*
*Danilo Almeida*
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20130621/fb0cd6ee/attachment.htm