[Spce-user] Fail2Ban SPCE
scottf at zstaff.wcoil.com
Tue Apr 28 09:47:18 EDT 2020
I just was trying to do this myself the other day and had some issues
but seemed to of gotten it worked out. I'm using mr8.3.1, if I'm doing
this wrong anyone feel free to correct me, everything that I did here
came from items I found searching this list. What I had to do was edit
/etc/ngcp-config/constants.yaml and set CT=$ct under the kamailio ->
proxy -> log -> request section like so:
I added this to the proxy section because this is where the bad
authentications where showing.
Then after applying the change and seeing that it is showing up in
kamailio-proxy.log, make a fail2ban filter in
# filter for kamailio messages
failregex = Authentication failed, no credentials - R=.* ID=.*
Authentication failed, invalid user - R=.* ID=.*
Consecutive Authentication Failure for '.*' UA='.*'
It looks though that the "Consecutive Authentication Failure" failregex
should work without any modifications, but for the other auth failures
there was no IP showing in the log which is why I changed the
constants.yaml file. Also my failregex may be a little rough here and
could be improved...
Again if there is a better way to do this or this is wrong, anyone
please feel free to let me know. But for the moment this appears to be
working for me and banning things.
Scott C. Fertig
Digium Certified Asterisk Administrator (dCAA)
WCOIL Network Operations Lead
ph: 419.229.2645 x1028
scottf at staff.wcoil.com
On 4/24/20 9:32 AM, cappellari at connectlife.it wrote:
> Hi everyone. Has anyone installed fail2ban with spce? I followed this
> the fail2ban log file does not detect the wrong logins .. If I try the
> wrong logons, for example with ssh, the log detects them and bans the
> ip .. any advice? Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Spce-user