I think we should keep it in the wiki.
I sent login information to Sebastian.

- Y


On Wed, Jun 26, 2013 at 8:18 AM, Daniel Black <daniel.subs@internode.on.net> wrote:
On 26/06/13 17:07, Sebastian Arcus wrote:
> It seems that the Asterisk page on the fail2ban wiki
> (http://www.fail2ban.org/wiki/index.php/Asterisk) has become outdated,

yes. Hopefully out filter's haven't been.

> as it states fail2ban can't protect against certain types of attacks.
> The page makes several references to this fact, and links to a post on
> forums.asterisk.org
>
> I believe these problems have been fixed with the advent of the security
> log since Asterisk 10+ (by default located in
> /var/log/asterisk/security, when enabled in /etc/asterisk/logger.conf).
> The security log now provides sufficient data for fail2ban to block
> attackers exploiting just INVITE's, instead of the one's trying to REGISTER.

Updated a month ago to include this:
https://github.com/fail2ban/fail2ban/commit/5c8fb68a2cd803a820bc624ac47bf8462fb5cd4d#config/filter.d/asterisk.conf

Can you see anything here missing or wrong?

https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/asterisk.conf

> Unless my research on the above is wrong, I think it would be useful for
> the wiki page to be updated with the relevant information (including new
> filters/regex's for the security log - along the lines of the ones found
> here:
> http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk).
>
> I'd be happy to add the info myself if I can get an account to the wiki
> - or if anybody else who has access already can do it would be great.

Or perhaps we can obsolete the wiki pages and point straight to the filter.


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users