[Freeswitch-users] fail2ban regex
Steven Ayre
steveayre at gmail.com
Sat Sep 17 23:28:28 MSD 2016
Potentially commented out because it'll happen every time a legitimate user
authenticates via password and not IP, so could give false positives that
cause it to block real users. Use with care. :)
Steve
On 17 September 2016 at 06:06, Don Hawkins <hawkins at hawkinsegroup.com>
wrote:
> Wow, feel KIND of stupid, the regex is in the bottom of the config file
> but commented out...
>
> https://github.com/fail2ban/fail2ban/blob/master/config/filt
> er.d/freeswitch.conf
>
> It's commented out but really should not be, I was missing a bunch of
> "hacking" attempts. For anyone else, move it up because you may need it, it
> for sure wont hurt anything.
>
> On Fri, Sep 16, 2016 at 11:53 PM, Don Hawkins <hawkins at hawkinsegroup.com>
> wrote:
>
>> It's missing <host> so no, I dont think it will work.
>>
>> Anyone have any other suggestions?
>>
>> Just to recap, looking for fail2ban regex that will match the following:
>>
>> 2016-09-16 08:42:48.729019 [DEBUG] sofia.c:9623 IP 89.163.231.172
>> Rejected by acl "domains". Falling back to Digest auth.
>>
>>
>> On Fri, Sep 16, 2016 at 9:21 AM, Russell Treleaven <
>> rtreleaven at bunnykick.ca> wrote:
>>
>>> does this work?
>>> ^.+sofia.+Rejected by acl.+$
>>>
>>> On Fri, Sep 16, 2016 at 10:14 AM, Don Hawkins <hawkins at hawkinsegroup.com
>>> > wrote:
>>>
>>>> Morning!
>>>>
>>>>
>>>> - Trying to match:
>>>>
>>>> 2016-09-16 08:42:48.729019 [DEBUG] sofia.c:9623 IP 89.163.231.172
>>>> Rejected by acl "domains". Falling back to Digest auth.
>>>>
>>>>
>>>> - I tried this regex:
>>>>
>>>> ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "domains"\.
>>>> Falling back to Digest auth\.$
>>>>
>>>>
>>>> And no luck.
>>>>
>>>> Can anyone help? I can't figure out what I'm doing wrong, testing
>>>> indicates no matches.
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>> <http://teleoh.com>
>>
>> *Sincerely,*
>> Don Hawkins
>> CEO
>> Hawkins Enterprise Group LLC
>> http://hawkinsegroup.com
>> Zello PTT <http://zello.com>: push2don
>> P: 469-214-5044
>>
>
>
>
> --
> <http://teleoh.com>
>
> *Sincerely,*
> Don Hawkins
> CEO
> Hawkins Enterprise Group LLC
> http://hawkinsegroup.com
> Zello PTT <http://zello.com>: push2don
> P: 469-214-5044
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160917/6cb0665e/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list