Hi, noticed a lot of password failures in CLI. iptables -nL shows nothing banned:
Chain fail2ban-SIP (2 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0
RETURN all – 0.0.0.0/0 0.0.0.0/0
Code in /etc/fail2ban/jail.local seems right:
[asterisk-iptables]
enabled = true
filter = asterisk-security
action = iptables-allports[name=SIP, protocol=all]
sendmail[name=SIP, [email protected], [email protected]]
logpath = /var/log/asterisk/fail2ban
Running fail2ban-regex /var/log/asterisk/fail2ban /etc/fail2ban/filter.d/asterisk-security.conf to see if there are matches and there are 1508 matches with the exact same RemoteAddress:
No ‘host’ found in '[] SECURITY[2339] res_security_log.c: SecurityEvent=“InvalidPassword”,EventTV=“2016-03-29T08:54:22.526-0400”,Severity=“Error”,Service=“SIP”,EventVersion=“2”,AccountID=“1355”,SessionID=“0xb8e9a54”,LocalAddress=“IPV4/UDP/xx.xxx.xx.xxx/5060”,RemoteAddress=“IPV4/UDP/212.83.146.40/5137”,Challenge=“63943eaf”,ReceivedChallenge=“63943eaf”,ReceivedHash=“9f886d762c3adc2b47c4edfc326f9f60”
Is fail2ban running?
root 21150 1.7 0.3 180588 6576 ? Sl 08:34 0:42 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock
What might be causing fail2ban not banning?
Thanks