[VoiceOps] VoIP Abuse Project

Peter Beckman beckman at angryox.com
Mon Sep 20 15:12:32 EDT 2010

On Mon, 20 Sep 2010, J. Oquendo wrote:

> Fail2Ban separates on fields, e.g., awk '{print $X}'
> # awk '/[assword]/{print $15}' TodaysLogs|sort -u
> # awk '/[assword]/{print $11}' TodaysLogs|sort -u

  Did you read the docs?


> [2010-09-20 01:16:24] NOTICE[8395] chan_sip.c: Registration from
> '"this-is-a-stupid-password"<sip:this-is-a-stupid-password at 208.50.xx.xxx>'
> failed for '' - Device does not match ACL

  failregex = Registration from '.+?' failed for '<HOST>'

  Done.  Needs real-world testing/tweaking but I'm pretty sure your argument
  that it is too hard to match a failure in fail2ban is silly.

Peter Beckman                                                  Internet Guy
beckman at angryox.com                                 http://www.angryox.com/

More information about the VoiceOps mailing list