[VoiceOps] VoIP Abuse Project
Peter Beckman
beckman at angryox.com
Mon Sep 20 15:12:32 EDT 2010
On Mon, 20 Sep 2010, J. Oquendo wrote:
> Fail2Ban separates on fields, e.g., awk '{print $X}'
>
> # awk '/[assword]/{print $15}' TodaysLogs|sort -u
> # awk '/[assword]/{print $11}' TodaysLogs|sort -u
Did you read the docs?
http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
> [2010-09-20 01:16:24] NOTICE[8395] chan_sip.c: Registration from
> '"this-is-a-stupid-password"<sip:this-is-a-stupid-password at 208.50.xx.xxx>'
> failed for '69.72.242.170' - Device does not match ACL
failregex = Registration from '.+?' failed for '<HOST>'
Done. Needs real-world testing/tweaking but I'm pretty sure your argument
that it is too hard to match a failure in fail2ban is silly.
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman at angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
More information about the VoiceOps
mailing list