I want to add an entry to a database every time a brute force registration attempt is done. from this database we are updating cisco routers with our ban list so our entire network is protected. The database side of things is working and has been for some time. I really would like to add the file2ban side of it to protect our asterisk system better. How would I best go about doing this using file2ban with asterisk? Any feed back is appreciated. Thanks zktech -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110726/b44a1efd/attachment.htm>
On 07/26/2011 09:21 PM, Bryant Zimmerman wrote:> I want to add an entry to a database every time a brute force > registration attempt is done. > from this database we are updating cisco routers with our ban list so > our entire network is protected. > The database side of things is working and has been for some time. I > really would like to add the file2ban side of it to protect our asterisk > system better. > > How would I best go about doing this using file2ban with asterisk? > Any feed back is appreciated.Try: http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk Regards, Patrick
Hello, That is relatively easy :) fail2ban is actually executing a command. Check out the actions configs that are stored in your fail2ban directory. E.g:> ls -1 /etc/fail2ban/action.d/You can write your own script (bash/php/perl/C/you name it) that inputs the information in the DB or attempt to use something like:> echo "INSERT INTO ban_addresses VALUES ('<ip>');" | mysql -u someuser -p'somepass'However I am not sure if this solution will work under fail2ban (forwarding output to another app via pipe) Regards, Stefan Lekov On Tue, 26 Jul 2011 15:21:39 -0400, "Bryant Zimmerman" <BryantZ at zktech.com> wrote:> I want to add an entry to a database every time a brute force > registration attempt is done. > from this database we are updating cisco routers with our ban list so > our entire network is protected. > The database side of things is working and has been for some time. I > really would like to add the file2ban side of it to protect our > asterisk system better. > > How would I best go about doing this using file2ban with asterisk? > Any feed back is appreciated. > > Thanks > zktech
> -----Original Message----- > From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users- > bounces at lists.digium.com] On Behalf Of Bryant Zimmerman > Sent: Tuesday, July 26, 2011 3:22 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [asterisk-users] file2ban > > I want to add an entry to a database every time a brute force registration > attempt is done. > from this database we are updating cisco routers with our ban list so our > entire network is protected. > The database side of things is working and has been for some time. I really > would like to add the file2ban side of it to protect our asterisk system > better.Look at the /etc/fail2ban/action.d/ Actions in the default config runs an iptables command to insert the ban into IPTables, but you can have it run most any command.