Update fail2ban.rst

source/advanced/fail2ban.rst

@@ -75,117 +75,143 @@ Fail2Ban
 
 | **Filter Rules**
 | vim /etc/fail2ban/filter.d/fusionpbx.conf
-|  # Fail2Ban configuration file
-|  #
-|  # Author: soapee01
-|  #
-| 
-| [Definition]
-| 
-| # Option:  failregex
-| # Notes.:  regex to match the password failures messages in the logfile. The
-| #          host must be matched by a group named "host". The tag "<HOST>" can
-| #          be used for standard IP/hostname matching and is only an alias for
-| #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
-| # Values:  TEXT
-| #
-| #failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
-| #[hostname] variable doesn't seem to work in every case. Do this instead:
-| failregex = .* FusionPBX: \[<HOST>\] authentication failed for
-|           = .* FusionPBX: \[<HOST>\] provision attempt bad password for
-| 
-| # Option:  ignoreregex
-| # Notes.:  regex to ignore. If this regex matches, the line is ignored.
-| # Values:  TEXT
-| #
-| ignoreregex =
-|
+
+::
+
+ # Fail2Ban configuration file
+ #
+ # Author: soapee01
+ #
+ 
+ [Definition]
+ 
+ # Option:  failregex
+ # Notes.:  regex to match the password failures messages in the logfile. The
+ #          host must be matched by a group named "host". The tag "<HOST>" can
+ #          be used for standard IP/hostname matching and is only an alias for
+ #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+ # Values:  TEXT
+ #
+ #failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
+ #[hostname] variable doesn't seem to work in every case. Do this instead:
+ failregex = .* FusionPBX: \[<HOST>\] authentication failed for
+           = .* FusionPBX: \[<HOST>\] provision attempt bad password for
+ 
+ # Option:  ignoreregex
+ # Notes.:  regex to ignore. If this regex matches, the line is ignored.
+ # Values:  TEXT
+ #
+ ignoreregex =
+
+
 | add the following to /etc/fail2ban/jail.local
-| [fusionpbx]
-| 
-| enabled  = true
-| port     = 80,443
-| protocol = tcp
-| filter   = fusionpbx
-| logpath  = /var/log/auth.log
-| action   = iptables-allports[name=fusionpbx, protocol=all]
-| #          sendmail-whois[name=FusionPBX, dest=root, [email protected]] #no smtp server installed
-|
+
+::
+
+ [fusionpbx]
+ 
+ enabled  = true
+ port     = 80,443
+ protocol = tcp
+ filter   = fusionpbx
+ logpath  = /var/log/auth.log
+ action   = iptables-allports[name=fusionpbx, protocol=all]
+ #          sendmail-whois[name=FusionPBX, dest=root, [email protected]] #no smtp server installed
+
+
 | Add /etc/fail2ban/filter.d/freeswitch.conf with the contents:
-| # Fail2Ban configuration file
-| #
-| # Author: Rupa SChomaker (first two regex)
-| 
-| [Definition]
-| 
-| # Option:  failregex
-| # Notes.:  regex to match the password failures messages in the logfile. The
-| #          host must be matched by a group named "host". The tag "<HOST>" can
-| #          be used for standard IP/hostname matching and is only an alias for
-| #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
-| # Values:  TEXT
-| #
-| failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
-|             \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
-|             \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
-| 
-| # Option:  ignoreregex
-| # Notes.:  regex to ignore. If this regex matches, the line is ignored.
-| # Values:  TEXT
-| #
-| ignoreregex =
-|
+
+::
+
+ # Fail2Ban configuration file
+ #
+ # Author: Rupa SChomaker (first two regex)
+ 
+ [Definition]
+ 
+ # Option:  failregex
+ # Notes.:  regex to match the password failures messages in the logfile. The
+ #          host must be matched by a group named "host". The tag "<HOST>" can
+ #          be used for standard IP/hostname matching and is only an alias for
+ #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+ # Values:  TEXT
+ #
+ failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+             \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+             \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+ 
+ # Option:  ignoreregex
+ # Notes.:  regex to ignore. If this regex matches, the line is ignored.
+ # Values:  TEXT
+ #
+ ignoreregex =
+
+
 | Modify /etc/fail2ban/jail.conf. Add the following make sure the freeswitch.log file path is correct.
-|
-| [freeswitch-tcp]
-| 
-| enabled  = true
-| port     = 5060,5061,5080,5081
-| protocol = tcp
-| filter   = freeswitch
-| logpath  = /usr/local/freeswitch/log/freeswitch.log
-| action   = iptables-allports[name=freeswitch-tcp, protocol=all]
-|            sendmail-whois[name=FreeSwitch, dest=root, [email protected]]
-| 
-| [freeswitch-udp]
-| 
-| enabled  = true
-| port     = 5060,5061,5080,5081
-| protocol = udp
-| filter   = freeswitch
-| logpath  = /usr/local/freeswitch/log/freeswitch/freeswitch.log
-| action   = iptables-allports[name=freeswitch-udp, protocol=all]
-|            sendmail-whois[name=FreeSwitch, dest=root, [email protected]]
-|
-|
+
+::
+
+ [freeswitch-tcp]
+ 
+ enabled  = true
+ port     = 5060,5061,5080,5081
+ protocol = tcp
+ filter   = freeswitch
+ logpath  = /usr/local/freeswitch/log/freeswitch.log
+ action   = iptables-allports[name=freeswitch-tcp, protocol=all]
+            sendmail-whois[name=FreeSwitch, dest=root, [email protected]]
+ 
+ [freeswitch-udp]
+ 
+ enabled  = true
+ port     = 5060,5061,5080,5081
+ protocol = udp
+ filter   = freeswitch
+ logpath  = /usr/local/freeswitch/log/freeswitch/freeswitch.log
+ action   = iptables-allports[name=freeswitch-udp, protocol=all]
+            sendmail-whois[name=FreeSwitch, dest=root, [email protected]]
+
+
 | /var/log/fail2ban.log will log this after 3 missed logins.
-| 2011-02-01 12:32:18,151 fail2ban.actions: WARNING [fusionpbx] Ban 192.168.100.1
-| hostname # iptables -n -L fail2ban-fusionpbx
-| Chain fail2ban-fusionpbx (1 referecnes)
-| target    prot opt source        destination
-| DROP      all  --  192.168.100.1 anywhere
-| RETURN    all  --  anywhere      anywhere
-|
-| *Important
-| **You can easily ban yourself, including current active ssh connections.
-| **To unban:
-| hostname # iptables -n -D fail2ban-fusionpbx 1
-|
+
+::
+
+ 2011-02-01 12:32:18,151 fail2ban.actions: WARNING [fusionpbx] Ban 192.168.100.1
+ hostname # iptables -n -L fail2ban-fusionpbx
+ Chain fail2ban-fusionpbx (1 referecnes)
+ target    prot opt source        destination
+ DROP      all  --  192.168.100.1 anywhere
+ RETURN    all  --  anywhere      anywhere
+
+
+| **Important**
+| **You can easily ban yourself, including current active ssh connections.**
+| **To unban:**
+
+::
+
+ hostname # iptables -n -D fail2ban-fusionpbx 1
+
 | **Keep yourself from getting banned.**
 | add to /etc/fail2ban/jail.local
-| [DEFAULT]
-| 
-| # "ignoreip" can be an IP address, a CIDR mask or a DNS host
-| ignoreip = 127.0.0.1 192.168.0.99
-| bantime  = 600
-| maxretry = 3
-|
+
+::
+
+ [DEFAULT]
+ 
+ # "ignoreip" can be an IP address, a CIDR mask or a DNS host
+ ignoreip = 127.0.0.1 192.168.0.99
+ bantime  = 600
+ maxretry = 3
+
+
 | **Errors**
 | If you're seeing something like this in your fail2ban logfile:
 | 2011-02-27 14:11:42,326 fail2ban.actions.action: ERROR  iptables -N fail2ban-freeswitch-tcp
 | add the:
 
 ::
+
  time.sleep(0.1) to /usr/bin/fail2ban-client
  def __processCmd(self, cmd, showRet = True):
  beautifier = Beautifier()