Update fail2ban.rst

source/advanced/fail2ban.rst

@@ -1,5 +1,5 @@
 ##########
-FAil2Ban
+Fail2Ban
 ##########
 
 |
@@ -51,113 +51,115 @@ FAil2Ban
 | | Duration (in seconds) for IP to be banned for.
 | |}
 
-**Filter Rules**
-vim /etc/fail2ban/filter.d/fusionpbx.conf
- # Fail2Ban configuration file
- #
- # Author: soapee01
- #
- 
- [Definition]
- 
- # Option:  failregex
- # Notes.:  regex to match the password failures messages in the logfile. The
- #          host must be matched by a group named "host". The tag "<HOST>" can
- #          be used for standard IP/hostname matching and is only an alias for
- #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
- # Values:  TEXT
- #
- #failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
- #[hostname] variable doesn't seem to work in every case. Do this instead:
- failregex = .* FusionPBX: \[<HOST>\] authentication failed for
-           = .* FusionPBX: \[<HOST>\] provision attempt bad password for
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.
- # Values:  TEXT
- #
- ignoreregex =
-
-add the following to /etc/fail2ban/jail.local
- [fusionpbx]
- 
- enabled  = true
- port     = 80,443
- protocol = tcp
- filter   = fusionpbx
- logpath  = /var/log/auth.log
- action   = iptables-allports[name=fusionpbx, protocol=all]
- #          sendmail-whois[name=FusionPBX, dest=root, [email protected]] #no smtp server installed
-
-Add /etc/fail2ban/filter.d/freeswitch.conf with the contents:
- # Fail2Ban configuration file
- #
- # Author: Rupa SChomaker (first two regex)
- 
- [Definition]
- 
- # Option:  failregex
- # Notes.:  regex to match the password failures messages in the logfile. The
- #          host must be matched by a group named "host". The tag "<HOST>" can
- #          be used for standard IP/hostname matching and is only an alias for
- #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
- # Values:  TEXT
- #
- failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
-             \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
-             \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.
- # Values:  TEXT
- #
- ignoreregex =
-
-Modify /etc/fail2ban/jail.conf. Add the following make sure the freeswitch.log file path is correct.
-
- [freeswitch-tcp]
- 
- enabled  = true
- port     = 5060,5061,5080,5081
- protocol = tcp
- filter   = freeswitch
- logpath  = /usr/local/freeswitch/log/freeswitch.log
- action   = iptables-allports[name=freeswitch-tcp, protocol=all]
-            sendmail-whois[name=FreeSwitch, dest=root, [email protected]]
- 
- [freeswitch-udp]
- 
- enabled  = true
- port     = 5060,5061,5080,5081
- protocol = udp
- filter   = freeswitch
- logpath  = /usr/local/freeswitch/log/freeswitch/freeswitch.log
- action   = iptables-allports[name=freeswitch-udp, protocol=all]
-            sendmail-whois[name=FreeSwitch, dest=root, [email protected]]
-
-
-/var/log/fail2ban.log will log this after 3 missed logins.
- 2011-02-01 12:32:18,151 fail2ban.actions: WARNING [fusionpbx] Ban 192.168.100.1
-hostname # iptables -n -L fail2ban-fusionpbx
- Chain fail2ban-fusionpbx (1 referecnes)
- target    prot opt source        destination
- DROP      all  --  192.168.100.1 anywhere
- RETURN    all  --  anywhere      anywhere
-
-*Important
-**You can easily ban yourself, including current active ssh connections.
-**To unban:
- hostname # iptables -n -D fail2ban-fusionpbx 1
+|
 
-**Keep yourself from getting banned.**
+| **Filter Rules**
+| vim /etc/fail2ban/filter.d/fusionpbx.conf
+|  # Fail2Ban configuration file
+|  #
+|  # Author: soapee01
+|  #
+| 
+| [Definition]
+| 
+| # Option:  failregex
+| # Notes.:  regex to match the password failures messages in the logfile. The
+| #          host must be matched by a group named "host". The tag "<HOST>" can
+| #          be used for standard IP/hostname matching and is only an alias for
+| #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+| # Values:  TEXT
+| #
+| #failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
+| #[hostname] variable doesn't seem to work in every case. Do this instead:
+| failregex = .* FusionPBX: \[<HOST>\] authentication failed for
+|           = .* FusionPBX: \[<HOST>\] provision attempt bad password for
+| 
+| # Option:  ignoreregex
+| # Notes.:  regex to ignore. If this regex matches, the line is ignored.
+| # Values:  TEXT
+| #
+| ignoreregex =
+|
+| add the following to /etc/fail2ban/jail.local
+| [fusionpbx]
+| 
+| enabled  = true
+| port     = 80,443
+| protocol = tcp
+| filter   = fusionpbx
+| logpath  = /var/log/auth.log
+| action   = iptables-allports[name=fusionpbx, protocol=all]
+| #          sendmail-whois[name=FusionPBX, dest=root, [email protected]] #no smtp server installed
+|
+| Add /etc/fail2ban/filter.d/freeswitch.conf with the contents:
+| # Fail2Ban configuration file
+| #
+| # Author: Rupa SChomaker (first two regex)
+| 
+| [Definition]
+| 
+| # Option:  failregex
+| # Notes.:  regex to match the password failures messages in the logfile. The
+| #          host must be matched by a group named "host". The tag "<HOST>" can
+| #          be used for standard IP/hostname matching and is only an alias for
+| #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+| # Values:  TEXT
+| #
+| failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+|             \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+|             \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+| 
+| # Option:  ignoreregex
+| # Notes.:  regex to ignore. If this regex matches, the line is ignored.
+| # Values:  TEXT
+| #
+| ignoreregex =
+|
+| Modify /etc/fail2ban/jail.conf. Add the following make sure the freeswitch.log file path is correct.
+|
+| [freeswitch-tcp]
+| 
+| enabled  = true
+| port     = 5060,5061,5080,5081
+| protocol = tcp
+| filter   = freeswitch
+| logpath  = /usr/local/freeswitch/log/freeswitch.log
+| action   = iptables-allports[name=freeswitch-tcp, protocol=all]
+|            sendmail-whois[name=FreeSwitch, dest=root, [email protected]]
+| 
+| [freeswitch-udp]
+| 
+| enabled  = true
+| port     = 5060,5061,5080,5081
+| protocol = udp
+| filter   = freeswitch
+| logpath  = /usr/local/freeswitch/log/freeswitch/freeswitch.log
+| action   = iptables-allports[name=freeswitch-udp, protocol=all]
+|            sendmail-whois[name=FreeSwitch, dest=root, [email protected]]
+|
+|
+| /var/log/fail2ban.log will log this after 3 missed logins.
+| 2011-02-01 12:32:18,151 fail2ban.actions: WARNING [fusionpbx] Ban 192.168.100.1
+| hostname # iptables -n -L fail2ban-fusionpbx
+| Chain fail2ban-fusionpbx (1 referecnes)
+| target    prot opt source        destination
+| DROP      all  --  192.168.100.1 anywhere
+| RETURN    all  --  anywhere      anywhere
+|
+| *Important
+| **You can easily ban yourself, including current active ssh connections.
+| **To unban:
+| hostname # iptables -n -D fail2ban-fusionpbx 1
+|
+| **Keep yourself from getting banned.**
 | add to /etc/fail2ban/jail.local
 | [DEFAULT]
- 
+| 
 | # "ignoreip" can be an IP address, a CIDR mask or a DNS host
 | ignoreip = 127.0.0.1 192.168.0.99
 | bantime  = 600
 | maxretry = 3
-
+|
 | **Errors**
 | If you're seeing something like this in your fail2ban logfile:
 | 2011-02-27 14:11:42,326 fail2ban.actions.action: ERROR  iptables -N fail2ban-freeswitch-tcp