Hi folks,
I am trying to secure my asterisk box, i am also comparing csf performance with fail2ban.
I have installed csf version: 5.14
i have changed custom1 log path in csf.conf
CUSTOM1_LOG = “/var/log/asterisk/notice”
below rules have been placed in regex.custom.pm
#!/usr/bin/perl
sub custom_line {
my $line = shift;
my $lgfile = shift;
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.failed for ‘(\d+(.\d+){3})’ - (No matching peer found)./)) {
return (“Failed MondoTalkSIP login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.failed for ‘(\d+(.\d+){3})’ - (Username/auth name mismatch)./)) {
return (“Failed MondoTalkSIP login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.failed for ‘(\d+(.\d+){3})’ - (Wrong passord)./)) {
return (“Failed Asterisk login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.failed for ‘(\d+(.\d+){3})’ - (Device does not match ACL)./)) {
return (“Failed Asterisk login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.Host (\d+(.\d+){3}) (failed to authenticate)./)) {
return (“Failed Asterisk login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.*(No registration for peer).from (\d+(.\d+){3})./)) {
return (“Failed Asterisk login $1 from”,$2,“myasteriskmatch”,“3”,“5060”,“0”);
}
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.(Failed to authenticate user).@(\d+(.\d+){3}).*/)) {
return (“Failed MondoTalkSIP login $1 from”,$2,“myasteriskmatch”,“3”,“5060”,“0”);
}
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.Host (\d+(.\d+){3}) (failed MD5 authentication)./)) {
return (“Failed Asterisk login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}
return 0;
}
1;
But this is not working, is there any one who can help me here? what mistake i have made?