I'm trying to create a jail in Fail2Ban to protect a Asterisk PBX.
I already did as suggested and made a copy of jail.conf named jail.local. In jail.local I set up a asterisk jail as follows:
[asterisk]
port = 5060,5061
action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]
%(default/action_)s[name=%(__name__)s-udp, protocol="udp"]
logpath = /var/log/asterisk/messages
maxretry = 10
Then, in jail.d folder, I created a file called asterisk.full :
[asterisk-full]
backend = polling
enabled = true
port = all
filter = asterisk-full
logpath = /var/log/asterisk/messages
maxretry = 3
findtime = 1200
bantime = 600
And in filter.d folder I've put asterisk-full.conf :
[Definition]
failregex = .*NOTICE.* .*: Request '.*' from '.*' failed for '<HOST>:.*' .*- Failed to authenticate
.*NOTICE.* .*: Request '.*' from '.*' failed for '<HOST>:.*' .*- No matching endpoint found
ignoreregex =
The problem is, if I try the filter with the command
sudo fail2ban-regex /var/log/asterisk/full /etc/fail2ban/filter.d/asterisk-full.conf
It does work, it correctly sees the logfile and matches the line, but the problem is that the jail is not active in fail2ban.
This is what I get launching "fail2ban-client status":
Status
|- Number of jail: 1
`- Jail list: sshd
And the Asterisk jail is not listed.
I ran the commands "fail2ban-client reload", and "systemctl restart fail2ban", but to no avail.
SO is CentOS 7.
