[AsteriskBrasil] iptables e fail2ban

Shazaum shazaum em gmail.com
Quarta Outubro 13 15:31:39 BRT 2010 

esqueci de mencionar...
configurei o fail2ban com esse link...
aqui esta funcionando certinho

--

Renato dos Santos
shazaum.wordpress.com



2010/10/13 Shazaum <shazaum em gmail.com>

>
> http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk
>
> --
>
> Renato dos Santos
> shazaum.wordpress.com
>
>
>
> 2010/10/7 monica em addphone.net <monica em addphone.net>
>
>>  ola, a todos alguem pode me ajudar na configuraçao de um iptables de
>> fail2ban para meu servidor astrisk
>>
>>
>> coloquei estas regras
>>
>> iptables -D INPUT -p tcp -m multiport --dport 10000:20000 -j ACCEPT
>> iptables -D INPUT -p udp -m multiport --dport 10000:20000 -j ACCEPT
>> iptables -D INPUT -p tcp -m multiport --dport 5060:5061 -j ACCEPT
>> iptables -I INPUT -p tcp -m multiport --dport 80 -j ACCEPT
>> iptables -I INPUT -p udp -m multiport --dport 80 -j ACCEPT
>> iptables -I INPUT -p tcp --dport 22 -j ACCEPT
>>
>> service iptables save
>> service iptables restart
>>
>>
>> mas ficou sme audios e algun ramais nao puderam mais registrar
>>
>>
>> e tabem o fail2ban nao bloqueo os ips dos ramais que ficam tentando
>> registrar com senha errada.
>>
>>
>>
>> coloquei assim
>>
>> /etc/fail2ban/filter.d/asterisk.conf
>>
>> failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST >' -
>> Wrong password
>> NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer
>> found
>> NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth
>> name mismatch
>> NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device does not
>> match ACL
>> NOTICE.* <HOST /> failed to authenticate as '.*'$
>> NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)
>> NOTICE.* .*: Host <HOST /> failed MD5 authentication for '.*' (.*)
>> NOTICE.* .*: Failed to authenticate user .*@<HOST />.*
>>
>> ignoreregex =
>>
>> /etc/fail2ban/jail.conf
>> [asterisk-iptables]
>>  enabled  = true
>> filter   = asterisk
>> action   = iptables-allports[name=ASTERISK, protocol=all]
>> sendmail-whois[name=ASTERISK, dest=
>> <dest=%20%3Cscript%20language=%27JavaScript%27%20type=%27text/javascript%27%3E%20%3C%21--%20var%20prefix%20=%20%27mailto:%27;%20var%20suffix%20=%20%27%27;%20var%20attribs%20=%20%27%27;%20var%20path%20=%20%27hr%27%20+%20%27ef%27%20+%20%27=%27;%20var%20addy78177%20=%20%27youremailaddress%27%20+%20%27@%27;%20addy78177%20=%20addy78177%20+%20%27somewhere%27%20+%20%27.%27%20+%20%27com%27;%20document.write%28%20%27%3Ca%20%27%20+%20path%20+%20%27%5C%27%27%20+%20prefix%20+%20addy78177%20+%20suffix%20+%20%27%5C%27%27%20+%20attribs%20+%20%27%3E%27%20%29;%20document.write%28%20addy78177%20%29;%20document.write%28%20%27%3C%5C/a%3E%27%20%29;%20//--%3E%20%3C/script%3E%20%3Cscript%20language=%27JavaScript%27%20type=%27text/javascript%27%3E%20%3C%21--%20document.write%28%20%27%3Cspan%20style=%5C%27display:%20none;%5C%27%3E%27%20%29;%20//--%3E%20%3C/script%3EEste%20endere%C3%A7o%20de%20e-mail%20est%C3%A1%20protegido%20contra%20spambots.%20Voc%C3%AA%20deve%20habilitar%20o%20JavaScript%20para%20visualiz%C3%A1-lo.%20%3Cscript%20language=%27JavaScript%27%20type=%27text/javascript%27%3E%20%3C%21--%20document.write%28%20%27%3C/%27%20%29;%20document.write%28%20%27span%3E%27%20%29;%20//--%3E%20%3C/script%3E>
>> youremailaddress em somewhere.com Este endereço de e-mail está protegido
>> contra spambots. Você deve habilitar o JavaScript para visualizá-lo. , sender=
>>
>> <sender=%20%3Cscript%20language=%27JavaScript%27%20type=%27text/javascript%27%3E%20%3C%21--%20var%20prefix%20=%20%27mailto:%27;%20var%20suffix%20=%20%27%27;%20var%20attribs%20=%20%27%27;%20var%20path%20=%20%27hr%27%20+%20%27ef%27%20+%20%27=%27;%20var%20addy62105%20=%20%27fail2ban%27%20+%20%27@%27;%20addy62105%20=%20addy62105%20+%20%27somewhere%27%20+%20%27.%27%20+%20%27com%27;%20document.write%28%20%27%3Ca%20%27%20+%20path%20+%20%27%5C%27%27%20+%20prefix%20+%20addy62105%20+%20suffix%20+%20%27%5C%27%27%20+%20attribs%20+%20%27%3E%27%20%29;%20document.write%28%20addy62105%20%29;%20document.write%28%20%27%3C%5C/a%3E%27%20%29;%20//--%3E%20%3C/script%3E%20%3Cscript%20language=%27JavaScript%27%20type=%27text/javascript%27%3E%20%3C%21--%20document.write%28%20%27%3Cspan%20style=%5C%27display:%20none;%5C%27%3E%27%20%29;%20//--%3E%20%3C/script%3EEste%20endere%C3%A7o%20de%20e-mail%20est%C3%A1%20protegido%20contra%20spambots.%20Voc%C3%AA%20deve%20habilitar%20o%20JavaScript%20para%20visualiz%C3%A1-lo.%20%3Cscript%20language=%27JavaScript%27%20type=%27text/javascript%27%3E%20%3C%21--%20document.write%28%20%27%3C/%27%20%29;%20document.write%28%20%27span%3E%27%20%29;%20//--%3E%20%3C/script%3E>
>> fail2ban em somewhere.com Este endereço de e-mail está protegido contra
>> spambots. Você deve habilitar o JavaScript para visualizá-lo. ]
>> logpath  = /var/log/asterisk/full
>> maxretry = 5
>> bantime = 600
>>
>> */etc/asterisk/logger.conf*
>> [general]
>> dateformat=%F %T
>>
>>
>>
>>
>>
>>
>> __________ Información de ESET NOD32 Antivirus, versión de la base de
>> firmas de virus 5512 (20101007) __________
>>
>> ESET NOD32 Antivirus ha comprobado este mensaje.
>>
>> http://www.eset.com
>>
>> _______________________________________________
>> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
>> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
>> - Suporte técnico local qualificado e gratuito
>> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
>> _______________________________________________
>> Temos tudo para seu projeto VoIP com Asterisk!
>> Descontos especiais para assinantes da AsteriskBrasil.org.
>> Registre-se e receba um cupom exclusivo de desconto!
>> Acesse agora www.voipmania.com.br
>> ______________________________________________
>> Lista de discussões AsteriskBrasil.org
>> AsteriskBrasil em listas.asteriskbrasil.org
>> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>> ______________________________________________
>> Para remover seu email desta lista, basta enviar um email em branco para
>> asteriskbrasil-unsubscribe em listas.asteriskbrasil.org
>>
>
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20101013/6b01cd30/attachment-0001.htm

Mais detalhes sobre a lista de discussão AsteriskBrasil