[AsteriskBrasil] Fail2Ban não bloqueia ataque
André Luis Ribeiro
andrepr em gmail.com
Quinta Março 28 17:23:50 BRT 2013
Boa Tarde
Cara, eu uso esse script para instalar nos meus servidores. Em todos os
meus funcionam
apt-get -y install fail2ban
echo "[asterisk-iptables]" >> /etc/fail2ban/jail.conf
echo "enabled = true" >> /etc/fail2ban/jail.conf
echo "filter = asterisk" >> /etc/fail2ban/jail.conf
echo "action = iptables-allports[name=ASTERISK, protocol=all]" >>
/etc/fail2ban/jail.conf
echo "sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban em example.org]"
>> /etc/fail2ban/jail.conf
echo "logpath = /var/log/asterisk/messages" >> /etc/fail2ban/jail.conf
sed -i 's/bantime = 600/bantime = 7600/g' /etc/fail2ban/jail.conf
sed -i 's/maxretry = 3/maxretry = 6/g' /etc/fail2ban/jail.conf
touch /etc/fail2ban/filter.d/asterisk.conf
echo "" > /etc/fail2ban/filter.d/asterisk.conf
echo "[INCLUDES]" >> /etc/fail2ban/filter.d/asterisk.conf
echo "" >> /etc/fail2ban/filter.d/asterisk.conf
echo "[Definition]" >> /etc/fail2ban/filter.d/asterisk.conf
echo "failregex = ^.* .*NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Wrong password" >> /etc/fail2ban/filter.d/asterisk.conf
echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - No matching peer found" >> /etc/fail2ban/filter.d/asterisk.conf
echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Username/auth name mismatch" >>
/etc/fail2ban/filter.d/asterisk.conf
echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Device does not match ACL" >>
/etc/fail2ban/filter.d/asterisk.conf
echo " ^.* .*NOTICE.* <HOST> failed to authenticate as '.*'\$" >>
/etc/fail2ban/filter.d/asterisk.conf
echo " ^.* .*NOTICE.* .*: No registration for peer '.*' \(from
<HOST>\)" >> /etc/fail2ban/filter.d/asterisk.conf
echo " ^.* .*NOTICE.* .*: Host <HOST> failed MD5 authentication
for '.*' (.*)" >> /etc/fail2ban/filter.d/asterisk.conf
echo " ^.* .*NOTICE.* .*: Failed to authenticate user
.*@<HOST>.*" >> /etc/fail2ban/filter.d/asterisk.conf
echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Device not configured to use this transport type" >>
/etc/fail2ban/filter.d/asterisk.conf
echo " ^.* .*NOTICE.* .*: .*: Registration from '.*' failed for
'<HOST>' - Device not configured to use this transport type" >>
/etc/fail2ban/filter.d/asterisk.conf
echo "ignoreregex =" >> /etc/fail2ban/filter.d/asterisk.conf
sed -i 's/dateformat=.*/dateformat=%F %T/g' /etc/asterisk/logger.conf
sed -i '/^messages/d' /etc/asterisk/logger.conf
echo "messages => verbose,warning,error,notice" >> /etc/asterisk/logger.conf
asterisk -rx "logger reload"
On Mon, Feb 4, 2013 at 11:36 AM, Silvio Garbes <silviogarbes em gmail.com>wrote:
> Em resposta a mensagem de "João Marcelo Queiroz" na pergunta de "Fail2Ban
> não bloqueia ataque" em "Quarta Janeiro 5 10:40:26 BRST 2011".
>
> Estive com o mesmo problema e descobri que da versão 1.8 do asterisk para
> a versão 1.4 deve-se alterar o arquivo
> "/etc/fail2ban/filter.d/asterisk.conf". No log do asterisk da versão 1.8 ou
> superior a porta de destino vem junto com o log.
>
> De:
> failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>' - Wrong password$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>' - No matching peer found$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>' - Username/auth name mismatch$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>' - Device does not match ACL$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>' - Peer is not supposed to register$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>' - ACL error (permit/deny)$
> NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$
> NOTICE%(__pid_re)s .*: No registration for peer '.*' \(from
> <HOST>\)$
> NOTICE%(__pid_re)s .*: Host <HOST> failed MD5 authentication
> for '.*' (.*)$
> NOTICE%(__pid_re)s .*: Failed to authenticate user .*@<HOST>.*$
>
>
> Para:
> failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>:.*' - Wrong password$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>:.*' - No matching peer found$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>:.*' - Username/auth name mismatch$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>:.*' - Device does not match ACL$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>:.*' - Peer is not supposed to register$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed for
> '<HOST>:.*' - ACL error (permit/deny)$
> NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$
> NOTICE%(__pid_re)s .*: No registration for peer '.*' \(from
> <HOST>\)$
> NOTICE%(__pid_re)s .*: Host <HOST> failed MD5 authentication
> for '.*' (.*)$
> NOTICE%(__pid_re)s .*: Failed to authenticate user .*@<HOST>.*$
>
>
> Cordialmente,
>
> Sílvio Garbes Lara
>
>
> _______________________________________________
> EBS MODULAR: 3 slots para combinação entre E1, GSM, FXS ou FXO;
> Linha de PORTEIROS IP, abrem até 2 dispositivos com acesso IP remoto;
> Conheça esses e outros LANÇAMENTOS KHOMP em www.Khomp.com
> _______________________________________________
> DIGIVOICE Fabricante de Placas de Voz e Channel Bank
> 20 anos de experiência com E1(R2/ISDN), FXS, FXO e GSM
> Centro Treinamento - Curso de PABX IP - Asterisk - Site
> www.digivoice.com.br
> _______________________________________________
> ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
> Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
> Channel Bank – Appliance Asterisk - Acesse www.aligera.com.br.
> _______________________________________________
> Para remover seu email desta lista, basta enviar um email em branco para
> asteriskbrasil-unsubscribe em listas.asteriskbrasil.org
>
--
___________________________________________
André Luis Peres Ribeiro 16 92340876
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20130328/79659167/attachment.htm
Mais detalhes sobre a lista de discussão AsteriskBrasil