[AsteriskBrasil] Fail2Ban não bloqueia ataque
Patrick EL Youssef
wushumasters em gmail.com
Quinta Março 28 17:38:15 BRT 2013
Se for asterisk 1.8
http://tuxmarcial.blogspot.com.br/2013/02/fail2ban-no-asterisk-18.html
Em 28-03-2013 17:23, André Luis Ribeiro escreveu:
> Boa Tarde
>
> Cara, eu uso esse script para instalar nos meus servidores. Em todos
> os meus funcionam
>
> apt-get -y install fail2ban
> echo "[asterisk-iptables]" >> /etc/fail2ban/jail.conf
> echo "enabled = true" >> /etc/fail2ban/jail.conf
> echo "filter = asterisk" >> /etc/fail2ban/jail.conf
> echo "action = iptables-allports[name=ASTERISK, protocol=all]" >>
> /etc/fail2ban/jail.conf
> echo "sendmail-whois[name=ASTERISK, dest=root,
> sender=fail2ban em example.org <mailto:fail2ban em example.org>]" >>
> /etc/fail2ban/jail.conf
> echo "logpath = /var/log/asterisk/messages" >> /etc/fail2ban/jail.conf
> sed -i 's/bantime = 600/bantime = 7600/g' /etc/fail2ban/jail.conf
> sed -i 's/maxretry = 3/maxretry = 6/g' /etc/fail2ban/jail.conf
> touch /etc/fail2ban/filter.d/asterisk.conf
> echo "" > /etc/fail2ban/filter.d/asterisk.conf
> echo "[INCLUDES]" >> /etc/fail2ban/filter.d/asterisk.conf
> echo "" >> /etc/fail2ban/filter.d/asterisk.conf
> echo "[Definition]" >> /etc/fail2ban/filter.d/asterisk.conf
> echo "failregex = ^.* .*NOTICE.* .*: Registration from '.*' failed for
> '<HOST>' - Wrong password" >> /etc/fail2ban/filter.d/asterisk.conf
> echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for
> '<HOST>' - No matching peer found" >> /etc/fail2ban/filter.d/asterisk.conf
> echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for
> '<HOST>' - Username/auth name mismatch" >>
> /etc/fail2ban/filter.d/asterisk.conf
> echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for
> '<HOST>' - Device does not match ACL" >>
> /etc/fail2ban/filter.d/asterisk.conf
> echo " ^.* .*NOTICE.* <HOST> failed to authenticate as
> '.*'\$" >> /etc/fail2ban/filter.d/asterisk.conf
> echo " ^.* .*NOTICE.* .*: No registration for peer '.*'
> \(from <HOST>\)" >> /etc/fail2ban/filter.d/asterisk.conf
> echo " ^.* .*NOTICE.* .*: Host <HOST> failed MD5
> authentication for '.*' (.*)" >> /etc/fail2ban/filter.d/asterisk.conf
> echo " ^.* .*NOTICE.* .*: Failed to authenticate user
> .*@<HOST>.*" >> /etc/fail2ban/filter.d/asterisk.conf
> echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for
> '<HOST>' - Device not configured to use this transport type" >>
> /etc/fail2ban/filter.d/asterisk.conf
> echo " ^.* .*NOTICE.* .*: .*: Registration from '.*' failed
> for '<HOST>' - Device not configured to use this transport type" >>
> /etc/fail2ban/filter.d/asterisk.conf
> echo "ignoreregex =" >> /etc/fail2ban/filter.d/asterisk.conf
> sed -i 's/dateformat=.*/dateformat=%F %T/g' /etc/asterisk/logger.conf
> sed -i '/^messages/d' /etc/asterisk/logger.conf
> echo "messages => verbose,warning,error,notice" >>
> /etc/asterisk/logger.conf
> asterisk -rx "logger reload"
>
>
>
> On Mon, Feb 4, 2013 at 11:36 AM, Silvio Garbes <silviogarbes em gmail.com
> <mailto:silviogarbes em gmail.com>> wrote:
>
> Em resposta a mensagem de "João Marcelo Queiroz" na pergunta de
> "Fail2Ban não bloqueia ataque" em "Quarta Janeiro 5 10:40:26 BRST
> 2011".
>
> Estive com o mesmo problema e descobri que da versão 1.8 do
> asterisk para a versão 1.4 deve-se alterar o arquivo
> "/etc/fail2ban/filter.d/asterisk.conf". No log do asterisk da
> versão 1.8 ou superior a porta de destino vem junto com o log.
>
> De:
> failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>' - Wrong password$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>' - No matching peer found$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>' - Username/auth name mismatch$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>' - Device does not match ACL$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>' - Peer is not supposed to register$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>' - ACL error (permit/deny)$
> NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$
> NOTICE%(__pid_re)s .*: No registration for peer '.*'
> \(from <HOST>\)$
> NOTICE%(__pid_re)s .*: Host <HOST> failed MD5
> authentication for '.*' (.*)$
> NOTICE%(__pid_re)s .*: Failed to authenticate user
> .*@<HOST>.*$
>
>
> Para:
> failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>:.*' - Wrong password$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>:.*' - No matching peer found$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>:.*' - Username/auth name mismatch$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>:.*' - Device does not match ACL$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>:.*' - Peer is not supposed to register$
> NOTICE%(__pid_re)s .*: Registration from '.*' failed
> for '<HOST>:.*' - ACL error (permit/deny)$
> NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$
> NOTICE%(__pid_re)s .*: No registration for peer '.*'
> \(from <HOST>\)$
> NOTICE%(__pid_re)s .*: Host <HOST> failed MD5
> authentication for '.*' (.*)$
> NOTICE%(__pid_re)s .*: Failed to authenticate user
> .*@<HOST>.*$
>
>
> Cordialmente,
>
> Sílvio Garbes Lara
>
>
> _______________________________________________
> EBS MODULAR: 3 slots para combinação entre E1, GSM, FXS ou FXO;
> Linha de PORTEIROS IP, abrem até 2 dispositivos com acesso IP remoto;
> Conheça esses e outros LANÇAMENTOS KHOMP em www.Khomp.com
> <http://www.Khomp.com>
> _______________________________________________
> DIGIVOICE Fabricante de Placas de Voz e Channel Bank
> 20 anos de experiência com E1(R2/ISDN), FXS, FXO e GSM
> Centro Treinamento - Curso de PABX IP - Asterisk - Site
> www.digivoice.com.br <http://www.digivoice.com.br>
> _______________________________________________
> ALIGERA -- Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
> Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
> Channel Bank -- Appliance Asterisk - Acesse www.aligera.com.br
> <http://www.aligera.com.br>.
> _______________________________________________
> Para remover seu email desta lista, basta enviar um email em
> branco para asteriskbrasil-unsubscribe em listas.asteriskbrasil.org
> <mailto:asteriskbrasil-unsubscribe em listas.asteriskbrasil.org>
>
>
>
>
> --
> ___________________________________________
> André Luis Peres Ribeiro 16 92340876
>
>
> _______________________________________________
> KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
> Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
> Intercomunicadores para acesso remoto via rede IP. Conheça em www.Khomp.com.
> _______________________________________________
> DIGIVOICE Fabricante de Placas de Voz e Channel Bank
> 20 anos de experiência com E1(R2/ISDN), FXS, FXO e GSM
> Centro Treinamento - Curso de PABX IP - Asterisk - Site www.digivoice.com.br
> _______________________________________________
> ALIGERA -- Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
> Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
> Channel Bank -- Appliance Asterisk - Acesse www.aligera.com.br.
> _______________________________________________
> Para remover seu email desta lista, basta enviar um email em branco para asteriskbrasil-unsubscribe em listas.asteriskbrasil.org
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20130328/6b742dfc/attachment.htm
Mais detalhes sobre a lista de discussão AsteriskBrasil