<div dir="ltr">Boa Tarde<div><br></div><div>Cara, eu uso esse script para instalar nos meus servidores. Em todos os meus funcionam</div><div><br></div><div><div>apt-get -y install fail2ban</div><div>echo "[asterisk-iptables]" >> /etc/fail2ban/jail.conf</div>
<div>echo "enabled = true" >> /etc/fail2ban/jail.conf</div><div>echo "filter = asterisk" >> /etc/fail2ban/jail.conf</div><div>echo "action = iptables-allports[name=ASTERISK, protocol=all]" >> /etc/fail2ban/jail.conf</div>
<div>echo "sendmail-whois[name=ASTERISK, dest=root, sender=<a href="mailto:fail2ban@example.org">fail2ban@example.org</a>]" >> /etc/fail2ban/jail.conf</div><div>echo "logpath = /var/log/asterisk/messages" >> /etc/fail2ban/jail.conf</div>
<div>sed -i 's/bantime = 600/bantime = 7600/g' /etc/fail2ban/jail.conf</div><div>sed -i 's/maxretry = 3/maxretry = 6/g' /etc/fail2ban/jail.conf</div><div>touch /etc/fail2ban/filter.d/asterisk.conf</div><div>
echo "" > /etc/fail2ban/filter.d/asterisk.conf</div><div>echo "[INCLUDES]" >> /etc/fail2ban/filter.d/asterisk.conf</div><div>echo "" >> /etc/fail2ban/filter.d/asterisk.conf</div>
<div>echo "[Definition]" >> /etc/fail2ban/filter.d/asterisk.conf</div><div>echo "failregex = ^.* .*NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password" >> /etc/fail2ban/filter.d/asterisk.conf</div>
<div>echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found" >> /etc/fail2ban/filter.d/asterisk.conf</div><div>echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch" >> /etc/fail2ban/filter.d/asterisk.conf</div>
<div>echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL" >> /etc/fail2ban/filter.d/asterisk.conf</div><div>echo " ^.* .*NOTICE.* <HOST> failed to authenticate as '.*'\$" >> /etc/fail2ban/filter.d/asterisk.conf</div>
<div>echo " ^.* .*NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)" >> /etc/fail2ban/filter.d/asterisk.conf</div><div>echo " ^.* .*NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)" >> /etc/fail2ban/filter.d/asterisk.conf</div>
<div>echo " ^.* .*NOTICE.* .*: Failed to authenticate user .*@<HOST>.*" >> /etc/fail2ban/filter.d/asterisk.conf</div><div>echo " ^.* .*NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device not configured to use this transport type" >> /etc/fail2ban/filter.d/asterisk.conf</div>
<div>echo " ^.* .*NOTICE.* .*: .*: Registration from '.*' failed for '<HOST>' - Device not configured to use this transport type" >> /etc/fail2ban/filter.d/asterisk.conf</div>
<div>echo "ignoreregex =" >> /etc/fail2ban/filter.d/asterisk.conf</div><div>sed -i 's/dateformat=.*/dateformat=%F %T/g' /etc/asterisk/logger.conf</div><div>sed -i '/^messages/d' /etc/asterisk/logger.conf</div>
<div>echo "messages => verbose,warning,error,notice" >> /etc/asterisk/logger.conf</div><div>asterisk -rx "logger reload"</div><div><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Mon, Feb 4, 2013 at 11:36 AM, Silvio Garbes <span dir="ltr"><<a href="mailto:silviogarbes@gmail.com" target="_blank">silviogarbes@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Em resposta a mensagem de "João Marcelo Queiroz" na pergunta de "Fail2Ban não bloqueia ataque" em "Quarta Janeiro 5 10:40:26 BRST 2011".<div><br></div><div>Estive com o mesmo problema e descobri que da versão 1.8 do asterisk para a versão 1.4 deve-se alterar o arquivo "/etc/fail2ban/filter.d/asterisk.conf". No log do asterisk da versão 1.8 ou superior a porta de destino vem junto com o log.</div>
<div><br></div><div>De:</div><div><div>failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Wrong password$</div><div> NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - No matching peer found$</div>
<div> NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch$</div><div> NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL$</div>
<div> NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Peer is not supposed to register$</div><div> NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - ACL error (permit/deny)$</div>
<div> NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$</div><div> NOTICE%(__pid_re)s .*: No registration for peer '.*' \(from <HOST>\)$</div><div> NOTICE%(__pid_re)s .*: Host <HOST> failed MD5 authentication for '.*' (.*)$</div>
<div> NOTICE%(__pid_re)s .*: Failed to authenticate user .*@<HOST>.*$</div></div><div><br></div><div><br></div><div>Para:</div><div><div>failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>:.*' - Wrong password$</div>
<div> NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>:.*' - No matching peer found$</div><div> NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>:.*' - Username/auth name mismatch$</div>
<div> NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>:.*' - Device does not match ACL$</div><div> NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>:.*' - Peer is not supposed to register$</div>
<div> NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>:.*' - ACL error (permit/deny)$</div><div> NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$</div>
<div> NOTICE%(__pid_re)s .*: No registration for peer '.*' \(from <HOST>\)$</div><div> NOTICE%(__pid_re)s .*: Host <HOST> failed MD5 authentication for '.*' (.*)$</div><div>
NOTICE%(__pid_re)s .*: Failed to authenticate user .*@<HOST>.*$</div></div><div><br></div><div><br clear="all"><div>Cordialmente,<br><br>Sílvio Garbes Lara<br><br></div>
</div>
<br>_______________________________________________<br>
EBS MODULAR: 3 slots para combinação entre E1, GSM, FXS ou FXO;<br>
Linha de PORTEIROS IP, abrem até 2 dispositivos com acesso IP remoto;<br>
Conheça esses e outros LANÇAMENTOS KHOMP em <a href="http://www.Khomp.com" target="_blank">www.Khomp.com</a> <br>
_______________________________________________<br>
DIGIVOICE Fabricante de Placas de Voz e Channel Bank<br>
20 anos de experiência com E1(R2/ISDN), FXS, FXO e GSM<br>
Centro Treinamento - Curso de PABX IP - Asterisk - Site <a href="http://www.digivoice.com.br" target="_blank">www.digivoice.com.br</a><br>
_______________________________________________<br>
ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.<br>
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.<br>
Channel Bank – Appliance Asterisk - Acesse <a href="http://www.aligera.com.br" target="_blank">www.aligera.com.br</a>.<br>
_______________________________________________<br>
Para remover seu email desta lista, basta enviar um email em branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br></blockquote></div>
<br><br clear="all"><div><br></div>-- <br>___________________________________________<br>André Luis Peres Ribeiro 16 92340876
</div></div></div>