Итак начнем:
Установка:
Код: Выделить всё
yum install fail2ban
yum install python iptables
Создадим новый фильтр.
Код: Выделить всё
touch /etc/fail2ban/filter.d/asterisk.conf
Код: Выделить всё
# Fail2Ban configuration file
#
#
# $Revision: 250 $
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Peer is not supposed to register
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Следующим шагом мы редактируем файл /etc/fail2ban/jail.conf. В самый низ данного файла помещаем новый блок:
Код: Выделить всё
[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban@example.org]
logpath = /var/log/asterisk/full
maxretry = 5
bantime = 259200
fail2ban@example.org - email куда будут отправляться репорты о банах
logpath = /var/log/asterisk/full - лог, который анализируется (смотрите куда пишется у вас лог)
maxretry = 5 - число неправильных попыток авторизации
bantime = 259200 - время бана в секундах
теперь включим полное логирование нашего asterisk:
Правим файл /etc/asterisk/logger.conf.
Должно получиться примерно такое:
Код: Выделить всё
[general]
dateformat=%F %T;
; Logging Configuration
;
; In this file, you configure logging to files or to
; the syslog system.
;
; For each file, specify what to log.
;
; For console logging, you set options at start of
; Asterisk with -v for verbose and -d for debug
; See 'asterisk -h' for more information.
;
; Directory for log files is configures in asterisk.conf
; option astlogdir
;
[logfiles]
;
; Format is "filename" and then "levels" of debugging to be included:
; debug
; notice
; warning
; error
; verbose
;
; Special filename "console" represents the system console
;
;debug => debug
; The DTMF log is very handy if you have issues with IVR's
;dtmf => dtmf
;console => notice,warning,error
;console => notice,warning,error,debug
messages => notice,warning,error
full => notice,warning,error,debug,verbose
;syslog keyword : This special keyword logs to syslog facility
;
;syslog.local0 => notice,warning,error
;
Код: Выделить всё
service fail2ban restrat
Код: Выделить всё
service iptables restart