Настройка Fail2ban (Пример) - Зайцев Я - Флудилка
^ В верх

Зайцев.Я

Все самое интересное в разделе "Флудилка"


Войти
x
x

Кто на сайте

Флудилка

Обсуждение Joomla , Virtuemart 2 , Cisco IOS , Asterisk , PHP

  • Категории
    Категории Страница отображения списка категорий системы блогов сайта.
Добавлено : Дата: в разделе: АТС Asterisk

Настройка Fail2ban (Пример)

Создаем
http://webhamster.ru/mytetrashare/index/mtb0/1393570578sq33dpfahy
http://forums.debian.net/viewtopic.php?f=10&t=98060

# apt-get install -y iptables-persistent
Настраиваем цепочки iptables и сохраняем файл iptables.v4
Копируем /etc/iptables/iptables.v4
Копируем /etc/iptables/iptables.v6

# service iptables-persistent reload
# service iptables-persistent save
# /sbin/iptables -L -v -n

# service iptables-persistent flush (Почистить)
# service iptables-persistent force-reload (Перезапуск настроек)
# service iptables-persistent reload (Перезапуск настроек)
# service iptables-persistent save (Сохранить)
# service iptables-persistent start (Старт)
# service iptables-persistent restart (Рестарт)

Usage: /etc/init.d/iptables-persistent {start|restart|reload|force-reload|save|flush}

Установка

# apt-get install -y fail2ban jwhois
# apt-get install -y fail2ban whois
Скопировать jail.conf
# nano /etc/asterisk/logger_logfiles_custom.conf

fail2ban => security,notice,warning,error

# cd /etc/fail2ban/filter.d/
# nano asterisk.conf
##start##

# Fail2Ban configuration file
# Author: Xavier Devlamynck

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
log_prefix= \[\]\s*(?:NOTICE|SECURITY)%(__pid_re)s:?(?:\[\S+\d*\])? \S+:\d*

failregex = ^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - Wrong password$
^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - No matching peer found$
^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - Username/auth name mismatch$
^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - Device does not match ACL$
^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - Peer is not supposed to register$
^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - ACL error \(permit/deny\)$
^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - Not a local domain$
^%(log_prefix)s Call from '[^']*' \(<HOST>:\d+\) to extension '\d+' rejected because extension not found in context 'default'\.$
^%(log_prefix)s Host <HOST> failed to authenticate as '[^']*'$
^%(log_prefix)s No registration for peer '[^']*' \(from <HOST>\)$
^%(log_prefix)s Host <HOST> failed MD5 authentication for '[^']*' \([^)]+\)$
^%(log_prefix)s Failed to authenticate (user|device) [^@]+@<HOST>;\S*$
^%(log_prefix)s (?:handle_request_subscribe: )?Sending fake auth rejection for (device|user) \d*<sip:[^@]+@<HOST>;>;tag=\w+\S*$
^%(log_prefix)s SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="[\d-]+",Severity="[\w]+",Service="[\w]+",EventVersion="\d+",AccountID="\d+",SessionID="0x[\da-f]+",LocalAddress="IPV[46]/(UD|TC)P/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UD|TC)P/<HOST>/\d+"(,Challenge="\w+",ReceivedChallenge="\w+")?(,ReceivedHash="[\da-f]+")?$

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

##end##

# touch /var/log/asterisk/fail2ban
# chown -R asterisk:asterisk /var/log/asterisk/fail2ban

[general] dateformat=%F %T (проверить в шкуре freepbx)

# asterisk -rx "logger reload"

# update-rc.d fail2ban defaults
# service fail2ban restart && service iptables-persistent restart && service fail2ban restart

# iptables -L -n -v

# fail2ban-client status asterisk-iptables

# fail2ban-client get asterisk-iptables actionunban 192.168.1.101
===================================================================================================

I had the same issue. In fact, there was no iptables-persistent in /etc/init.d

So, I created the iptables-persistent file in /etc/init.d

# nano /etc/init.d/iptables-persistent

#!/bin/sh
# Written by Simon Richter <sjr@debian.org>;
# modified by Jonathan Wiltshire <jmw@debian.org>;
# with help from Christoph Anton Mitterer
#

### BEGIN INIT INFO
# Provides: iptables-persistent
# Required-Start: mountkernfs $local_fs
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Start-Before: $network
# X-Stop-After: $network
# Short-Description: Set up iptables rules
# Description: Loads/saves current iptables rules from/to /etc/iptables
# to provide a persistent rule set during boot time
### END INIT INFO

. /lib/lsb/init-functions

rc=0

load_rules()
{
log_action_begin_msg "Loading iptables rules"

#load IPv4 rules
if [ ! -f /etc/iptables/rules.v4 ]; then
log_action_cont_msg " skipping IPv4 (no rules to load)"
else
log_action_cont_msg " IPv4"
iptables-restore < /etc/iptables/rules.v4 2> /dev/null
if [ $? -ne 0 ]; then
rc=1
fi
fi

#load IPv6 rules
if [ ! -f /etc/iptables/rules.v6 ]; then
log_action_cont_msg " skipping IPv6 (no rules to load)"
else
log_action_cont_msg " IPv6"
ip6tables-restore < /etc/iptables/rules.v6 2> /dev/null
if [ $? -ne 0 ]; then
rc=1
fi
fi

log_action_end_msg $rc
}

save_rules()
{
log_action_begin_msg "Saving rules"

#save IPv4 rules
#need at least iptable_filter loaded:
/sbin/modprobe -q iptable_filter
if [ ! -f /proc/net/ip_tables_names ]; then
log_action_cont_msg " skipping IPv4 (no modules loaded)"
elif [ -x /sbin/iptables-save ]; then
log_action_cont_msg " IPv4"
iptables-save > /etc/iptables/rules.v4
if [ $? -ne 0 ]; then
rc=1
fi
fi

#save IPv6 rules
#need at least ip6table_filter loaded:
/sbin/modprobe -q ip6table_filter
if [ ! -f /proc/net/ip6_tables_names ]; then
log_action_cont_msg " skipping IPv6 (no modules loaded)"
elif [ -x /sbin/ip6tables-save ]; then
log_action_cont_msg " IPv6"
ip6tables-save > /etc/iptables/rules.v6
if [ $? -ne 0 ]; then
rc=1
fi
fi

log_action_end_msg $rc
}

flush_rules()
{
log_action_begin_msg "Flushing rules"

if [ ! -f /proc/net/ip_tables_names ]; then
log_action_cont_msg " skipping IPv4 (no module loaded)"
elif [ -x /sbin/iptables ]; then
log_action_cont_msg " IPv4"
for param in F Z X; do /sbin/iptables -$param; done
for table in $(cat /proc/net/ip_tables_names)
do
/sbin/iptables -t $table -F
/sbin/iptables -t $table -Z
/sbin/iptables -t $table -X
done
for chain in INPUT FORWARD OUTPUT
do
/sbin/iptables -P $chain ACCEPT
done
fi

if [ ! -f /proc/net/ip6_tables_names ]; then
log_action_cont_msg " skipping IPv6 (no module loaded)"
elif [ -x /sbin/ip6tables ]; then
log_action_cont_msg " IPv6"
for param in F Z X; do /sbin/ip6tables -$param; done
for table in $(cat /proc/net/ip6_tables_names)
do
/sbin/ip6tables -t $table -F
/sbin/ip6tables -t $table -Z
/sbin/ip6tables -t $table -X
done
for chain in INPUT FORWARD OUTPUT
do
/sbin/ip6tables -P $chain ACCEPT
done
fi

log_action_end_msg 0
}

case "$1" in
start|restart|reload|force-reload)
load_rules
;;
save)
save_rules
;;
stop)
# Why? because if stop is used, the firewall gets flushed for a variable
# amount of time during package upgrades, leaving the machine vulnerable
# It's also not always desirable to flush during purge
echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""
;;
flush)
flush_rules
;;
*)
echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2
exit 1
;;
esac

exit $rc
=========================================
and then gave chmod 755 permission.

# chmod 755 /etc/init.d/iptables-persistent
# update-rc.d iptables-persistent defaults
Now it works perfectly! Hope it can help someone.

Поставьте свой рейтинг этой записи блога:
0

Комментарии

  • Никаких комментариев пока не было создано. Будьте первым комментатором.

Оставить комментарий

Гость
Гость Вторник, 17 Сентябрь 2019
Яндекс.Метрика Рейтинг@Mail.ru