FreeSWITCH fail2ban CentOS

Требования

Включить «log-auth-failures» для каждого sip профиля, который должен наблюдаться.

 <param name="log-auth-failures" value="true"/>

CentOS 6

Установите fail2ban.

 yum install fail2ban

Настройка конфигурационных файлов

Фильтр freeswitch.conf будет установлен по умолчанию вместе fail2ban

/etc/fail2ban/filter.d/freeswitch.conf
# Fail2Ban configuration file
#
# Enable "log-auth-failures" on each Sofia profile to monitor
# <param name="log-auth-failures" value="true"/>
# -- this requires a high enough loglevel on your logs to save these messages.
#
# In the fail2ban jail.local file for this filter set ignoreip to the internal
# IP addresses on your LAN.
#

[Definition]

failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>$
            ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\] from <HOST>$

ignoreregex =

# Author: Rupa SChomaker, soapee01, Daniel Black
# http://wiki.freeswitch.org/wiki/Fail2ban
# Thanks to Jim on mailing list of samples and guidance
#
# No need to match the following. Its a duplicate of the SIP auth regex.
#  ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$

Создайте файл 'jail.local'. задайте путь к файлу лога (в centos обычно '/usr/local/freeswitch/log/freeswitch.log') Задайте порты, время бана и кол-во неправильных попыток.

/etc/fail2ban/jail.local
[freeswitch]
enabled  = true
port     = 5060,5061,5080,5081
filter   = freeswitch
logpath  = /usr/local/freeswitch/log/freeswitch.log
maxretry = 6
action   = iptables-allports[name=freeswitch, protocol=all]
           sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@localhost]
bantime = 259200
/etc/fail2ban/jail.conf

параметры по умолчанию настраиваются в файле 'jail.conf':

[DEFAULT]

# "ignoreip" Укажите IP адрес CIDR маску или доменные имена, которые не надо банить.
#  через пробел
ignoreip = 127.0.0.1/8 192.168.244.0/24 88.255.5.222

# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =

# "bantime" Промежуток времени по умолчанию в секундах на которое банится провинившийся хост.
bantime  = 600

# Хост банится за количество попыток- "maxretry" в течении времени - "findtime"
# в секундах.
findtime  = 4200

# "maxretry" Количество неудачных запросов за которое банится хост.
maxretry = 3

Применим настройки:

 /etc/init.d/fail2ban restart

Вкл. автозагрузку:

 chkconfig fail2ban on
fail2ban-client status freeswitch

Через некоторое время посмотрим улов.

[root@freeswitch ~]# fail2ban-client status freeswitch
Status for the jail: freeswitch
|- filter
|  |- File list:        /usr/local/freeswitch/log/freeswitch.log
|  |- Currently failed: 2
|  `- Total failed:     111
`- action
   |- Currently banned: 6
   |  `- IP list:       199.168.140.186 23.95.82.42 23.95.11.250 142.0.41.115 37.8.53.14 37.8.21.58
   `- Total banned:     6
[root@freeswitch ~]# fail2ban-client status freeswitch
Status for the jail: freeswitch
|- filter
|  |- File list:        /usr/local/freeswitch/log/freeswitch.log
|  |- Currently failed: 2
|  `- Total failed:     126
`- action
   |- Currently banned: 8
   |  `- IP list:       199.168.140.186 23.95.82.42 23.95.11.250 142.0.41.115 37.8.53.14 37.8.21.58 37.8.29.135 82.205.18.98
   `- Total banned:     8
root@freeswitch ~]# fail2ban-client status freeswitch
Status for the jail: freeswitch
|- filter
|  |- File list:        /usr/local/freeswitch/log/freeswitch.log
|  |- Currently failed: 3
|  `- Total failed:     5428
`- action
   |- Currently banned: 16
   |  `- IP list:       82.205.5.242 134.213.134.160 188.161.245.242 5.11.43.108 37.8.89.110 192.187.100.90 \\
                        198.204.237.162 176.31.240.50 37.8.38.70 167.114.0.114 192.198.92.30 82.205.19.163  \\
                        37.220.28.170 88.150.246.122 192.111.147.226 66.135.55.34
   `- Total banned:     297
[root@freeswitch ~]#

Asterisk + IPTables

Asterisk + Fail2Ban

freeswitch

Только авторизованные участники могут оставлять комментарии.
  • freeswitch/fail2ban.txt
  • Последние изменения: 2014/12/24