AF
Asterisk Forum
обсуждения телефонии, VoIP и IP-PBX
12разделов
5 423тем
34 385сообщений
← К списку тем

asterisk 11 + fail2ban

Newbies/FAQ Forum 2 сообщений -
#1
fail2ban перестал банить
jail.conf
Код:
[DEFAULT]
ignoreip =
bantime = 600
findtime = 600
maxretry = 3
backend = auto

[asterisk-iptables]

enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=root, sender=asterisk-iptables]
logpath = /var/log/asterisk/messages
maxretry = 3
findtime = 3600
bantime = 36000
destemail = support@domain.ru
ignoreip = wan/24 lan/12

./filter.d/asterisk.conf
Код:

[INCLUDES]
[Definition]
failregex = .*NOTICE.* .*: Registration from '.*' failed for '' - Wrong password
.*NOTICE.* .*: Registration from '.*' failed for '' - Peer is not supposed to register
.*NOTICE.* .*: Registration from '.*' failed for ':.*' - Wrong password
.*NOTICE.* .*: Registration from '.*' failed for '' - No matching peer found
.*NOTICE.* .*: Registration from '.*' failed for ':.*' - No matching peer found
.*NOTICE.* .*: Registration from '.*' failed for ':.*' - Username/auth name mismatch
.*NOTICE.* .*: Registration from '.*' failed for ':.*' - Device does not match ACL
.*NOTICE.* .*: Registration from '.*' failed for ':.*' - Peer is not supposed to register
.*NOTICE.* .*: Registration from '.*' failed for ':.*' - ACL error (permit/deny)
.*NOTICE.* .*: Registration from '.*' failed for ':.*' - Device does not match ACL
.*NOTICE.* .*: Registration from '\".*\".*' failed for ':.*' - No matching peer found
.*NOTICE.* .*: Registration from '\".*\".*' failed for ':.*' - Wrong password
.*NOTICE.* failed to authenticate as '.*'$
.*NOTICE.* .*: No registration for peer '.*' \(from \)
.*NOTICE.* .*: Host failed MD5 authentication for '.*' (.*)
.*NOTICE.* .*: Failed to authenticate user .*@.*
.*NOTICE.* .*[logfiles]: failed to authenticate as '.*'
.*NOTICE.* .*: tried to authenticate with nonexistent user '.*'
.*VERBOSE.*SIP/-.*Received incoming SIP connection from unknown peer
.*NOTICE.* .*: Sending fake auth rejection for device.* \[IP: :.*\]
ignoreregex =

./asterisk/logger.conf
Код:
[general]
dateformat=%F %T
[logfiles]
console => notice,warning,error
messages => notice,warning,error
messages => security
full => notice,warning,error,debug,verbose,dtmf,fax


Код:
Connected to Asterisk 11.5.0 currently running on server (pid = 1152)
[2013-12-26 08:30:18] NOTICE[1238]: chan_sip.c:27919 handle_request_register: Registration from '"0002499037" ' failed for '176.74.14.86:5060' - Wrong password
[2013-12-26 08:30:18] NOTICE[1238]: chan_sip.c:27919 handle_request_register: Registration from '"0002499038" ' failed for '176.74.14.86:5060' - Wrong password
[2013-12-26 08:33:18] NOTICE[1238]: chan_sip.c:27919 handle_request_register: Registration from '"0002499037" ' failed for '176.74.14.86:5060' - Wrong password
[2013-12-26 08:33:18] NOTICE[1238]: chan_sip.c:27919 handle_request_register: Registration from '"0002499038" ' failed for '176.74.14.86:5060' - Wrong password


/var/log/asterisk/messages
Код:
[2013-12-26 08:33:18] NOTICE[1238] chan_sip.c: Registration from '"0002499037" ' failed for '176.74.14.86:5060' - Wrong password
[2013-12-26 08:33:18] SECURITY[1165] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1388046798-520090",Severity="Error",Service="SIP",EventVersion="2",AccountID="0002499037",SessionID="0x7f0eedc82278",LocalAddress="IPV4/UDP/ip/5060",RemoteAddress="IPV4/UDP/176.74.14.86/5060",Challenge="2ffb348e",ReceivedChallenge="2ffb348e",ReceivedHash="fb80d1d181d8ba969b94c72836fbc9cc"
[2013-12-26 08:33:18] NOTICE[1238] chan_sip.c: Registration from '"0002499038" ' failed for '176.74.14.86:5060' - Wrong password
[2013-12-26 08:33:18] SECURITY[1165] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1388046798-520764",Severity="Error",Service="SIP",EventVersion="2",AccountID="0002499038",SessionID="0x7f0eec6bbd28",LocalAddress="IPV4/UDP/ip/5060",RemoteAddress="IPV4/UDP/176.74.14.86/5060",Challenge="4e13c1bb",ReceivedChallenge="4e13c1bb",ReceivedHash="8c248aada11d99a6cb34157a9c796f64"
[2013-12-26 08:34:44] SECURITY[1165] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="1388046884-703707",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:0000001400@ip",SessionID="0x7f0eec70c008",LocalAddress="IPV4/UDP/ip/5060",RemoteAddress="IPV4/UDP/176.74.14.86/5060",Challenge="27d815f2"


/var/log/fail2ban.log
Код:

2013-12-26 12:48:06,710 fail2ban.server : INFO Stopping all jails
2013-12-26 12:48:07,717 fail2ban.actions.action: ERROR iptables -D INPUT -p all -j fail2ban-ASTERISK
iptables -F fail2ban-ASTERISK
iptables -X fail2ban-ASTERISK returned 100
2013-12-26 12:48:07,914 fail2ban.jail : INFO Jail 'asterisk-iptables' stopped
2013-12-26 12:48:08,374 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100
2013-12-26 12:48:09,099 fail2ban.jail : INFO Jail 'ssh-iptables' stopped
2013-12-26 12:48:09,100 fail2ban.server : INFO Exiting Fail2ban
2013-12-26 12:48:10,376 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.7
2013-12-26 12:48:10,377 fail2ban.jail : INFO Creating new jail 'ssh-iptables'
2013-12-26 12:48:10,380 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin
2013-12-26 12:48:10,403 fail2ban.jail : INFO Initiated 'gamin' backend
2013-12-26 12:48:10,405 fail2ban.filter : INFO Set maxRetry = 3
2013-12-26 12:48:10,407 fail2ban.filter : INFO Set findtime = 600
2013-12-26 12:48:10,408 fail2ban.actions: INFO Set banTime = 600
2013-12-26 12:48:10,511 fail2ban.jail : INFO Creating new jail 'asterisk-iptables'
2013-12-26 12:48:10,512 fail2ban.jail : INFO Jail 'asterisk-iptables' uses Gamin
2013-12-26 12:48:10,512 fail2ban.jail : INFO Initiated 'gamin' backend
2013-12-26 12:48:10,513 fail2ban.filter : INFO Added logfile = /var/log/asterisk/messages
2013-12-26 12:48:10,514 fail2ban.filter : INFO Set maxRetry = 3
2013-12-26 12:48:10,519 fail2ban.filter : INFO Set findtime = 3600
2013-12-26 12:48:10,519 fail2ban.actions: INFO Set banTime = 36000
2013-12-26 12:48:10,653 fail2ban.jail : INFO Jail 'ssh-iptables' started
2013-12-26 12:48:10,665 fail2ban.jail : INFO Jail 'asterisk-iptables' started


Подскажите возможные причины
В какую сторону "рыть"?