• Asterisk 11 chan_sip.c: Failed to authenticate device 看不到IP的问题


    Asterisk 11 chan_sip.c: Failed to authenticate device 看不到IP的问题   没有验证过

    原文地址 http://www.coochey.net/?p=61

    Asterisk 11 (FreePBX distribution) fail2ban configuration using the security log.

    I’ve been experimenting with Asterisk again, using the FreePBX distro (2.11.0.4).

    I have noticed that I get a lot of entries in the Asterisk log that look like this:

    [2013-07-06 05:11:06] NOTICE[4106][C-0000001f] chan_sip.c: Failed to authenticate device 555<sip:555@aaa.bb.ccc.dd>;tag=e9a98a30
    [2013-07-06 05:11:08] NOTICE[4106][C-00000020] chan_sip.c: Failed to authenticate device 555<sip:555@aaa.bb.ccc.dd>;tag=eebd8857
    [2013-07-06 05:11:12] NOTICE[4106][C-00000021] chan_sip.c: Failed to authenticate device 555<sip:555@aaa.bb.ccc.dd>;tag=243f3815
    [2013-07-06 07:19:42] NOTICE[4106][C-00000022] chan_sip.c: Failed to authenticate device 5555<sip:5555@aaa.bb.ccc.dd>;tag=a049427e
    [2013-07-06 07:19:45] NOTICE[4106][C-00000023] chan_sip.c: Failed to authenticate device 5555<sip:5555@7aaa.bb.ccc.dd>;tag=c3c7f81b
    [2013-07-06 07:19:48] NOTICE[4106][C-00000024] chan_sip.c: Failed to authenticate device 5555<sip:5555@aaa.bb.ccc.dd>;tag=6be78a0b
    [2013-07-06 07:19:49] NOTICE[4106][C-00000025] chan_sip.c: Failed to authenticate device 5555<sip:5555@aaa.bb.ccc.dd>;tag=1979ada5

    Where, of course, aaa.bb.ccc.dd is the address of my SIP server. Unfortunately, while FreePBX contains a fail2ban module, asterisk doesn’t provide enough information in the log file to act upon these messages.

    The way I have got around this involves making some custom modifications to the Asterisk configuration.

    Firstly, we need to enable Asterisk (v11) security logging feature:

    Edit, /etc/asterisk/logger_logfiles_custom.conf and add the following:

    fail2ban2       => security,notice,warning,error

    This will create an additional log file, called /var/log/asterisk/fail2ban2

    Now we need to edit the fail2ban configuration in /etc/fail2ban to process the security logged items. FreePBX configuration is in jail.local, so we will add ours to jail.conf:

    [asterisk11-iptables]
     enabled  = true
     filter   = asterisk11
     action   = iptables-allports[name=SIP, protocol=all]
     sendmail-whois[name=SIP, dest=alerts@example.com, sender=pbx@example.com]
     logpath  = /var/log/asterisk/fail2ban2
    

    Finally, we create a simple regex to get the IP address that we want to ban, and put it in the /etc/fail2/ban/filter.d/asterisk11.conf

    # Fail2Ban configuration file 
    # 
    # 
    # $Revision: 250 $ 
    #
    [INCLUDES]
    # Read common prefixes. If any customizations available -- read them from 
    # common.local 
    #before = common.conf
    [Definition]
    #_daemon = asterisk
    # Option:  failregex 
    # Notes.:  regex to match the password failures messages in the logfile. The 
    #          host must be matched by a group named "host". The tag "<HOST>" can 
    #          be used for standard IP/hostname matching and is only an alias for 
    #          (?:::f{4,6}:)?(?P<host>S+) 
    # Values:  TEXT 
    # 
    failregex = SECURITY.* SecurityEvent="InvalidPassword".*RemoteAddress="IPV4/UDP/<HOST>/
    #VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')
    # Option:  ignoreregex 
    # Notes.:  regex to ignore. If this regex matches, the line is ignored. 
    # Values:  TEXT 
    # ignoreregex =

    That’s it, we now intercept messages like this one from the security log, and manage to ban these device attempts:

    [2013-07-06 07:19:42] SECURITY[4078] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1373091582935268",Severity="Error",Service="SIP",EventVersion="2",AccountID="00972597103443",SessionID="0x7fa42c001ac8",LocalAddress="IPV4/UDP/aaa.bb.ccc.dd/5060",RemoteAddress="IPV4/UDP/37.8.1.89/5071",Challenge="61074795",ReceivedChallenge="61074795",ReceivedHash="b469462e8e7de800b54eb50ffe46de86"

    CATEGORIESRAMBINGSTAGS, , , , , , 

  • 相关阅读:
    [图论分块] HDU 4858 项目管理
    pytorch 自定义权重变量初始化
    Linux系统下命令静默安装weblogic12c
    第六章 类文件结构(2)
    第六章 类文件结构(1)
    第三章 垃圾收集器与内存分配策略
    第二章(3)实战: OutOfMemoryError异常
    第二章(2)HotSpot虚拟机对象探秘
    第二章(1) Java内存区域与内存溢出异常
    第一章 走进java
  • 原文地址:https://www.cnblogs.com/xishi/p/7114595.html
Copyright © 2020-2023  润新知