fail2ban sharing

ckleea

Look interesting site

http://fail2ban.aleph-com.net/fail2ban_sharing

How to install fail2ban

http://www.voip-info.org/wiki/vi ... les%29+And+Asterisk

For rpm in centos, the rpm does not work because it needs shorewall.

bubblestar

Thanks for sharing.

ckleea

我剛剛加咗fail2ban, 以為以前做咗，原來沒有裝shorewall。不過現在在source 裝，可以integrate iptables

bubblestar

我也剛剛裝了fail2ban，現正運行中，但仲未正式有工作做，因為暫時沒有不速之客；不過都唔想也唔歡迎這類客人。

但有一樣野想請教，就是在jail.conf 入面的 [DEFAULT]，我已設定好了不會BAN咗自己 127.0.0.1 及 localnet xxx.xxx.xxx.xxx/24。  
如果我是在戶外使用notebook 或 remote PC 連入黎自己的SERVER，一般都會是用Dynamic IP，咁樣好難能夠一併把notebook 等的IP address 都列入到 igoreip 的。  有沒有其他方法設定呢?  抑或是選擇不放在ignoreip 裡就咁算呢?

另外，用shorewall 是否比用 iptables 更強呢?

ckleea

shorewall 好似難用D，我自已一路用開iptabes，比較易明。
For remote access，基本上如果唔係用VPN or fixed ip，有機會係fail2ban block，不過另一個因素是否經常login 錯。理論上正常users 唔會發生。

bubblestar

明白!  即是只要我是一位已在Asterisk Server 上註冊了的user，而又不會login 錯的話，是不會連自己都 BAN 埋。 這樣我也可以放心了。  因為Asterisk 的好處在於能讓我Remote Access 使用DISA，IVR、Auto Attendant 之類的功能，如果有問題就無咁方便。當然，針無兩利，防止不速之客是fail2ban一定要幫我做的最主要工作。

唔該晒。

lttliang

可否举例写个例子出来？因为我vps中的freepbx刚装好个日就有人入侵，我都装左个fail2ban，但不懂setting

雯雯

回復 7# lttliang

http://www.osslab.com.tw/VoIP/IP ... il2ban_for_Asterisk

lttliang

回復 8# 雯雯


  这个我有睇过  但是不太明白，因为我一装好fail2ban 目录中就有/etc/fail2ban/filter.d/asterisk.conf了

1. # Fail2Ban configuration file
   
2. #
   
3. #
   
4. # $Revision: 250 $
   
5. #
   
6. 
   
7. [INCLUDES]
   
8. 
   
9. # Read common prefixes. If any customizations available -- read them from
   
10. # common.local
    
11. #before = common.conf
    
12. 
    
13. 
    
14. [Definition]
    
15. 
    
16. #_daemon = asterisk
    
17. 
    
18. # Option:  failregex
    
19. # Notes.:  regex to match the password failures messages in the logfile. The
    
20. #          host must be matched by a group named "host". The tag "<HOST>" can
    
21. #          be used for standard IP/hostname matching and is only an alias for
    
22. #          (?:::f{4,6}:)?(?P<host>\S+)
    
23. # Values:  TEXT
    
24. #
    
25. 
    
26. failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
    
27.             Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
    
28.             Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
    
29.             Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
    
30.             Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register
    
31.             NOTICE.* <HOST> failed to authenticate as '.*'$
    
32.             NOTICE.* .*: No registration for peer '.*' (from <HOST>)
    
33.             NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
    
34.             VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')
    
35. 
    
36. # Option:  ignoreregex
    
37. # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    
38. # Values:  TEXT
    
39. #
    
40. ignoreregex =

複製代碼

bubblestar

設定範例:

http://net.nthu.edu.tw/2009/security:fail2ban