한국어

소프트스위치

온누리070 플레이스토어 다운로드
    acrobits softphone
     온누리 070 카카오 프러스 친구추가온누리 070 카카오 프러스 친구추가친추
     카카오톡 채팅 상담 카카오톡 채팅 상담카톡
    
     라인상담
     라인으로 공유

     페북공유

   ◎위챗 : speedseoul


  
     PAYPAL
     
     PRICE
     

pixel.gif

    before pay call 0088 from app


https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban


About

Fail2Ban is an intrusion prevention system that works by scanning log files and then taking action based on the entries in those logs.

You can configure Fail2Ban in a way that will update iptables firewall rules when an authentication failure threshold is reached, which helps in preventing SIP brute force attacks against FS instances.

Fail2Ban scans your freeswitch log file and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

Fail2Ban is available at fail2ban.org or on their github page: https://github.com/fail2ban/fail2ban

Requirements

Fail2Ban needs a log of Authentication Attempts/Failures in order to ban IPs. There are two ways to do that:

OR

  • Enable "log-auth-failures" on each Sofia profile to monitor

  • to have these messages printed in log file requires a high enough loglevel on your logs : must be loglevel 4 (WARNING) or superior.

    <param name="log-auth-failures" value="true"/>

Install

Debian
apt-get install fail2ban

 

 

Suse
zypper sa http://download.opensuse.org/repositories/security/SLE_11 openSUSE-security
zypper refresh
zypper up
zypper install fail2ban

 

 

FreeBSD
pkg install py27-fail2ban
... and all the files referenced later are in /usr/local/etc/ rather than /etc/
 

CentOS

For CentOS the easiest way to do this is to install fail2ban from the EPEL repository. See http://fedoraproject.org/wiki/EPEL/FAQ.

The EPEL repository is non-arch specific, the links to i386 are identical to x86_64.

 

Configure

Edit Config Files

The maintainers of Fail2Ban have taken an interest in supporting FreeSWITCH. They have asked that we use the configuration at https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/freeswitch.conf rather than specify a configuration here. If anyone wishes to submit other regular expressions that should be include, please provide samples to https://github.com/fail2ban/fail2ban/issues.

The jail.conf file may get overwritten when upgrading Fail2Ban. Create a /etc/fail2ban/jail.local file with the following data in it, setting the correct path to *your* freeswitch.log file, and adjust the email addresses if needed for your setup:

 

[freeswitch]
enabled  = true
port     = 5060,5061,5080,5081
filter   = freeswitch
logpath  = /var/log/freeswitch/freeswitch.log
maxretry = 10
action   = iptables-allports[name=freeswitch, protocol=all]
           sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org]

 

(mine are /usr/local/freeswitch/log/freeswitch.log)

Since the warnings in the log are also sometimes present for valid IP address, like your local LAN, you will want to add the following to the jail.local file:

 

[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1/8 192.168.2.0/24 192.168.1.0/24
bantime  = 600
maxretry = 3

Add any additional addresses that may access your system.

Restart fail2ban (/etc/init.d/fail2ban restart or service fail2ban restart) and ensure that fail2ban loads the filter. The following should be in your /var/log/fail2ban.log:

2010-02-05 10:04:23,560 fail2ban.jail   : INFO   Creating new jail 'freeswitch-udp'
2010-02-05 10:04:23,560 fail2ban.jail   : INFO   Jail 'freeswitch-udp' uses poller
2010-02-05 10:04:23,561 fail2ban.filter : INFO   Added logfile = /var/log/freeswitch/freeswitch.log
2010-02-05 10:04:23,562 fail2ban.filter : INFO   Set maxRetry = 3
2010-02-05 10:04:23,562 fail2ban.filter : INFO   Set findtime = 600
2010-02-05 10:04:23,563 fail2ban.actions: INFO   Set banTime = 600
2010-02-05 10:04:23,677 fail2ban.jail   : INFO   Creating new jail 'freeswitch-tcp'
2010-02-05 10:04:23,677 fail2ban.jail   : INFO   Jail 'freeswitch-tcp' uses poller
2010-02-05 10:04:23,678 fail2ban.filter : INFO   Added logfile = /var/log/freeswitch/freeswitch.log
2010-02-05 10:04:23,679 fail2ban.filter : INFO   Set maxRetry = 3
2010-02-05 10:04:23,680 fail2ban.filter : INFO   Set findtime = 600
2010-02-05 10:04:23,680 fail2ban.actions: INFO   Set banTime = 600
2010-02-05 10:04:23,723 fail2ban.jail   : INFO   Jail 'freeswitch-tcp' started
2010-02-05 10:04:23,723 fail2ban.jail   : INFO   Jail 'freeswitch-udp' started

Verify that the iptables rules were created:

# iptables -L f2b-freeswitch
Chain f2b-freeswitch (1 references)
target     prot opt source               destination        
RETURN     all  --  anywhere             anywhere
 

Test the actual failure mode

Setup your favorite client with an invalid userid or invalid password. Try to login as many times as you have set your failure threshold in Fail2Ban. Watch Fail2Ban log:

tail -f /var/log/fail2ban.log
2010-02-05 10:13:12,070 fail2ban.actions: WARNING [freeswitch-udp] Ban 192.168.1.10
2010-02-05 10:13:12,098 fail2ban.actions: WARNING [freeswitch-tcp] Ban 192.168.1.10

Verify your client can no longer do a register (should just time out). Also verify iptables:

# iptables -n -L f2b-freeswitch
Chain fail2ban-freeswitch-tcp (1 references)
target     prot opt source               destination
DROP       all  --  192.168.1.10         0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
# iptables -n -L f2b-freeswitch
Chain fail2ban-freeswitch-udp (1 references)
target     prot opt source               destination
DROP       all  --  192.168.1.10         0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

 

You can then wait for Fail2Ban to clear the the block, or do it yourself:

# iptables -D f2b-freeswitch 1
# iptables -L f2b-freeswitch
RETURN     all  --  anywhere             anywhere
 
# iptables -D f2b-freeswitch 1
# iptables -L f2b-freeswitch
Chain fail2ban-freeswitch-udp (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

 

 

You might also take a look at this oreilly script

Errors

If you're seeing something like this in your Fail2Ban logfile:

2011-02-27 14:11:42,326 fail2ban.actions.action: ERROR  iptables -N fail2ban-freeswitch-tcp

add the time.sleep(0.1) to /usr/bin/fail2ban-client

def __processCmd(self, cmd, showRet = True):
	beautifier = Beautifier()
	for c in cmd:
		time.sleep(0.1)
		beautifier.setInputCmd(c)

or

sed -i -e s,beautifier\.setInputCmd\(c\),'time.sleep\(0\.1\)\n\t\t\tbeautifier.setInputCmd\(c\)', /usr/bin/fail2ban-client

Source: fail2ban wik

 

조회 수 :
66165
등록일 :
2017.09.12
21:02:36 (*.160.88.18)
엮인글 :
http://webs.co.kr/index.php?document_srl=3311875&act=trackback&key=b6f
게시글 주소 :
http://webs.co.kr/index.php?document_srl=3311875
List of Articles
번호 제목 글쓴이 조회 수 추천 수 날짜
142 OpenSIPS Module Interface admin 48450   2017-12-07
 
141 opensips configuration config explain easy basic 오픈쉽스 컨피그레이션 기본 설명 file admin 28317   2017-12-07
 
140 openssl 을 이용한 인증서 생성 절차를 정리한다. 개인키 CSR SSL 인증서 파일 생성 admin 28700   2017-09-14
 
139 Documentation -> Tutorials -> TLS opensips.cfg admin 29446   2017-09-14
 
138 Using TLS in OpenSIPS v2.2.x admin 49938   2017-09-14
 
137 opensips tls cfg admin 34406   2017-09-14
 
136 How to setup a Jabber / XMPP server on Debian 8 (jessie) using ejabberd admin 130886   2017-09-13
 
135 SIP to XMPP Gateway + SIP Presence Server opensips admin 56738   2017-09-13
 
134 OpenSIPS command line tricks admin 49855   2017-09-13
 
» Fail2Ban Freeswitch How to secure admin 66165   2017-09-12
https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban AboutFail2Ban is an intrusion prevention system that works by scanning log files and then taking action based on the entries in those logs. Y...  
132 opensips.cfg. sample admin 28191   2017-09-12
 
131 Advanced SIP scenarios with Event-based-Routing admin 37544   2017-09-11
 
130 PUSH SERVER 푸시서버 안드로이드 애플 admin 218136   2017-09-11
 
129 오픈소스 (사내)메신저 서버 구축, 오픈 파이어(openfire) 설치방법과 세팅(리눅스 기준) admin 79791   2017-09-09
 
128 rtpengine config basic and opensips configuration and command admin 58883   2017-09-06
 
127 WebSocket Transport using OpenSIPS configuration 웹 소켓 컨피그레이션 기본 admin 25144   2017-09-06
 
126 OpenSIPS basic configuration script 기본 컨피그 admin 111933   2017-09-05
 
125 rtpengine install and config admin 62794   2017-09-05
 
124 Installing RTPEngine on Ubuntu 14.04 admin 35939   2017-09-05
 
123 compile only the textops module make modules=modules/textops modules admin 23672   2017-09-05
 
122 opensips command /sbin/opensipsctl detail admin 131764   2017-09-04
 
121 2017 08 31 opensips 2.32 install debian8.8 module install compile err modules admin 47159   2017-09-04
 
120 Build-Depends debian 8.8 opensips 2.3 admin 69136   2017-09-04
 
119 What is new in 2.3.0 opensips admin 254641   2017-09-04
 
118 ubuntu 安装配置opensips,rtpproxy,mediaproxy admin 27692   2017-09-04
 
117 How to install Mediaproxy 2.5.2 on CentOS 6 64 bit admin 150368   2017-09-04
 
116 Using TLS in OpenSIPS v2.2.x configuration admin 51177   2017-09-04
 
115 How to 2.3 download , OpenSIPS new apt repository. DEBs for Debian / Ubuntu admin 23298   2017-09-02
 
114 You can install CDRTool in the following ways: admin 24517   2017-09-01
 
113 How to Install OpenSIPS 2.1.2 Server on Ubuntu 15.04 admin 30295   2017-09-01