Soporte & Consultoria

Soporte Remoto y Consultoria skype : ambiorixg12.
Nota no se brinda ningun tipo de consulta o soporte fuera del blog de forma gratuita

viernes, 31 de octubre de 2014

Instalando y configurando Asterisk 11 / Fail2ban en Ubuntu Server/Centos

 Ubuntu
sudo apt-get update
sudo apt-get install fail2ban
 
Centos 
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
 
yum install fail2ban 
En Asterisk
 
editamos el archivo logger.conf
 
nano /etc/asterisk/logger.conf
 
 
fail2ban2=> security,notice,warning,error
 
Recargamos la configuracion de Asterisk
 
asterisk-dominicana*CLI> reload
 
Esto creara un archivo llamado /var/log/asterisk/fail2ban2
 
   
 Si es Freepbx Editamos  el archivo ,  /etc/asterisk/logger_logfiles_custom.conf y agregamos la siguiente linea.

fail2ban2 => security,notice,warning,error

Recargamos la configuracion de Asterisk

asterisk-dominicana*CLI> reload

Esto creara un archivo llamado /var/log/asterisk/fail2ban2
 
Editamos el archivo jail.conf
NOTA HABILITAR LA POLITICA CAMBIANDOLA DE enabled  = false  a enabled  = true 
el ejemplo mas abajo 
 
nano /etc/fail2ban/jail.conf
agregamos la siguiente linea 
[asterisk-udp]

enabled  = true
filter   = asterisk
port     = 5060,5061
protocol = udp
#logpath  = /var/log/asterisk/messages
logpath  = /var/log/asterisk/fail2ban2 
 
 
FINALMENTE REINICIAMOS  EL SERVICIO 
service fail2ban restart
 
 
 
Esta es una copia de la configuracion de mi archivo de configuracion de fail2ban 
y Asterisk
 
localizando en /etc/fail2ban/filter.d/asterisk.conf

# Fail2Ban configuration file
#
# Author: Xavier Devlamynck
#
#


[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#
failregex = NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - Wrong password$
            NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - No matching peer found$
            NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - Username/auth name mismatch$
            NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - Device does not match ACL$
            NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - Peer is not supposed to register$
            NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - ACL error \(permit/deny\)$
            NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - Not a local domain$
            NOTICE%(__pid_re)s\[[^:]+\] [^:]+: Call from '[^']*' \(<HOST>:[0-9]+\) to extension '[0-9]+' rejected because extension not found in context 'de$
            NOTICE%(__pid_re)s [^:]+: Host <HOST> failed to authenticate as '[^']*'$
            NOTICE%(__pid_re)s [^:]+: No registration for peer '[^']*' \(from <HOST>\)$
            NOTICE%(__pid_re)s [^:]+: Host <HOST> failed MD5 authentication for '[^']*' \([^)]+\)$
            NOTICE%(__pid_re)s [^:]+: Failed to authenticate user [^@]+@<HOST>\S*$
            SECURITY%(__pid_re)s [^:]+: SecurityEvent="InvalidAccountID",EventTV="[0-9-]+",Severity="[a-zA-Z]+",Service="[a-zA-Z]+",EventVersion="[0-9]+",Ac$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

########################################################### 
 
 
 
Verificamos nuestro IPTABLES
 
root@asterisk-dominicana:/etc/fail2ban/filter.d# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-asterisk-udp  udp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 5060,5061,7654
fail2ban-asterisk-tcp  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 5060,5061
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-asterisk-tcp (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-asterisk-udp (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
 
Link de ayuda
 
Si queremos desbloquear una IP  Baneada el proceso es el siguiente 

Verifcamos la IP bloqueada  iptables -L -n

Buscamos el JAIL

nano /etc/fail2ban/jail.conf    

NOTA TAMBIEN  la configuracion  puede estar en tambien en  /etc/fail2ban/jail.local


En mi caso el Jail es asterisk-udp

Corremos el comando fail2ban-client set asterisk-udp unbanip 190.166.130.113
 Listo


Nota:
La sistanxis general del comando es la siguiente
fail2ban-client set JAIL unbanip IP-ADDRESS
 
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-fail2ban-on-ubuntu-14-04 
 
http://www.coochey.net/?p=61 
 
http://www.tutorials.makkugasho.com/2014/02/21/asterisk-11-5-fail2ban/ 

No hay comentarios:

Publicar un comentario