Asterisk 11 chan_sip.c: Failed to authenticate device 看不到IP的问题   没有验证过

原文地址 http://www.coochey.net/?p=61

Asterisk 11 (FreePBX distribution) fail2ban configuration using the security log.

I’ve been experimenting with Asterisk again, using the FreePBX distro (2.11.0.4).

I have noticed that I get a lot of entries in the Asterisk log that look like this:

[2013-07-06 05:11:06] NOTICE[4106][C-0000001f] chan_sip.c: Failed to authenticate device 555<sip:555@aaa.bb.ccc.dd>;tag=e9a98a30

[2013-07-06 05:11:08] NOTICE[4106][C-00000020] chan_sip.c: Failed to authenticate device 555<sip:555@aaa.bb.ccc.dd>;tag=eebd8857

[2013-07-06 05:11:12] NOTICE[4106][C-00000021] chan_sip.c: Failed to authenticate device 555<sip:555@aaa.bb.ccc.dd>;tag=243f3815

[2013-07-06 07:19:42] NOTICE[4106][C-00000022] chan_sip.c: Failed to authenticate device 5555<sip:5555@aaa.bb.ccc.dd>;tag=a049427e

[2013-07-06 07:19:45] NOTICE[4106][C-00000023] chan_sip.c: Failed to authenticate device 5555<sip:5555@7aaa.bb.ccc.dd>;tag=c3c7f81b

[2013-07-06 07:19:48] NOTICE[4106][C-00000024] chan_sip.c: Failed to authenticate device 5555<sip:5555@aaa.bb.ccc.dd>;tag=6be78a0b

[2013-07-06 07:19:49] NOTICE[4106][C-00000025] chan_sip.c: Failed to authenticate device 5555<sip:5555@aaa.bb.ccc.dd>;tag=1979ada5

Where, of course, aaa.bb.ccc.dd is the address of my SIP server. Unfortunately, while FreePBX contains a fail2ban module, asterisk doesn’t provide enough information in the log file to act upon these messages.

The way I have got around this involves making some custom modifications to the Asterisk configuration.

Firstly, we need to enable Asterisk (v11) security logging feature:

Edit, /etc/asterisk/logger_logfiles_custom.conf and add the following:

fail2ban2       => security,notice,warning,error

This will create an additional log file, called /var/log/asterisk/fail2ban2

Now we need to edit the fail2ban configuration in /etc/fail2ban to process the security logged items. FreePBX configuration is in jail.local, so we will add ours to jail.conf:

[asterisk11-iptables]

 enabled  = true

 filter   = asterisk11

 action   = iptables-allports[name=SIP, protocol=all]

 sendmail-whois[name=SIP, dest=alerts@example.com, sender=pbx@example.com]

 logpath  = /var/log/asterisk/fail2ban2

Finally, we create a simple regex to get the IP address that we want to ban, and put it in the /etc/fail2/ban/filter.d/asterisk11.conf

# Fail2Ban configuration file

#

#

# $Revision: 250 $

#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from

# common.local

#before = common.conf

[Definition]

#_daemon = asterisk

# Option:  failregex

# Notes.:  regex to match the password failures messages in the logfile. The

#          host must be matched by a group named "host". The tag "<HOST>" can

#          be used for standard IP/hostname matching and is only an alias for

#          (?:::f{4,6}:)?(?P<host>\S+)

# Values:  TEXT

#

failregex = SECURITY.* SecurityEvent=\"InvalidPassword\".*RemoteAddress=\"IPV4/UDP/<HOST>/

#VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' \(language '.*'\)

# Option:  ignoreregex

# Notes.:  regex to ignore. If this regex matches, the line is ignored.

# Values:  TEXT

# ignoreregex =

That’s it, we now intercept messages like this one from the security log, and manage to ban these device attempts:

[2013-07-06 07:19:42] SECURITY[4078] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1373091582935268",Severity="Error",Service="SIP",EventVersion="2",AccountID="00972597103443",SessionID="0x7fa42c001ac8",LocalAddress="IPV4/UDP/aaa.bb.ccc.dd/5060",RemoteAddress="IPV4/UDP/37.8.1.89/5071",Challenge="61074795",ReceivedChallenge="61074795",ReceivedHash="b469462e8e7de800b54eb50ffe46de86"

CATEGORIESRAMBINGSTAGSASTERISKFAIL2BANFREEPBXLINUXLOGPBXSECURITY

Asterisk 11 chan_sip.c: Failed to authenticate device 看不到IP的问题的更多相关文章

  1. SYMBDSNAP_SDK[3943]: Failed to open device: /dev/symbdsnapctl, errno: 2

    在Linux的日志/var/log/message里面看到下面错误信息: Oct 26 09:48:42 xxxxxxx SYMBDSNAP_SDK[3943]: Failed to open dev ...

  2. nmap报错: Failed to open device ethxxx

    nmap报错:  Failed to open device ethxxx 周银辉 今天用nmap时, 报错:   Failed to open device eth4, 好郁闷. 调查了一下, 是w ...

  3. Install Asterisk 11 on Ubuntu 12.04 LTS

    http://blogs.digium.com/2012/11/14/how-to-install-asterisk-11-on-ubuntu-12-4-lts/ Last week I put up ...

  4. 无法连接ssh,fatal: daemon() failed: No such device

    今天发现一个服务器的sshd无法启动,查看/var/log/secure里发现:fatal: daemon() failed: No such device 解决办法: rm /dev/null /d ...

  5. jenkins 配置ssh remotes 报Failed to authenticate with public key

    问题:jenkins配置ssh远程连接时候报 ERROR: Failed to authenticate with public key com.jcraft.jsch.JSchException: ...

  6. Error:Connection activation failed: No suitable device found for this connection

    原文链接: https://blog.csdn.net/baiboya/article/details/80452822 ens33这个网卡一直无法激活,在网上找了半天,找到这个博主的文章,才解决,虽 ...

  7. VSphere随笔 - vCenter6.5安装报错 “Failed to authenticate with the guest operating system using the supplied“

    今天重新安装VCSA,安装多次一直卡在80%的画面不动,显示正在安装RPM包,同时log日志显示“Failed to authenticate with the guest operating sys ...

  8. tensorflow报错:Attempting to fetch value instead of handling error Internal: failed to get device attribute 13 for device 0: CUDA_ERROR_UNKNOWN:

    就是在spyder跑上一篇文章的代码然后就报错: Attempting to fetch value instead of handling error Internal: failed to get ...

  9. Error:Connection activation failed: No suitable device found for this connection 问题最新解决方案

    虽然网上有很多关于这个问题的解决方案,但是我还是决定自己再次重复写一下这个解决的方案,重在更新知识和了解VMware workstation 15新功能. 在使用VMware workstation克 ...

随机推荐

  1. [蓝桥杯]PREV-44.历届试题_青蛙跳杯子

    问题描述 X星球的流行宠物是青蛙,一般有两种颜色:白色和黑色. X星球的居民喜欢把它们放在一排茶杯里,这样可以观察它们跳来跳去. 如下图,有一排杯子,左边的一个是空着的,右边的杯子,每个里边有一只青蛙 ...

  2. 数论卷积公式and莫比乌斯反演

    数论卷积: 对于两个数论函数f(x),g(x) f(n)g(n)=∑ f(d)g(n/d) d|n 莫比乌斯函数: 设一个数n=(p1^k1)*(p2^k2)*(p3^k3)*..........*( ...

  3. docker上部署nginx容器80端口自动转443端口

    拉去nginx镜像 # docker pull nginx 运行nginx容器config用于拷贝nginx配置文件 # docker run --name nginxconfig -d docker ...

  4. WPF 选项卡

    1.引用 xmlns:xcad="http://schemas.xceed.com/wpf/xaml/avalondock" 2.xaml代码 <xcad:DockingMa ...

  5. UE4:四种加载资源的方式

    转自:https://blog.csdn.net/zhangxsv123/article/details/79707686 第一种: 如果该蓝图有C++类(或者说是从C++类创建的蓝图),直接进行加载 ...

  6. 转 java的JsonObject对象提取值

    import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson ...

  7. Object.defineProperty(o,p,descriptor ) 理解应用

    1. Object.defineProperty  在一个对象上定义一个新属性,或修改一个已经存在的属性, 最终返回这个对象. var __define = this.__define || func ...

  8. Python文件操作---合并文本文件内容

    目前一个用的比较多的功能:将多个小文件的内容合并在一个统一的文件中,对原始文件重命名标记其已被处理过.之前使用其他脚本写的,尝试用python写了一下,顺便熟悉一下python的文件处理命令. 原始文 ...

  9. xadmin设置

    1.xadmin配置 INSTALLED_APPS = ( ... 'xadmin' , 'crispy_forms' , 'reversion' , ... ) 2.注册类 import xadmi ...

  10. 作业注释 CSS表单1 输入框前有图片

    <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8" ...