Asterisk 11 chan_sip.c: Failed to authenticate device 看不到IP的问题   没有验证过

原文地址 http://www.coochey.net/?p=61

Asterisk 11 (FreePBX distribution) fail2ban configuration using the security log.

I’ve been experimenting with Asterisk again, using the FreePBX distro (2.11.0.4).

I have noticed that I get a lot of entries in the Asterisk log that look like this:

[2013-07-06 05:11:06] NOTICE[4106][C-0000001f] chan_sip.c: Failed to authenticate device 555<sip:555@aaa.bb.ccc.dd>;tag=e9a98a30

[2013-07-06 05:11:08] NOTICE[4106][C-00000020] chan_sip.c: Failed to authenticate device 555<sip:555@aaa.bb.ccc.dd>;tag=eebd8857

[2013-07-06 05:11:12] NOTICE[4106][C-00000021] chan_sip.c: Failed to authenticate device 555<sip:555@aaa.bb.ccc.dd>;tag=243f3815

[2013-07-06 07:19:42] NOTICE[4106][C-00000022] chan_sip.c: Failed to authenticate device 5555<sip:5555@aaa.bb.ccc.dd>;tag=a049427e

[2013-07-06 07:19:45] NOTICE[4106][C-00000023] chan_sip.c: Failed to authenticate device 5555<sip:5555@7aaa.bb.ccc.dd>;tag=c3c7f81b

[2013-07-06 07:19:48] NOTICE[4106][C-00000024] chan_sip.c: Failed to authenticate device 5555<sip:5555@aaa.bb.ccc.dd>;tag=6be78a0b

[2013-07-06 07:19:49] NOTICE[4106][C-00000025] chan_sip.c: Failed to authenticate device 5555<sip:5555@aaa.bb.ccc.dd>;tag=1979ada5

Where, of course, aaa.bb.ccc.dd is the address of my SIP server. Unfortunately, while FreePBX contains a fail2ban module, asterisk doesn’t provide enough information in the log file to act upon these messages.

The way I have got around this involves making some custom modifications to the Asterisk configuration.

Firstly, we need to enable Asterisk (v11) security logging feature:

Edit, /etc/asterisk/logger_logfiles_custom.conf and add the following:

fail2ban2       => security,notice,warning,error

This will create an additional log file, called /var/log/asterisk/fail2ban2

Now we need to edit the fail2ban configuration in /etc/fail2ban to process the security logged items. FreePBX configuration is in jail.local, so we will add ours to jail.conf:

[asterisk11-iptables]

 enabled  = true

 filter   = asterisk11

 action   = iptables-allports[name=SIP, protocol=all]

 sendmail-whois[name=SIP, dest=alerts@example.com, sender=pbx@example.com]

 logpath  = /var/log/asterisk/fail2ban2

Finally, we create a simple regex to get the IP address that we want to ban, and put it in the /etc/fail2/ban/filter.d/asterisk11.conf

# Fail2Ban configuration file

#

#

# $Revision: 250 $

#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from

# common.local

#before = common.conf

[Definition]

#_daemon = asterisk

# Option:  failregex

# Notes.:  regex to match the password failures messages in the logfile. The

#          host must be matched by a group named "host". The tag "<HOST>" can

#          be used for standard IP/hostname matching and is only an alias for

#          (?:::f{4,6}:)?(?P<host>\S+)

# Values:  TEXT

#

failregex = SECURITY.* SecurityEvent=\"InvalidPassword\".*RemoteAddress=\"IPV4/UDP/<HOST>/

#VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' \(language '.*'\)

# Option:  ignoreregex

# Notes.:  regex to ignore. If this regex matches, the line is ignored.

# Values:  TEXT

# ignoreregex =

That’s it, we now intercept messages like this one from the security log, and manage to ban these device attempts:

[2013-07-06 07:19:42] SECURITY[4078] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1373091582935268",Severity="Error",Service="SIP",EventVersion="2",AccountID="00972597103443",SessionID="0x7fa42c001ac8",LocalAddress="IPV4/UDP/aaa.bb.ccc.dd/5060",RemoteAddress="IPV4/UDP/37.8.1.89/5071",Challenge="61074795",ReceivedChallenge="61074795",ReceivedHash="b469462e8e7de800b54eb50ffe46de86"

CATEGORIESRAMBINGSTAGSASTERISKFAIL2BANFREEPBXLINUXLOGPBXSECURITY

Asterisk 11 chan_sip.c: Failed to authenticate device 看不到IP的问题的更多相关文章

  1. SYMBDSNAP_SDK[3943]: Failed to open device: /dev/symbdsnapctl, errno: 2

    在Linux的日志/var/log/message里面看到下面错误信息: Oct 26 09:48:42 xxxxxxx SYMBDSNAP_SDK[3943]: Failed to open dev ...

  2. nmap报错: Failed to open device ethxxx

    nmap报错:  Failed to open device ethxxx 周银辉 今天用nmap时, 报错:   Failed to open device eth4, 好郁闷. 调查了一下, 是w ...

  3. Install Asterisk 11 on Ubuntu 12.04 LTS

    http://blogs.digium.com/2012/11/14/how-to-install-asterisk-11-on-ubuntu-12-4-lts/ Last week I put up ...

  4. 无法连接ssh,fatal: daemon() failed: No such device

    今天发现一个服务器的sshd无法启动,查看/var/log/secure里发现:fatal: daemon() failed: No such device 解决办法: rm /dev/null /d ...

  5. jenkins 配置ssh remotes 报Failed to authenticate with public key

    问题:jenkins配置ssh远程连接时候报 ERROR: Failed to authenticate with public key com.jcraft.jsch.JSchException: ...

  6. Error:Connection activation failed: No suitable device found for this connection

    原文链接: https://blog.csdn.net/baiboya/article/details/80452822 ens33这个网卡一直无法激活,在网上找了半天,找到这个博主的文章,才解决,虽 ...

  7. VSphere随笔 - vCenter6.5安装报错 “Failed to authenticate with the guest operating system using the supplied“

    今天重新安装VCSA,安装多次一直卡在80%的画面不动,显示正在安装RPM包,同时log日志显示“Failed to authenticate with the guest operating sys ...

  8. tensorflow报错:Attempting to fetch value instead of handling error Internal: failed to get device attribute 13 for device 0: CUDA_ERROR_UNKNOWN:

    就是在spyder跑上一篇文章的代码然后就报错: Attempting to fetch value instead of handling error Internal: failed to get ...

  9. Error:Connection activation failed: No suitable device found for this connection 问题最新解决方案

    虽然网上有很多关于这个问题的解决方案,但是我还是决定自己再次重复写一下这个解决的方案,重在更新知识和了解VMware workstation 15新功能. 在使用VMware workstation克 ...

随机推荐

  1. [蓝桥杯]ALGO-188.算法训练_P0504

    Anagrams指的是具有如下特性的两个单词:在这两个单词当中,每一个英文字母(不区分大小写)所出现的次数都是相同的.例如,Unclear和Nuclear.Rimon和MinOR都是Anagrams. ...

  2. 流媒体压力测试rtmp&hls(含推流和拉流)

    http://blog.csdn.net/sinat_34194127/article/details/50816045 [root@localhost ~]# yum install git unz ...

  3. Filedset

    <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8&quo ...

  4. 采用link方式解决zabbix对于备份监控和ORACLE日志监控由于路径不统一的问题

    #对于备份监控和ORACLE日志监控由于路径不统一,我们可以采用link的方式如:#ln -s 原路径 新路径(/zabbix/logs)#新路径统一放在/zabbix/logs下具体看模板指定. # ...

  5. 《深入浅出 Java Concurrency》目录

    最近在学习J.U.C,看到一个大神 关于这个系列写的非常精辟,由于想做笔记,故系列转载并记录之. 原文:http://www.blogjava.net/xylz/archive/2010/07/08/ ...

  6. final关键字特点

    一.final关键字修饰的类 无法被继承(即不能有子类) 二.final关键字修饰的方法不能被重写 三.final关键字修饰的变量成为常量(即不允许被修改) 开发中经常使用   

  7. centos7 卸载 jdk

    ################ jdk 的安装 ###########################参考:https://www.cnblogs.com/Dylansuns/p/6974272.h ...

  8. threading join用法

    join():在子线程完成运行之前,这个子线程的父线程将一直被阻塞 import threading #线程import time def Beijing(n): print('Beijing tim ...

  9. 非virtual函数,用指针进行upcast

    void print_func(A* p) { p -> print(); } int main() { A a(); B b(,); //a.print(); //b.print(); pri ...

  10. maven项目发布到tomcat的错误

    Could not publish to the server. java.lang.IndexOutOfBoundsException "Updating status for Tomca ...