返回列表 發帖

fail2ban sharing

本帖最後由 ckleea 於 2010-12-3 21:10 編輯

Look interesting site

http://fail2ban.aleph-com.net/fail2ban_sharing

How to install fail2ban

http://www.voip-info.org/wiki/vi ... les%29+And+Asterisk

For rpm in centos, the rpm does not work because it needs shorewall.

Thanks for sharing.

TOP

我剛剛加咗fail2ban, 以為以前做咗,原來沒有裝shorewall。不過現在在source 裝,可以integrate iptables

TOP

我也剛剛裝了fail2ban,現正運行中,但仲未正式有工作做,因為暫時沒有不速之客;不過都唔想也唔歡迎這類客人。

但有一樣野想請教,就是在jail.conf 入面的 [DEFAULT],我已設定好了不會BAN咗自己 127.0.0.1 及 localnet xxx.xxx.xxx.xxx/24。  
如果我是在戶外使用notebook 或 remote PC 連入黎自己的SERVER,一般都會是用Dynamic IP,咁樣好難能夠一併把notebook 等的IP address 都列入到 igoreip 的。  有沒有其他方法設定呢?  抑或是選擇不放在ignoreip 裡就咁算呢?

另外,用shorewall 是否比用 iptables 更強呢?

TOP

本帖最後由 ckleea 於 2010-12-9 05:55 編輯

shorewall 好似難用D,我自已一路用開iptabes,比較易明。
For remote access,基本上如果唔係用VPN or fixed ip,有機會係fail2ban block,不過另一個因素是否經常login 錯。理論上正常users 唔會發生。

TOP

明白!  即是只要我是一位已在Asterisk Server 上註冊了的user,而又不會login 錯的話,是不會連自己都 BAN 埋。 這樣我也可以放心了。  因為Asterisk 的好處在於能讓我Remote Access 使用DISA,IVR、Auto Attendant 之類的功能,如果有問題就無咁方便。當然,針無兩利,防止不速之客是fail2ban一定要幫我做的最主要工作。

唔該晒。

TOP

可否举例写个例子出来?因为我vps中的freepbx刚装好个日就有人入侵,我都装左个fail2ban,但不懂setting

TOP

Welcome to my TaoBao shop: http://mandymak520.taobao.com/

TOP

回復 8# 雯雯


  这个我有睇过  但是不太明白,因为我一装好fail2ban 目录中就有/etc/fail2ban/filter.d/asterisk.conf了
  1. # Fail2Ban configuration file
  2. #
  3. #
  4. # $Revision: 250 $
  5. #

  6. [INCLUDES]

  7. # Read common prefixes. If any customizations available -- read them from
  8. # common.local
  9. #before = common.conf


  10. [Definition]

  11. #_daemon = asterisk

  12. # Option:  failregex
  13. # Notes.:  regex to match the password failures messages in the logfile. The
  14. #          host must be matched by a group named "host". The tag "<HOST>" can
  15. #          be used for standard IP/hostname matching and is only an alias for
  16. #          (?:::f{4,6}:)?(?P<host>\S+)
  17. # Values:  TEXT
  18. #

  19. failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
  20.             Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
  21.             Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
  22.             Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
  23.             Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register
  24.             NOTICE.* <HOST> failed to authenticate as '.*'$
  25.             NOTICE.* .*: No registration for peer '.*' (from <HOST>)
  26.             NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
  27.             VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')

  28. # Option:  ignoreregex
  29. # Notes.:  regex to ignore. If this regex matches, the line is ignored.
  30. # Values:  TEXT
  31. #
  32. ignoreregex =
複製代碼

TOP

TOP

返回列表