You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Next »

Asterisk logolás szintjének megemelése

- On the command prompt type: asterisk -r
- In the asterisk command line interface type: core set verbose 128
- Additionally, you can also type: core set debug 128

Trixbox tűzfal mögött

Megoldás és megoldás

Tűzfalbeállítások Asterisk-hez

http://www.voip-info.org/wiki/view/Asterisk+firewall+rules

Beállítások iptables esetén
# SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT

# IAX2- the IAX protocol
iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT

# IAX - most have switched to IAX v2, or ought to
iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT

# RTP - the media stream
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

# MGCP - if you use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp --dport 2727 -j ACCEPT

Portech MV-372

Mobile to Lan szabályt a következők szerint kell beállítani

Paraméter

Érték

CID

*

URL

Mellék@Asterisk IP

Egyéb beállítási segédletek

http://www.powermediasrl.it/fsn/portech-mv-372-con-asterisktrixboxelastix.html

Linksys SPA3102

Az eszköz trixbox rendszerhez történő illesztését az itt található leírás alapján végezhetjük el egyszerűen

fail2ban telepítése Trixbox alá

Forrás

First we are going to install the rpmforge repository and use the fail2ban package from there -

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
sed -i 's/enabled = 0/enabled = 1/' /etc/yum.repos.d/rpmforge.repo
yum install -y fail2ban jwhois

Now disable the rpmforge repo do that it doesn't interfere with any of the CentOS/Asterisk packages -

sed -i 's/enabled = 1/enabled = 0/' /etc/yum.repos.d/rpmforge.repo

Next we are going to create the fail2ban configuration file for Asterisk. This tells fail2ban what text to monitor the logs for -

cat >> /etc/fail2ban/filter.d/asterisk.conf <<-EOF
# Fail2Ban configuration file
#
#
# $Revision: 250 $
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf

[Definition]

#_daemon = asterisk

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL
            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Peer is not supposed to register
            NOTICE.* <HOST> failed to authenticate as '.*'$
            NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)
            NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
            NOTICE.* .*: Failed to authenticate user .*@<HOST>.*

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
EOF

Next we are going to add some lines to the jail.conf file that tells fail2ban what log files to monitor and what action to take when the required text is detected. This includes sending an alert e-mail so you may want to change 'root' to your e-mail address. It also includes the length of time the IP address is blocked for in seconds. Here we have it set to 3 days, you may want to modify this -

cat >> /etc/fail2ban/jail.conf <<-EOF
[asterisk-iptables]

enabled  = true
filter   = asterisk
action   = iptables-allports[name=ASTERISK, protocol=all]
           sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban@example.org]
logpath  = /var/log/asterisk/full
maxretry = 5
bantime = 259200
EOF

Fail2ban needs the date in the Asterisk log files written in a specific format. To do this we can add a line to the 'General' section of the Asterisk logger configuration file. If you already have a 'General' section in there you will just want to add the line manually rather than running the command below -

cat >> /etc/asterisk/logger.conf <<-EOF
[general]
dateformat=%F %T
EOF
asterisk -rx "logger reload"

Finally we want to fire up fail2ban and set it to start at boot time -

service fail2ban start
chkconfig fail2ban on

One final thing you may want to do is 'whitelist' your own IP address/s. You can do this by adding them to the ignoreip line in the jail.conf file. Here's a couple of lines to do it automatically, just change the IP address here for your own IP address -

sed -i 's/ignoreip = /ignoreip = 123.123.123.123 /' /etc/fail2ban/jail.conf
service fail2ban restart

2.8.0.4-es trixbox függőségi probléma upgrade után

rpm -e --nodeps c-ares

rpm -e --nodeps sipsak

yum install sipsak
yum install c-ares

Biztonság

http://sysadminman.net/blog/2009/hacking-and-securing-your-asterisk-server-592

http://www.asteriskblog.hu/

VOIP szolgáltatók összehasonlítása

A különböző VOIP szolgáltatók ajánlatainak öszehasonlítását itt olvashatjuk.

  • No labels