dbxe
/
fusionpbx-install.sh
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

devuan: pull fail2ban updates from debian installer

This commit is contained in:
Valentin Kleibel 2022-03-31 14:20:09 +02:00
parent 6c9e99de58
commit 3007164393
8 changed files with 180 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
devuan/resources/fail2ban.sh
View File

@ -15,20 +15,23 @@ verbose "Installing Fail2ban"
apt-get -q -y install fail2ban apt-get -q -y install fail2ban
#move the filters #move the filters
cp fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf
cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
cp fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf
cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
cp fail2ban/freeswitch-acl.conf /etc/fail2ban/filter.d/freeswitch-acl.conf
cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf
cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf
cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf
cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf
cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf
cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
cp fail2ban/jail.local /etc/fail2ban/jail.local cp fail2ban/jail.local /etc/fail2ban/jail.local
#update config if source is being used #update config if source is being used
if [ .$switch_source = .true ]; then #if [ .$switch_source = .true ]; then
sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local # sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
fi #fi
#restart fail2ban
/usr/sbin/service fail2ban restart /usr/sbin/service fail2ban restart
# missing log file will show error

21
devuan/resources/fail2ban/auth-challenge-ip.conf Normal file
View File

@ -0,0 +1,21 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

20
devuan/resources/fail2ban/freeswitch-acl.conf Normal file
View File

@ -0,0 +1,20 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#2021-02-03 16:27:57.292697 [WARNING] sofia_reg.c:2353 IP 62.210.78.91 Rejected by register acl "domains"
failregex = \[WARNING\] sofia_reg.c:\d+ IP <HOST> Rejected by register acl
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

0
devuan/resources/fail2ban/freeswitch-404.conf → devuan/resources/fail2ban/fusionpbx-404.conf
View File

20
devuan/resources/fail2ban/fusionpbx-mac.conf Normal file
View File

@ -0,0 +1,20 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#Oct 9 02:56:16 m1 fusionpbx-provision[28628]: [10.0.0.1] invalid mac address 000000000000
failregex = \[<HOST>\] invalid mac address
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

144
devuan/resources/fail2ban/jail.local
View File

@ -1,80 +1,97 @@
[freeswitch-udp] [ssh]
enabled = true enabled = true
port = 5060,5061,5080,5081 port = 22
protocol = ssh
filter = sshd
logpath = /var/log/auth.log
action = iptables-allports[name=sshd, protocol=all]
maxretry = 6
findtime = 60
bantime = 86400
[freeswitch]
enabled = true
port = 5060:5091
protocol = all protocol = all
filter = freeswitch filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp] #logpath = /usr/local/freeswitch/log/freeswitch.log
maxretry = 5 action = iptables-allports[name=freeswitch, protocol=all]
findtime = 600 maxretry = 10
bantime = 600 findtime = 60
bantime = 3600
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed # sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
[freeswitch-tcp] [freeswitch-acl]
enabled = true enabled = true
port = 5060,5061,5080,5081 port = 5060:5091
protocol = all protocol = all
filter = freeswitch filter = freeswitch-acl
logpath = /var/log/freeswitch/freeswitch.log logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp] #logpath = /usr/local/freeswitch/log/freeswitch.log
maxretry = 5 action = iptables-allports[name=freeswitch-acl, protocol=all]
findtime = 600 maxretry = 900
bantime = 600 findtime = 60
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed bantime = 86400
[freeswitch-ip-tcp] [freeswitch-ip]
enabled = false enabled = false
port = 5060,5061,5080,5081 port = 5060:5091
protocol = all protocol = all
filter = freeswitch-ip filter = freeswitch-ip
logpath = /var/log/freeswitch/freeswitch.log logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp] #logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-ip, protocol=all]
maxretry = 1 maxretry = 1
findtime = 30 findtime = 60
bantime = 86400 bantime = 86400
[freeswitch-ip-udp] [auth-challenge-ip]
enabled = false enabled = false
port = 5060,5061,5080,5081 port = 5060:5091
protocol = all protocol = all
filter = freeswitch-ip filter = auth-challenge-ip
logpath = /var/log/freeswitch/freeswitch.log logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp] #logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=auth-challenge-ip, protocol=all]
maxretry = 1 maxretry = 1
findtime = 30 findtime = 60
bantime = 86400 bantime = 86400
[freeswitch-dos-udp] [sip-auth-challenge]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-dos
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp]
maxretry = 50
findtime = 30
bantime = 6000
[freeswitch-dos-tcp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-dos
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp]
maxretry = 50
findtime = 30
bantime = 6000
[freeswitch-404]
enabled = false enabled = false
port = 5060,5061,5080,5081 port = 5060:5091
protocol = all protocol = all
filter = freeswitch-404 filter = sip-auth-challenge
logpath = /var/log/freeswitch/freeswitch.log logpath = /var/log/freeswitch/freeswitch.log
action = iptables-allports[name=freeswitch-404, protocol=all] #logpath = /usr/local/freeswitch/log/freeswitch.log
maxretry = 3 action = iptables-allports[name=sip-auth-challenge, protocol=all]
findtime = 300 maxretry = 100
findtime = 60
bantime = 7200
[sip-auth-failure]
enabled = true
port = 5060:5091
protocol = all
filter = sip-auth-failure
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=sip-auth-failure, protocol=all]
maxretry = 6
findtime = 60
bantime = 7200
[fusionpbx-404]
enabled = false
port = 5060:5091
protocol = all
filter = fusionpbx-404
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=fusionpbx-404, protocol=all]
maxretry = 6
findtime = 60
bantime = 86400 bantime = 86400
[fusionpbx] [fusionpbx]
@ -83,11 +100,23 @@ port = 80,443
protocol = tcp protocol = tcp
filter = fusionpbx filter = fusionpbx
logpath = /var/log/auth.log logpath = /var/log/auth.log
action = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp] action = iptables-allports[name=fusionpbx, protocol=all]
# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed # sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
maxretry = 20
findtime = 60
bantime = 3600
[fusionpbx-mac]
enabled = true
port = 80,443
protocol = tcp
filter = fusionpbx-mac
logpath = /var/log/syslog
action = iptables-allports[name=fusionpbx-mac, protocol=all]
# sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
maxretry = 10 maxretry = 10
findtime = 600 findtime = 60
bantime = 600 bantime = 86400
[nginx-404] [nginx-404]
enabled = true enabled = true
@ -95,19 +124,20 @@ port = 80,443
protocol = tcp protocol = tcp
filter = nginx-404 filter = nginx-404
logpath = /var/log/nginx/access*.log logpath = /var/log/nginx/access*.log
action = iptables-allports[name=nginx-404, protocol=all]
bantime = 3600 bantime = 3600
findtime = 60 findtime = 60
maxretry = 120 maxretry = 300
[nginx-dos] [nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than # Based on apache-badbots but a simple IP check (any IP requesting more than
# 300 pages in 60 seconds, or 5p/s average, is suspicious) # 300 pages in 60 seconds, or 5p/s average, is suspicious)
# Block for two full days.
enabled = true enabled = true
port = 80,443 port = 80,443
protocol = tcp protocol = tcp
filter = nginx-dos filter = nginx-dos
logpath = /var/log/nginx/access*.log logpath = /var/log/nginx/access*.log
action = iptables-allports[name=nginx-dos, protocol=all]
findtime = 60 findtime = 60
bantime = 86400 bantime = 86400
maxretry = 300 maxretry = 800

0
devuan/resources/fail2ban/freeswitch-dos.conf → devuan/resources/fail2ban/sip-auth-challenge.conf Executable file → Normal file
View File

21
devuan/resources/fail2ban/sip-auth-failure.conf Executable file
View File

@ -0,0 +1,21 @@
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =