fail2ban 0.9.2 on Debian
內容表格
- 1. 安裝
- 2. 設定
- 2.1. Asterisk Logger 設定
- 2.2. 設定 jail
- 2.3. 自動啟動
- 2.4. 啟動服務
- 3. Q & A
- 3.1. Q:以下 Call Log 無法被偵測到
安裝
適用:Debian 7.x
檔案下載:https://www.fail2ban.org/wiki/index.php/Downloads
#> tar xzf 0.9.2.tar.gz #> cd fail2ban-0.9.2/ #> python setup.py install
驗證安裝
#> fail2ban-client -h
設定
Asterisk Logger 設定
/etc/asterisk/logger.conf:
... [logfiles] ... fail2ban => notice,warning,security
套用設定
#> asterisk -rx "logger reload" #> asterisk -rx "logger show channels"
設定 jail
for Asterisk)
/etc/fail2ban/jail.d/asterisk.conf
[asterisk] enabled = true logpath = /var/log/asterisk/fail2ban maxretry = 5 bantime = 259200
for SSH)
/etc/fail2ban/jail.d/sshd.conf
[sshd] enabled = true bantime = 7200 findtime = 900 maxretry = 4
自動啟動
#> cd fail2ban-0.9.2/ #> cp files/debian-initd /etc/init.d/fail2ban #> chmod 0755 /etc/init.d/fail2ban #> update-rc.d fail2ban defaults
啟動服務
#> service fail2ban start
Q & A
Q:以下 Call Log 無法被偵測到
Call from '' (195.154.134.116:5071) to extension '8011441295298642' rejected because extension not found in context 'public'.
Ans:設定 Asterisk 的 allowguest=no
編輯 sip.conf
allowguest=no
套用新設定
#> asterisk -rx "sip reload" #> asterisk -rx "sip show settings" | grep -i "Allow unknown access" Allow unknown access: No
- 標籤 (Edit tags)
- 什麼連接到這裡
| Images 0 | ||
|---|---|---|
| No images to display in the gallery. |
您必須 登入 才能發佈評論。
Powered by MindTouch Core