服务器:ubuntu14.04
问题:2019-04-14 10:13:34.314581 [WARNING] sofia_reg.c:2827 Can't find user [[email protected]] from 188.165.222.17
You must define a domain called '123.59.232.47' in your directory and add a user with the id="201" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
步骤:
1.安装fail2ban
apt-get install fail2ban
2.配置freeswitch服务,将错误、失败信息收集到free switch的log文件内
[email protected]:/usr/local/freeswitch/log# vim /usr/local/freeswitch/conf/sip_profiles/internal.xml
<param name="log-auth-failures" value="true"/>
3.配置fail2ban服务器
[email protected]:/etc/fail2ban# vim /etc/fail2ban/jail.conf
bantime:设置IP被封锁的时间(秒),如果值为-1,代表目标IP将永远封锁
findtime:设置在多少秒内达到maxretry的次数就会被封锁
maxretry:同上
在jail.conf文件的最后添加上图内容:
[freeswitch] #对应“iptables -L”里面的chain
enabled = true
port = 5060,5061,5080,5081
filter = freeswitch
action = iptables-allports[name=freeswitch, protocol=all]
logpath = /usr/local/freeswitch/log/freeswitch.log
maxretry = 5
[email protected]:/etc/fail2ban# vim /etc/fail2ban/filter.d/freeswitch.conf
在freeswitch.conf文件中添加上图内容:
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
#failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*\] from <HOST>
failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[\[email protected]*\] from <HOST>
#failregex = ^A registration failed User:\d+ IP:<HOST> at .*\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =4.安装iptables服务
5.重启fail2ban服务
6.在iptables服务中确认fail2ban的配置是否被加载
7.测试功能是否有效
8.设置服务开机自启动
参考1:https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban
参考2:https://wenku.baidu.com/view/6f24601d10a6f524ccbf85d6.html