Page 3 of 4
Re: CSF / Asterisk
Posted: 12 May 2014, 05:11
by simon templar
Still working on it with sergio. We have a couple of bugs to fix before he releases it.
Re: CSF / Asterisk
Posted: 17 May 2014, 01:47
by Sergio
For people interested on a regex for ASTERIX, please see:
viewtopic.php?f=6&t=7517&start=10#p22708
Simon, will write the details on how to apply it, we made some test today and it works.
Sergio
Re: CSF / Asterisk
Posted: 21 May 2014, 22:31
by simon templar
Hi all,
In order to have CSF work with Asterisk, and protect it, this is what you need to do (this is working for Asterisk
1.8.15:
Make sure that you have a file
/etc/asterisk/logger.conf with the following line:
You line can have more option in it, for example:
This line will create a new log file
/var/log/asterisk/messages which will receive a
NOTICE when there is a failed registration attempt.
Once this is configured, you can restart the logger in Asterisk to take in account the new configuration:
Once this is done, edit
/etc/csf/regex.custom.pm and add the following line:
Code: Select all
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /\[\S+\s+\S+\] NOTICE\[\S+\] chan_sip.c\: Registration from '(\S+\s?\S+)' failed for '(\S+)\:\d+' \- Wrong password/)) {
return ("Bad Logon: $1",$2,"SecmasASTERIX","1","1");
}
At the first wrong login attempt of an IP, it will block it.
If you do not need to allow external access, then you can secure your Asterisk box by adding in
FIREWALL DENY IPs the following lines:
Code: Select all
udp|in|d=5060|s=0.0.0.0/0 #do not delete
tcp|in|d=5060|s=0.0.0.0/0 #do not delete
If you do that though, you will need to selectively open the ports for IPs that you know. So in the
FIREWALL ALLOW IPs you will need to add something like that for example:
Code: Select all
192.168.1.0/24
udp|in|d=5060|s=10.1.2.10 # IP from your SIP carrier for example
udp|in|d=10000_20000|s=10.1.2.10 # IP from your SIP carrier for example
That is about all you need to do. You can verify that it works by trying to connect from another IP than your desktop (because your IP will be added in the firewall rules, and you will be blocked), and monitoring CSF by clicking
WATCH SYSTEM LOGS within CSF.
Enjoy !
Re: CSF / Asterisk
Posted: 23 May 2014, 17:47
by leozim
Re: Custom REGEX rules for CSF.
Postby leozim ยป 23 May 2014 13:41
Hello,
Last month I try to configure rules of Sergio and cant work, but is a very busy time to me and I dont back here to check again...
at this time, I try new rules solution, but on here, dont work yet.
I configure correctly CUSTOM1_LOG:
CUSTOM1_LOG = "/var/log/asterisk/messages"
Asterisk put logs correctly:
[root@voip asterisk]# tail -f /var/log/asterisk/messages
[May 23 13:29:48] NOTICE[30661] chan_sip.c: Registration from '"2130" <sip:2130@200.200.200.200:5060>' failed for '192.99.35.217:5081' - Wrong password
[May 23 13:30:30] NOTICE[30661] chan_sip.c: Registration from '"1200" <sip:1200@200.200.200.200:5060>' failed for '192.99.35.217:5083' - Wrong password
[May 23 13:32:42] NOTICE[30661] chan_sip.c: Registration from '"9011" <sip:9011@200.200.200.200:5060>' failed for '192.99.35.217:5146' - Wrong password
But on lfd.log dont see any block.. very stranger situation.
Its possible csf dont check custom_log config?
Thanks
Re: CSF / Asterisk
Posted: 23 May 2014, 18:06
by Sergio
After you added the regex in /usr/local/csf/bin/regex.custom.pm, Did you restarted LFD?
If so, Did LFD shows everything was ok?
Re: CSF / Asterisk
Posted: 23 May 2014, 18:16
by simon templar
I forgot an important thing.
Edit /etc/csf/csf.conf , and change
to
Code: Select all
CUSTOM1_LOG = "/var/log/asterisk/messages"
Re: CSF / Asterisk
Posted: 26 May 2014, 14:32
by leozim
Hi,
Yes, I restart LFD after all changes and change CUSTOM1_LOG = "/var/log/asterisk/messages"
Is very stranger custom check dont work.
I need make changes on LF_TRIGGER or another options on /etc/csf/csf.conf?
Thank you
Re: CSF / Asterisk
Posted: 26 May 2014, 16:55
by Sergio
No, you don't need to set any options in csf.conf
Please, paste some error lines from /var/log/asterisk/messages to check them.
Re: CSF / Asterisk
Posted: 29 Aug 2014, 21:19
by trupsalms
I know a lot of people have been asking about this Sergio, but this is actually the correct location, on my system, for asterisk log files. Can You Please Assist With A Regex File For Me.
log file location /var/log/asterisk/full
[2014-08-29 15:04:29] NOTICE[1810] chan_sip.c: Registration from 'Sip-Personal<sip:1000@174.96.126.96>' failed for '444.414.441.232:63129' - Wrong password
[2014-08-29 15:04:29] NOTICE[1810] chan_sip.c: Registration from 'Sip-Personal<sip:1000@174.96.126.96>' failed for '444.414.441.232:63129' - Wrong password
[2014-08-29 15:04:49] NOTICE[1810] chan_sip.c: Registration from 'Sip-Personal<sip:1000@174.96.126.96>' failed for '444.414.441.232:63129' - Wrong password
Re: CSF / Asterisk
Posted: 06 Sep 2014, 07:41
by Sergio
trupsalms wrote:I know a lot of people have been asking about this Sergio, but this is actually the correct location, on my system, for asterisk log files. Can You Please Assist With A Regex File For Me.
log file location /var/log/asterisk/full
[2014-08-29 15:04:29] NOTICE[1810] chan_sip.c: Registration from 'Sip-Personal<sip:1000@174.96.126.96>' failed for '444.414.441.232:63129' - Wrong password
[2014-08-29 15:04:29] NOTICE[1810] chan_sip.c: Registration from 'Sip-Personal<sip:1000@174.96.126.96>' failed for '444.414.441.232:63129' - Wrong password
[2014-08-29 15:04:49] NOTICE[1810] chan_sip.c: Registration from 'Sip-Personal<sip:1000@174.96.126.96>' failed for '444.414.441.232:63129' - Wrong password
The only thing that you need to do, is to edit /etc/csf/csf.confg and search where it says
"CUSTOM1_LOG ="
and write there the location of your log file, after that you will need to restar CSF + LFD