защита sip от перебора

kfx — Wed, 20 Oct 2010 18:29:04 +0000

fail2ban — достаточно удобный способ защиты сервисов от перебора паролей и других атак на основе анализа log файлов приложений.
представляет собой набор скриптов на phyton

имеется в портах freebsd и пекетах debian,ubuntu

настройки специфичные для asterisk:

The contents of /etc/fail2ban/filter.d/asterisk.conf should be the following:

Исходный код

# Fail2Ban configuration file
#
#
# $Revision: 250 $
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf

[Definition]

#_daemon = asterisk

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#

failregex = NOTICE.* .*: Registration from '.*' failed for '' - Wrong password
NOTICE.* .*: Registration from '.*' failed for '' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for '' - Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for '' - Device does not match ACL
NOTICE.* .*: Registration from '.*' failed for '' - Peer is not supposed to register
NOTICE.* .*: Registration from '.*' failed for '' - ACL error (permit/deny)
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' $from <HOST>$
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@<HOST>.*

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

Next edit /etc/fail2ban/jail.conf to include the following section so that it uses the new filter. This does a 3-day ban on the IP that performed the attack. It is recommend to set the bantime in the [DEFAULT] section so if affects all attacks. It is also recommend to turn on an iptables ban for ssh, httpd/apache, and ftp if they are running on the system. Be sure to edit the sendmail-whois action to send notifications to an appropriate address:

Исходный код

[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
mail-whois[name=ASTERISK, dest=root, sender=sip3@unetcom.ru]
logpath = /var/log/asterisk/full
maxretry = 4
bantime = 259200

To change this format, open /etc/asterisk/logger.conf and add the following line under [general] section (You may have to create this before the [logfiles] section). This causes the date and time to be formatted as Year-Month-Day Hour:Minute:Second, [2008-10-01 13:40:04] is an example.

Исходный код

[general]
dateformat=%F %T

для применения изменений перезапустим логгер

Исходный код

asterisk -rx "logger reload"

Postgres 8.4 + FreeBSD 8.x

kfx — Mon, 04 Oct 2010 12:44:35 +0000

Для увеличения максимального к-ва коннектов, осбслуживаемых постгресом:

sysctl.conf

kern.ipc.shmmax=2147483648 kern.ipc.shmall=2097152

loader.conf

kern.ipc.semmni=256 kern.ipc.semmns=32000 kern.ipc.semmnu=256

postgresql.conf

max_connections = 250

cpu ubuntu

kfx — Wed, 14 Jul 2010 10:31:33 +0000

Выставляем заявленную частоту cpu а не заниженую

1) смотрим надо ли нам это

cat /proc/cpuinfo

model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz

cpu MHz : 1600.000

2) ставим софт

apt-get install cpufrequtils

3) проверяем доступные варианты

cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_frequencies

4) меняем частоту

/usr/bin/cpufreq-set -c 0 -f 2268000

иногда требуется вызывать для нескольких ядер

/usr/bin/cpufreq-set -c 2 -f 2268000

5)проверяем

cat /proc/cpuinfo

Sokolov blog » kfx

защита sip от перебора

Postgres 8.4 + FreeBSD 8.x

cpu ubuntu