LinuxMCE Forums

General => Users => Topic started by: Techstyle on January 11, 2013, 07:28:05 pm

Title: Asterisk Security
Post by: Techstyle on January 11, 2013, 07:28:05 pm

is Asterisk in LMCE 10.04 vunerable to brute force attacks?

there was a period earlier where lots of people were being billed for hacked calls, is security better now or is it still suggested to use something like fail2ban?

Title: Re: Asterisk Security
Post by: cfernandes on January 11, 2013, 07:31:07 pm

i use fail2ban to protect all off my servers from brute force attacks.

Title: Re: Asterisk Security
Post by: Techstyle on January 11, 2013, 07:48:22 pm

Thank You

Can you confirm that the wiki page for this is correct?

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force (http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force)

should the ignore IP line look like:

ignoreip = 127.0.0.1 192.168.80.1 192.168.80.0/254

Title: Re: Asterisk Security
Post by: cfernandes on January 11, 2013, 07:56:12 pm

the wiki is correct.

and work on  my last instalation

Title: Re: Asterisk Security
Post by: pw44 on January 11, 2013, 08:42:27 pm

Quote from: Techstyle on January 11, 2013, 07:48:22 pm

Can you confirm that the wiki page for this is correct?

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force (http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force)

should the ignore IP line look like:

ignoreip = 127.0.0.1 192.168.80.1 192.168.80.0/254

The wiki is correct, i tested it again with lmce 10.04. I created it while using lmce 8.10.
The ignoreip will make fail2ban ignore the given ip's or blocks, so ip's in your network will not be blocked by fail2ban in case of successive failed tries..

Title: Re: Asterisk Security
Post by: Techstyle on January 12, 2013, 04:21:12 am

so I failed on the second step:

/etc/asterisk/sip.conf doesn't exist

Title: Re: Asterisk Security
Post by: cfernandes on January 12, 2013, 12:44:26 pm

you no need to change sip.conf

this change is implemented on asterisk realtime database  by Foxi.

Title: Re: Asterisk Security
Post by: microbrain on January 13, 2013, 02:24:00 am

I use CSF firewall on all my servers to protect them. Very easy to set up and offers a little more flexibility and a lot more features than fail2ban does. Install webmin first (http://prdownloads.sourceforge.net/webadmin/webmin-1.580-1.noarch.rpm) then,
 CSF (http://www.configserver.com/free/csf.tgz).

I have had no issues with any of my servers including brute force attacks on those with asterisk installed since using CSF.


microbrain

Title: Re: Asterisk Security
Post by: pw44 on January 13, 2013, 11:40:07 pm

Quote from: Techstyle on January 12, 2013, 04:21:12 am

so I failed on the second step:

/etc/asterisk/sip.conf doesn't exist

You can enter it in the asterisk database, table ast_config, mine looks like:
    Edit    Delete    83    0    18    0    sip.conf    general    alwaysauthreject    yes

Title: Re: Asterisk Security
Post by: Techstyle on January 14, 2013, 06:35:30 am

cfernandes

thanks for updating the wiki page

Title: Re: Asterisk Security
Post by: pw44 on February 23, 2013, 11:15:25 pm

Wiki http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force was updated for asterisk 1.8. As asterisk 1.8 logs includes the host IP and the port, fail2ban was not blocking attackers IP.
For the ones using lmce 1004, please update the fail2ban configuration file according the the wiki example.
For lmce 810, no change is needed.