R.I.P. We Talk About Security Alot So When I Seen This I Wanted To See If We Could Use It ConfigServer

trupsalms · Aug 24, 2014

wardmundy lgaetz Not Sure If You Guys Have Ever Run Across This, But When I Seen It, I Thought I Might Be A Great And Even More Beneficial Overlay On Iptables. I'm Asking If You Can Review It And See What You Think. Currently Trying To Find A Way To Get It To Read SIP And IAX Login Failures.

james · Aug 24, 2014

The problem with configserver which technically wouldn't be a problem with how Piaf works is the way it is licensed. They Dont allow people to package it and redistribute.

The reason I say it is compatible with Piaf is they script everything. There is no restrictions from what I can see with scripting the download and install. From my understanding the software is fantastic but the license is not very friendly. That said it is security software so I understand their desire to control its distribution.

wardmundy · Aug 24, 2014

The Pie-in-the-Sky License with Indemnification would be a deal-breaker for us. Sorry.

trupsalms · Aug 25, 2014

Thanks Both Of You For Your Prompt Research. If Anyone would like to chime in, to get this working by self installation, and configuration please do so. As i've said the issue i'm facing is being able to get CFS to read the sip and iax logs to identify failed login attempts.

wardmundy · Aug 25, 2014

Use Incredible PBX or Travelin' Man 3. You won't have to worry about failed logins because the bad guys will never see your server. :idea:

kwimberl · Aug 26, 2014

This can be done. I run csf on most of my web hosting servers. Jonathan actually worked for me a bit about 10 years ago. I can vouch for him and tell you he is a good guy.

The short answer is that you need to write up a regex. Having said that, a whitelist with iptables really is the best way to go unless that is just not practical. CSF is a great firewall system, but it is overkill for what most people need PIAF to do. If you have a server where it must be open to the public without a whitelist, that would be another story...

kwimberl · Aug 26, 2014

I took a quick stab a custom regex for SIP for you. I have not tested it. Let me know how it works out for you. If you need IAX2 as well, let me know.

The first thing you need to do is to edit /etc/csf/csf.conf and edit this line:

Code:

CUSTOM3_LOG = "/var/log/asterisk/messages"

Then edit /etc/csf/regex.custom.pm and add this in:

Code:

if (($lgfile eq $config{CUSTOM3_LOG}) and ($line =~ /\[\S+\s+\S+\] NOTICE\[\S+\] chan_sip.c\: Registration from '(\S+\s?\S+)' failed for '(\S+)\:\d+' \- Wrong password/))  {
  return ("SIP registration failure: $1",$2,"ASTERISK_SIP","3","3600");
}

Then run /etc/init.d/lfd restart

This should set a temporary block on the IP after 3 failed SIP registrations from the same IP.

Again, I have not tested this so let me know how it works for you...

R.I.P. We Talk About Security Alot So When I Seen This I Wanted To See If We Could Use It ConfigServer

trupsalms

Member

james

Guru

wardmundy

Nerd Uno

trupsalms

Member

wardmundy

Nerd Uno

kwimberl

New Member

kwimberl

New Member

Members online

Latest Posts

Forum statistics