ubuntu 20.04
freeswitch 1.10.5
fail2ban 0.11.1 https://github.com/fail2ban/fail2ban
1,先要让恶意访问的警告内容写入freeswitch的日志
/usr/local/freeswitch/conf/sip_profiles/internal.xml
<param name="log-auth-failures" value="true"/>
/usr/local/freeswitch/conf/autoload_configs/switch.conf.xml
<param name="threaded-system-exec" value="true"/>
改好以后保存,然后重启freeswitch或者 reloadxml
2,安装fail2ban ,如果之前安装过但是出错了 需要先卸载
apt-get安装的 直接 sudo apt-get remove fail2ban
源码安装的可以考虑先结束fail2ban的进程然后手动删除下面的文件
/usr/bin/fail2ban-*
/usr/local/bin/fail2ban-*
/usr/lib/python*/*/fail2ban
/usr/local/lib/python*/*/fail2ban (例如 /usr/local/lib/python2.7/dist-packages/fail2ban/)
/etc/fail2ban
然后重新安装apt-get install fail2ban
再查看/etc/fail2ban目录下是否有配置文件,如果没有,需要从github上下载config文件夹下的配置文件 复制进来
启动 systemctl start fail2ban
查看状态 systemctl status fail2ban
3,配置
修改 /etc/fail2ban/jail.local 如果没有这个文件,那复制一个jail.conf 改名过来
在里面搜freeswitch,把对应端口补上,log文件地址改成 /usr/local/freeswitch/log/freeswitch.log
然后保存
/etc/fail2ban/jail.d/ 新建一个 freeswitch.local文件
内容写
[freeswitch]
enabled = true
maxretry = 4 ; for a total of five failures
findtime = 3600 ; based on empirical testing
bantime = 259200 ; ban for 3day (which lets us pick up repeat offenders)
# We do not use 5061 and it is not open to the outside world, so act on 5060 only
port = 5060,5061,5080,5081,7060
# we do not want mail, so remove that action from standard jail.conf freeswitch config
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
# Add intrusion log, which contains special string for host (see freeswitch.local filter)
logpath = /usr/local/freeswitch/log/freeswitch.log
保存 然后重新载入配置
fail2ban-client reload 如果出错 尝试在命令前面加python3
python3 fail2ban-client reload
python3 fail2ban-client status freeswitch #查看当前freeswitch 被禁止的服务器的状态
python3 fail2ban-client set freeswitch unbanip 1.2.3.4 #设置freeswitch策略,解禁IP 1.2.3.4