J. Oquendo
2007-Apr-30 06:52 UTC
[asterisk-users] Remodified Asterisk brute force blockers..
Top of the morning all... So I reworked the pseudo IDS/Brute Force Asterisk script for those who want to either use it, or use it as a baseline to build a better one... The script now does a few things... It logs those with password issues, and blocks them as well. This was done to ensure that a remote user who was blocked can be found in the log. E.g., Sally the homemaker keeps fiddling with her ATA or phone... Toasts her password... She will be blocked, and her username and IP address will be logged in the home directory of the admin running the script. This was done to ensure you don't go blowing away legitimate (011100110111010001110101011100000110100101100100 / PEBKAC) users. It also double checks the entries to make sure no one is injecting false parameters into Asterisk which would log say... Your own domain... Some may need to tweak their columns under awk... Test before using on a production machine... Works fine for me under Debian and FC5, results may vary so test it on your own. If you have to ask about what it does, please don't use it... Comments on the awk/sed/grep nightmare... Fire away... It was started as a oneliner that spiraled out of control http://www.infiltrated.net/scripts/ashtray -- ===================================================J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 echo infiltrated.net|sed 's/^/sil@/g' "Wise men talk because they have something to say; fools, because they have to say something." -- Plato -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5157 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20070430/26fc7688/smime.bin