Asterisk 11 Centos 6.5 Установка

Образ используемый для установки
CentOS-6.5-x86_64-minimal.iso   md5 0d9dc37b5dd4befa1c440d2174e88a87

VM под астериск
IP 192.168.0.33/24
GW 192.168.0.1
DNS 192.168.0.2,192.168.0.22
Суффиксы DNS поиска iamroot.ru

[root@ast-01 ~]# uname -r
2.6.32-431.el6.x86_64
[root@ast-01 ~]# yum update –y
[root@ast-01 ~]# sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
[root@ast-01 ~]# yum install -y make wget openssl-devel ncurses-devel newt-devel libxml2-devel kernel-devel gcc gcc-c++ sqlite-devel libuuid-devel nano perl
[root@ast-01 jansson-2.5]# cd ../
[root@ast-01 src]# wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
[root@ast-01 src]# wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-1.4-current.tar.gz
[root@ast-01 src]# wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11-current.tar.gz
[root@ast-01 src]# tar zxvf dahdi-linux-complete*
[root@ast-01 src]# tar zxvf libpri*
[root@ast-01 src]# tar zxvf asterisk*
[root@ast-01 src]# reboot
[root@ast-01 src]# cd /usr/src/dahdi-linux-complete* && make && make install && makeconfig
[root@ast-01 src]# chkconfig --add dahdi
[root@ast-01 src]# cd /usr/src/libpri* && make && make install
[root@ast-01 libpri-1.4.14]# cd /usr/src/asterisk*
[root@ast-01 asterisk-11.7.0]#./configure --libdir=/usr/lib64 && make menuselect && make && make install
[root@ast-01 asterisk-11.7.0]# make samples
[root@ast-01 asterisk-11.7.0]# yum install doxygen -y && make progdocs
[root@ast-01 asterisk-11.7.0]# make config
[root@ast-01 asterisk-11.7.0]# service dahdi start
[root@ast-01 asterisk-11.7.0]# service asterisk start
[root@ast-01 asterisk-11.7.0]# asterisk -r
Privilege escalation protection disabled!
See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details.
Asterisk 11.7.0, Copyright (C) 1999 - 2013 Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 11.7.0 currently running on ast-01 (pid = 29706)
ast-01*CLI>

[root@ast-01 src]# cd /usr/src/
[root@ast-01 src]# yum install -y python iptables
[root@ast-01 src]# wget sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2/download
[root@ast-01 src]# tar jxf fail2ban-0.8.4.tar.bz2
[root@ast-01 src]# cd fail2ban-0.8.4
[root@ast-01 fail2ban-0.8.4]# python setup.py install
[root@ast-01 fail2ban-0.8.4]# cp /usr/src/fail2ban-0.8.4/files/redhat-initd /etc/init.d/fail2ban
[root@ast-01 fail2ban-0.8.4]# chmod 755 /etc/init.d/fail2ban
[root@ast-01 files]# touch /etc/fail2ban/filter.d/asterisk.conf
[root@ast-01 files]# cat /etc/fail2ban/filter.d/asterisk.conf
# Fail2Ban configuration file
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#
failregex = NOTICE.* .*: Registration from '.*' failed for '' - Wrong password
NOTICE.* .*: Registration from '.*' failed for '' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for '' - Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for '' - Device does not match ACL
NOTICE.* .*: Registration from '.*' failed for '' - Peer is not supposed to register
NOTICE.* .*: Registration from '.*' failed for '' - ACL error (permit/deny)
NOTICE.* .*: Registration from '.*' failed for '' - Device does not match ACL
NOTICE.* failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' \(from \)
NOTICE.* .*: Host failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex = 192.168.0.0/24 #указываем наш IP с которого не будет проходить блок
------------------------------------------------
[root@ast-01 files]#cat /etc/fail2ban/jail.conf
------------------------------------------------
…
[asterisk-iptables]

enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban@localhost]
logpath = /var/log/messages
maxretry = 5
bantime = 259200
ignoreip=192.168.0.0/24
-----------------------------------------------------
[root@ast-01 files]# nano /etc/asterisk/logger.conf
-----------------------------------------------------
...
[general]
dateformat=%F %T

syslog.local0 => notice
...
-----------------------------------------------
[root@ast-01 files]#service iptables start
[root@ast-01 files]#service fail2ban start

Статья помогла? поддержите проект!

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *

Time limit is exhausted. Please reload the CAPTCHA.