[asterisk-users] Remodified Asterisk brute force blockers..
sil at infiltrated.net
Mon Apr 30 06:43:51 MST 2007
Top of the morning all... So I reworked the pseudo IDS/Brute Force
Asterisk script for those who want to either use it, or use it as a
baseline to build a better one...
The script now does a few things... It logs those with password issues,
and blocks them as well. This was done to ensure that a remote user who
was blocked can be found in the log. E.g., Sally the homemaker keeps
fiddling with her ATA or phone... Toasts her password... She will be
blocked, and her username and IP address will be logged in the home
directory of the admin running the script. This was done to ensure you
don't go blowing away legitimate
(011100110111010001110101011100000110100101100100 / PEBKAC) users. It
also double checks the entries to make sure no one is injecting false
parameters into Asterisk which would log say... Your own domain...
Some may need to tweak their columns under awk... Test before using on a
production machine... Works fine for me under Debian and FC5, results
may vary so test it on your own. If you have to ask about what it does,
please don't use it... Comments on the awk/sed/grep nightmare... Fire
away... It was started as a oneliner that spiraled out of control
echo infiltrated.net|sed 's/^/sil@/g'
"Wise men talk because they have something to say;
fools, because they have to say something." -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20070430/26fc7688/smime.bin
More information about the asterisk-users