#!/bin/bash #Variaveis CLIENTE=$([ -e /hdaux/cliente ] && cat /hdaux/cliente) IP_CENTRAL_SIP=$(ifconfig | grep "inet " | grep -v "127.0.0.1" | awk {'print $2'} | sed -e 's/addr://g'| sed -e 's/^/IP-CENTRAL-SIP:/g') EMAIL="suporte@simplesip.com.br" TENTATIVAS=3 NOVO_BLOQUEIO_SIP=$(egrep "Wrong password|No matching peer found|Registration from.*.failed for|chan_iax2\.c.*.failed .*. authentication|chan_iax2\.c.*.No registration for peer|Connect attempt from.*.unable to authenticate|manager\.c.*.tried to authenticate with nonexistent user | acl\.c: SIP Peer ACL: Rejecting" /var/log/asterisk/full | sed -e "s/.*Registration.* failed for '//g" | sed -e "s/' -.*//g" | sed -e "s/.*chan_iax2.* Host //g" | sed -e "s/ failed MD5 authentication for.*//g" | sed -e "s/.*Connect attempt from '//g" | sed -e "s/' unable to authenticate//g" | sed -e "s/.*chan_iax2.*No registration for peer.*(from //g" | sed -e "s/)//g" | sed -e "s/.*manager\.c: //g" | sed -e "s/ tried to authenticate with nonexistent user.*//g" | sed -e "s/.*acl.c: SIP Peer ACL: Rejecting '//g" | sed -e "s/' due to a failure to pass ACL.*//g" | sed -e "s/:.*//g"| sort | uniq -c) IP_BLOQUEADOS=$(iptables -L INPUT -n | awk {'print $4'} | grep -v [a-z]) WHITELIST=$([ -e /hdaux/whitelist.txt ] && cat /hdaux/whitelist.txt) echo "$NOVO_BLOQUEIO_SIP" | while read LINHA; do #Separando as informacoes em variaveis QTD=$(echo "$LINHA" | awk {'print $1'}) IP=$(echo "$LINHA" | awk {'print $2'}) [ -z "$QTD" ] && exit if [ "$QTD" -ge "$TENTATIVAS" ]; then LIBERADO=$(echo "$WHITELIST" | grep "$IP") if [ -z "$LIBERADO" ]; then BLOQUEADO=$(echo "$IP_BLOQUEADOS" | grep "$IP") if [ -z "$BLOQUEADO" ]; then if ! [ "$IP" == "127.0.0.1" ]; then iptables -A INPUT -s $IP -j DROP echo -e "Subject: SUSPEITA DE ATAQUE CLIENTE: $CLIENTE\nEndereco de origem: $IP \nTentativa de ataque: $QTD \n$IP_CENTRAL_SIP" | msmtp -t $EMAIL fi fi fi fi done