forked from SimplesIP/pabx-app
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 lines
2.1 KiB
31 lines
2.1 KiB
2 years ago
|
#!/bin/bash
|
||
|
|
||
|
#Variaveis
|
||
|
CLIENTE=$([ -e /hdaux/cliente ] && cat /hdaux/cliente)
|
||
|
IP_CENTRAL_SIP=$(ifconfig | grep "inet " | grep -v "127.0.0.1" | awk {'print $2'} | sed -e 's/addr://g'| sed -e 's/^/IP-CENTRAL-SIP:/g')
|
||
|
EMAIL="suporte@simplesip.com.br"
|
||
|
TENTATIVAS=3
|
||
|
NOVO_BLOQUEIO_SIP=$(egrep "Wrong password|No matching peer found|Registration from.*.failed for|chan_iax2\.c.*.failed .*. authentication|chan_iax2\.c.*.No registration for peer|Connect attempt from.*.unable to authenticate|manager\.c.*.tried to authenticate with nonexistent user | acl\.c: SIP Peer ACL: Rejecting" /var/log/asterisk/full | sed -e "s/.*Registration.* failed for '//g" | sed -e "s/' -.*//g" | sed -e "s/.*chan_iax2.* Host //g" | sed -e "s/ failed MD5 authentication for.*//g" | sed -e "s/.*Connect attempt from '//g" | sed -e "s/' unable to authenticate//g" | sed -e "s/.*chan_iax2.*No registration for peer.*(from //g" | sed -e "s/)//g" | sed -e "s/.*manager\.c: //g" | sed -e "s/ tried to authenticate with nonexistent user.*//g" | sed -e "s/.*acl.c: SIP Peer ACL: Rejecting '//g" | sed -e "s/' due to a failure to pass ACL.*//g" | sed -e "s/:.*//g"| sort | uniq -c)
|
||
|
IP_BLOQUEADOS=$(iptables -L INPUT -n | awk {'print $4'} | grep -v [a-z])
|
||
|
WHITELIST=$([ -e /hdaux/whitelist.txt ] && cat /hdaux/whitelist.txt)
|
||
|
|
||
|
echo "$NOVO_BLOQUEIO_SIP" | while read LINHA; do
|
||
|
#Separando as informacoes em variaveis
|
||
|
QTD=$(echo "$LINHA" | awk {'print $1'})
|
||
|
IP=$(echo "$LINHA" | awk {'print $2'})
|
||
|
[ -z "$QTD" ] && exit
|
||
|
if [ "$QTD" -ge "$TENTATIVAS" ]; then
|
||
|
|
||
|
LIBERADO=$(echo "$WHITELIST" | grep "$IP")
|
||
|
if [ -z "$LIBERADO" ]; then
|
||
|
|
||
|
BLOQUEADO=$(echo "$IP_BLOQUEADOS" | grep "$IP")
|
||
|
if [ -z "$BLOQUEADO" ]; then
|
||
|
if ! [ "$IP" == "127.0.0.1" ]; then
|
||
|
iptables -A INPUT -s $IP -j DROP
|
||
|
echo -e "Subject: SUSPEITA DE ATAQUE CLIENTE: $CLIENTE\nEndereco de origem: $IP \nTentativa de ataque: $QTD \n$IP_CENTRAL_SIP" | msmtp -t $EMAIL
|
||
|
fi
|
||
|
fi
|
||
|
fi
|
||
|
fi
|
||
|
done
|