forked from SimplesIP/pabx-app
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 lines
2.1 KiB
31 lines
2.1 KiB
#!/bin/bash |
|
|
|
#Variaveis |
|
CLIENTE=$([ -e /hdaux/cliente ] && cat /hdaux/cliente) |
|
IP_CENTRAL_SIP=$(ifconfig | grep "inet " | grep -v "127.0.0.1" | awk {'print $2'} | sed -e 's/addr://g'| sed -e 's/^/IP-CENTRAL-SIP:/g') |
|
EMAIL="suporte@simplesip.com.br" |
|
TENTATIVAS=3 |
|
NOVO_BLOQUEIO_SIP=$(egrep "Wrong password|No matching peer found|Registration from.*.failed for|chan_iax2\.c.*.failed .*. authentication|chan_iax2\.c.*.No registration for peer|Connect attempt from.*.unable to authenticate|manager\.c.*.tried to authenticate with nonexistent user | acl\.c: SIP Peer ACL: Rejecting" /var/log/asterisk/full | sed -e "s/.*Registration.* failed for '//g" | sed -e "s/' -.*//g" | sed -e "s/.*chan_iax2.* Host //g" | sed -e "s/ failed MD5 authentication for.*//g" | sed -e "s/.*Connect attempt from '//g" | sed -e "s/' unable to authenticate//g" | sed -e "s/.*chan_iax2.*No registration for peer.*(from //g" | sed -e "s/)//g" | sed -e "s/.*manager\.c: //g" | sed -e "s/ tried to authenticate with nonexistent user.*//g" | sed -e "s/.*acl.c: SIP Peer ACL: Rejecting '//g" | sed -e "s/' due to a failure to pass ACL.*//g" | sed -e "s/:.*//g"| sort | uniq -c) |
|
IP_BLOQUEADOS=$(iptables -L INPUT -n | awk {'print $4'} | grep -v [a-z]) |
|
WHITELIST=$([ -e /hdaux/whitelist.txt ] && cat /hdaux/whitelist.txt) |
|
|
|
echo "$NOVO_BLOQUEIO_SIP" | while read LINHA; do |
|
#Separando as informacoes em variaveis |
|
QTD=$(echo "$LINHA" | awk {'print $1'}) |
|
IP=$(echo "$LINHA" | awk {'print $2'}) |
|
[ -z "$QTD" ] && exit |
|
if [ "$QTD" -ge "$TENTATIVAS" ]; then |
|
|
|
LIBERADO=$(echo "$WHITELIST" | grep "$IP") |
|
if [ -z "$LIBERADO" ]; then |
|
|
|
BLOQUEADO=$(echo "$IP_BLOQUEADOS" | grep "$IP") |
|
if [ -z "$BLOQUEADO" ]; then |
|
if ! [ "$IP" == "127.0.0.1" ]; then |
|
iptables -A INPUT -s $IP -j DROP |
|
echo -e "Subject: SUSPEITA DE ATAQUE CLIENTE: $CLIENTE\nEndereco de origem: $IP \nTentativa de ataque: $QTD \n$IP_CENTRAL_SIP" | msmtp -t $EMAIL |
|
fi |
|
fi |
|
fi |
|
fi |
|
done |