Show some LOVE, LIKE our page :)

Friday, August 1, 2014

Fixing magnet links on Google Chrome (and re-associate with uTorrent or <insert.favourite.torrent.program.here>)

NOTE: This post is for education purposes only.

Spent some time trying to fix and after reading/following some resources online like youtube links and others, they still didn't’ seem to work for me. Finally, found this regkey, changed one value and it worked for me. It may help you too..

The association of magnet links on torrent sites (which most of them use instead of a .torrent file) may break if you’ve installed/uninstalled a program that also handles magnet/torrent links and may have override your favorite torrent proggie e.g. uTorrent as your default torrent handler.

And now, Google Chrome won’t associate/open uTorrent when you click the image icon or this type of link image 


So, first do try the following:

1) This Youtube link http://www.youtube.com/watch?v=6nELJpK7B5E

2) This other resource http://www.metserve.com/blog/magnet-links-working-with-chrome

 

If those links still don’t help or the problem isn’t fixed, fear not, there’s one other thing you can do:,

1) Open up the registry (click start, then run, regedit). In Windows 7 or higher, just type in the application bar search box

2) Look for the following key
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice

3) Edit the REG_GZ value for ProgID and enter your favourite program you wish to associate with, e.g. uTorrent
(How to find my program’s progID - http://www.ehow.com/how_6871656_progid.html

 

image

 

And done! IT should work now. Cheers!

Friday, June 20, 2014

Monast – An uber cool FREE web based monitoring for Asterisk (an install guide for Debian users)

I had the chance to install and use Monast (http://monast.sourceforge.net/) by Diego Aguirre and found it extremely useful, simple, fast and FREE to monitor Asterisk 1.4 or higher (this guide uses Asterisk 11.x). Thought i’d share this how to for basic asterisk monitoring needs. Even though the project has not been updated for years, i still find it super useful and works on Asterisk 11 for me just fine.

Important notes:

  • This guide is for users of Debian 32/64, other platforms can adapt, esp the “apt” parts :-)
  • You should already have a running FreePBX (or at least Apache and related libraries) if you do not have FreePBX
  • This guide would likely work for Ubuntu as well

Follow this guide to get it up and running in minutes

  1. Update your apt and get some packages
  2. #apt-get update
  3. #apt-get install python-twisted python-zope.interface php-pear
  4. #pear install HTTP_Client
  5. Get starpy package and install it
  6. #cd /usr/src
  7. #wget -O starpy-1.0.0a13.tar.gz http://downloads.sourceforge.net/project/starpy/starpy/1.0.0a13/starpy-1.0.0a13.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fstarpy%2Ffiles%2Fstarpy%2F1.0.0a13%2F&ts=1402506121&use_mirror=jaist
  8. #tar –zxvf starpy-1.0.0a13.tar.gz
  9. #cd starpy-1.0.0a13/
  10. #./setup.py install
  11. #cd ..
  12. Now download monast
  13. #wget –O monast-3.0b4.tar.gz http://downloads.sourceforge.net/project/monast/Monast%20for%20Asterisk%201.4%2C%201.6%20and%201.8/3.0b4/monast-3.0b4.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fmonast%2Ffiles%2FMonast%2520for%2520Asterisk%25201.4%252C%25201.6%2520and%25201.8%2F3.0b4%2F&ts=1403193094&use_mirror=jaist
  14. #tar -zxvf monast-3.0b4.tar.gz
  15. #cd monast-3.0b4/
  16. At this point below, simply use the defaults, change if you know what you’re doing….
  17. #./install.sh
  18. Now, lets create an AMI user using FreePBX’s
  19. Note, use the module Asterisk Manager Users and its a recommended way to add AMI users
  20. Create a new manager user called monastfpbx with a secret like this “mysecret123”, select ALL for read, and ALL for write

    Example below
    image
  21. Submit and apply
  22. If you do not have/use this module, create you own user like this in [freepbx users] /etc/asterisk/manager_custom.conf or rest of the world /etc/asterisk/manager.conf

    [monastfpbx]
    secret = mysecret123
    deny=0.0.0.0/0.0.0.0
    permit=127.0.0.1/255.255.255.0
    read = system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate
    write = system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate
  23. Then reload the manager module #asterisk –rx “manager reload”
  24. Now, edit the monast config file
  25. #nano /etc/monast.conf
  26. Look for the following and change per suggested here (basic setup, change others if you know what you’re doing)

    auth_required = true

    [server: Server_1] # Server name can not contains space
    hostname = 127.0.0.1
    hostport = 5038
    username = monastfpbx
    password = mysecret123

    default_context = from-internal
    transfer_context = from-internal-xfer

    [user: admin]
    secret  = secret12345
    roles   = originate,queue,command,spy
    servers = ALL
  27. Save and exit
  28. Now, lets test start monast
    #/opt/monast/monast.py
    You should see this at minimum (ignore server_2 errors)
    [Fri Jun 20 19:17:05 2014] NOTICE   :: Initializing Monast AMI Interface...
    [Fri Jun 20 19:17:05 2014] NOTICE   :: Parsing config file /etc/monast.conf
    [Fri Jun 20 19:17:05 2014] NOTICE   :: Server Server_1 :: AMI Connected...
  29. Now, ctrl-c to stop that and run this monast as a daemon instead (runs in background)
    #/opt/monast/monast.py --daemon
    You should see something like this:
    Monast daemonized with pid 6738
  30. That’s about it, now log on to the webUI
  31. http(s)://<yourIP>/html/monast with username admin and password secret12345
  32. Remember, you can right click and do stuff to the tabs you see there such as originate calls…
    image 
    image 
    image
    image
  33. The init.d should be automatically added and should auto start in daemon mode, but do verify yourself
  34. Shout out to Diego Aguirre! awesome software mate :-)
  35. Thanks and as usual do give us feedback

 

Happy weekend folks!

Tuesday, May 13, 2014

OPUS codec with transcoding on Asterisk 11.5.x (or higher, 11.6,11.7,11.8,11.9) with(out) FreePBX

Hi all, this is just a quick and dirty guide to get OPUS and VP8 running on Asterisk 11.9.0 on your Debian box.

  • All credits for the Asterisk patch to meetecho and forked by netaskd for Asterisk 11.5.x or higher support.
  • This guide is intended for Debian 6 - 64bit platform only. Of course, with a little research, you could do it for other platforms as well.
  • Want to know more about why i am so gung-ho about OPUS, see here.
  • If you want a quick and easy access to a fully running Asterisk 11.5.x. From this image, follow the guide below to get it update to Asterisk 11.9 and get OPUS/VP8 enabled and running
  • IMPORTANT: There are some legal implications using OPUS on Asterisk code, read all about it here. REMEMBER, this is for educational use only.

Ok, let’s get down to business.

  1. Get “autoconf”, “automake” “pkg-config”
    # apt-get install autoconf automake pkg-config
  2. Get the latest libopus
    # cd /usr/src
    # wget http://downloads.xiph.org/releases/opus/opus-1.1.tar.gz && tar –zxvf opus-1.1.tar.gz && cd opus-1.1
    # ./configure
    # make all && make install
  3. That should get your opus ready for asterisk installation. Since vp8 is merely passthru, it will not require and libraries.
  4. Now, go to the asterisk source installation directory (if you don’t have it, simply download it from here). If you are running my image, you could overwrite the 11.5 by simply follow the guide below.
  5. Now, lets get started on asterisk side
    # cd /usr/src/asterisk-11.9.0
    # wget https://raw.githubusercontent.com/netaskd/asterisk-opus/master/asterisk-11.5.0_opus+vp8.diff -O asterisk_opus+vp8.diff --no-check-certificate
    # patch –p1 –u < asterisk_opus+vp8.diff
    You should see everything working well so far like below.
    image
    # ./bootstrap.sh
    # make clean && ./configure --with-crypto --with-ssl --with-srtp=/usr/local/lib --prefix=/usr
    IMPORTANT: If you do not have libsrtp, leave only with “--prefix=/usr”, remove the rest in that line. Libcryto and ssl are used for SRTP (for WebRTC mainly)
    # make menuselect
    IMPORANT: Please be sure to select 1) Codec Opus in Codec Translations, 2) Format VP8 in Format Interpreters and for best compatibility, 3) all sounds that’s SLIN16 (not selected by default) in Core Sound Packages, MOH Packages and Extra Sound..
    IMPORANT: If you can’t select Opus something went wrong in your libopus installation!, otherwise it should be preselected for you, but do check nontheless
    FREEPBX USERS! IMPORTANT: FreePBX users, be sure to select format_mp3, res_config_mysql, app_mysql, app_saycountpl and cdr_mysql in Add-ons
    # save and exit
    FREEPBX USERS! IMPORTANT: Run this # contrib/scripts/get_mp3_source.sh
    # make && make install
  6. Now if you use freepbx, simple run #amportal kill && amportal start
  7. Otherwise, simply kill and start back Asterisk
  8. You should see opus in the translation list
    # asterisk -rx "core show translation"
  9. Also, if you go into asterisk cli, you could type opus <tab> and set debug…that all means the patch worked great, now to test!
  10. Be sure to set allow=opus in your sip general setting or per peer/user. For FreePBX users, go to FPBX UX and select Asterisk SIP settings, set allow opus/vp8 like below right at the bottom of that page.
     image
  11. Use a phone that supports OPUS (on Windows you’ve got Phoner, MicroSIP, on mobile you’ve got CCIPSimple or BRIA) and dial away to test
  12. Here’s my BRIA on my Android with Opus at 48Khz, dialing the echo test on FreePBX *43
    ss

Next, i am going to try this on WebRTC with passthru support for VP8 and full transcoding with OPUS!

Cheers and have a good week ahead, do send your feedbacks to sanjay---at@---astiostech.com

Thursday, May 1, 2014

The personal & secret telephone menu – with Asterisk/FreePBX

Have you ever wanted to do some crazy telephony stuff such as call a long distant number using your office PaBX, or call you back and bridge an open channel (so you can call anywhere) or do just about anything with your own Direct Inward Number (or PSTN number) that only you know how to activate?

Here’s in summary what i wanted to achieve

  1. Use back my existing number, e.g. my own DID
  2. Let it do the same thing as before, i.e. ring my extension, forward to my mobile
  3. BUT, enable a “secret” menu option that only i know that can execute different functions of the PaBX such as dial a long distance number

I wanted to do something like this without affecting my existing number when everyone else dials. But the trick is to not let anyone know its an IVR that’s actually “answering” the call. So, its essentially, my own private little menu system that when i dial my own number, i can activate by activating (dialing) the IVR option!

I believe this is a cool feature to enable users to do a multitude of stuff within their Asterisk/FreePBX system;

In an organization, this could be use to;

  1. Check your voicemail from a pstn number
  2. Check calendar appointments (using ICS/Exchange module)
  3. Initiate a call back
  4. Initiate another call (bridging)
  5. Send a voiceblast, …etc.etc.etc

The real trick isn’t a big mystery actually, its actually pretty trivial, here are the steps

  1. Create an IVR, use a ring-ring dialtone as the announcement (like as though it is really ringing but actually its playing an “ivr” message giving you time to key in your “secret” code for different functions”). Use this file here if you don’t have one. Fake ringtone http://goo.gl/AnHpPI
  2. Set different destinations as ivr menu responses using the beautiful web UI brought to you by FreePBX to do loads of stuff. See sample below;
    Be sure to:
    a) Set the announcement to the fake ringtone you just uploaded (using Admin/System Recordings)
    b) Set direct dial to disable
    c) Set timeout to however long you need to dial your secret codes (ensure its no longer than the fakeringtone)
    d) Set both invalid and timeout destination to your actual extension without a retry recording i.e. none
    e) Set invalid and timeout retries to zero
    f) In conclusion, follow like below verbatim, except for relevant changes for you
    image
  3. Create an inbound route to go to that IVR you just created! 
    image
  4. Save and apply configs!
  5. Do two tests, 1 dial and enter 2020 and it will “DialGirlFriend”
  6. Second test, dial without pressing anything…it will sound like a normal ring and eventually call your extension

And there you go, thanks to the intuitive design of FreePBX and of course the backend Asterisk super engine, you can do so much of fun stuff, with just one number :)

Happy Labor Day Folks!

 

Sanjay@astiostech

Monday, April 14, 2014

iSymphony - A super cool unified communications platform and user panel for Asterisk/FreePBX + Install guide for Debian/Asterisk/FreePBX

 
[img src http://www.getisymphony.com/]

 

Some introduction

About iSymphony

For years, i’ve been asked by Asterisk users in many corporations to have a web management page for our much loved Asterisk IPPBX, there has been near complete products out there and some does one thing and doesn’t do others. I’ve been following iSymphony for some time now but before V3, it didn’t quite interest me simply because of the need to install a specific client on user’s desktop. But now, its pure Web which is simply awesome. If you would like to get your Asterisk equipped with this cool tool, let us know, and we will do the install and consultancy/setup for you. We can be reached via www.astiostech.com!

The benefits of iSymphony (most screens and text take of http://www.getisymphony.com/)


iSymphony is the best web-based call management solution for your Asterisk PBX. Thousands of organizations choose iSymphony to organize people and the flow of information from your phone system. Be more productive by communicating on a realtime platform with everyone in your organization.

To summarise, iSymphony is:

  • A centralized directory which enables click to call without touching your actual phone. It reads user info straight off FreePBX! so don’t need to create twice
  • UI to check your voicemails, listen to recordings etc straight off your browser
  • UI to get personalised call logs and see user’s statuses such as busy/free
  • Chat with users within the organization
  • Park calls, jump into conferences, transfer and manage calls to your extension or to a group of extensions you manage (i.e. a real boss secretary module)
  • Integrate into CRMs for popups etc…
  • Drag and drop layout and its also fully customizable to meet each user’s preferences
  • See notifications through the webUI and react to them!
  • Manage everything via its own website or via FreePBX’s module

Everyone should try it, therefore, i am writing this simple guide for initial users who just wanna try it out. Here’s what is covered in this guide

 

Now, lets install!

Pre-requisite using this guide, of course, it supports more platforms and versions (see here)

  1. Debian 6 or higher
  2. Asterisk with FreePBX 2.11 or higher
  3. Sun JRE

Firstly, you must have a working Asterisk+FreePBX. If you don’t get my image from here, simple to use and works straight out.

From your CLI, copy/paste and execute the following in #, change where you know stuff, if you don’t just follow the guide!

  1. Install Sun JRE 7 (thanks to http://www.webupd8.org/ for making it so easy to install JRE)
    #echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list
    #echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
    #apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EEA14886
    #apt-get update
    #apt-get install oracle-java7-installer
    NOTE: If you get timeout errors or etc, please retry that last command again until you see “Oracle JDK 7 installed”
  2. Get iSymphony, install and start the daemon
    #cd /usr/src
    #wget http://www.getisymphony.com/files/builds/isymphony/3.0.1_5238/iSymphonyServerV3-3.0.1.5238.tar.gz
    #tar -zxvf iSymphonyServerV3-3.0.1.5238.tar.gz
    #cd iSymphonyServerV3-3.0.1.5238
    #chmod +x install.sh
    #./install.sh [Note, when asked for the location of SUN JRE enter /usr/lib/jvm/java-7-oracle leave default path for install location of iSymphony, i.e. /opt/isymphony3/server]
    #/opt/isymphony3/server/startup.sh [this will start the iSymphony server instance]
    To check if its running, you should see ports tcp 58080 listening
    #netstat -an | grep 58080
  3. Setup AMI (manager)
    If you have the module, use the FreePBX’s Asterisk API module, otherwise, simply edit
    #nano /etc/asterisk/manager_custom.conf
    Paste something like this below

    [cxpanel]
    secret = cxpSecure123
    deny = 0.0.0.0/0.0.0.0
    permit=127.0.0.1/255.255.255.0
    read = all
    write = all


    Now, reload manager like below

    #asterisk –rx “manager reload”
    Note: If you get “Privilege escalation protection disabled!” the setting “live_dangerously” is turned on in asterisk.conf. If this is the case, simply run that “manager reload” command inside asterisk shell (asterisk –r)

Now, by using the admin page of iSymphony (e.g. http://192.168.2.55:58080/administrator/admin where 192.168.2.55 is your own IP address), login using the FreePBX’s admin user and password (as default used by iSymphony as the admin user). Navigate to Phone System, click on PBX Connection, “edit” the localhost connection setting. In there, modify the username/password as set above. In the example above the username is cxpanel and the password is cxpSecure123. Click save. This will allow iSymphony to originate and control calls using the AMI protocol from Asterisk.

 

OPTIONAL: Autostart at boot
To enable it to autostart, edit the file  /opt/isymphony3/server/config-vars.sh
Change the JAVA_HOME location to /usr/lib/jvm/java-7-oracle

#nano /etc/init.d/isymphony.sh [then paste the content below ]

#startup script for iSymphony for Debian installations
#!/bin/sh
### BEGIN INIT INFO
# Provides:          isymphony
# Required-Start:    $all
# Required-Stop:     $local_fs $syslog $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start isymphony at boot time
# Description:       Starts isymphony services at bootime
### END INIT INFO
#
case "$1" in
'start')
        /opt/isymphony3/server/startup.sh
       
RETVAL=0
        ;;

'stop')
        /opt/isymphony3/server/shutdown.sh
        RETVAL=0
        ;;

*)      echo "Usage: $0 { start | stop }"
        RETVAL=1
        ;;
esac
exit $RETVAL

    1. #chmod +x /etc/init.d/isymphony.sh
      #update-rc.d isymphony.sh defaults

    2. Install and enable the FreePBX iSymphony module
      Download the FreePBX module here [Download the “FreePBX Module” tar.gz file]
      Now, head on to FreePBX, click on Admin | Module Admin and click on Upload Modules. Then upload the FreePBX module (should look something like cxpanel-3.0.5238.tar.gz). Choose file and click “Upload”
      Then, click on Manage Local Modules, and ensure that iSymphony V3 is selected and set to install!
      Click on Process, Confirm and then “Apply Config”
    3. Be sure if you have iptables or any types of firewalls behind your box (or inside it) it allows TCP 58080!
    4. Now, see the notes below

NOTES:

  1. The default admin page can be accessed via http://192.168.2.55:58080/administrator/admin where 192.168.2.55 is your own IP address
    Here’s my screenshot of the admin page:
    image
  2. The default admin access is admin/<your freepbx admin password>, mine was @steriskRocks1, per my Asterisk image
  3. Users, are created in FreePBX 2.11 (be sure to update to latest freepbx versions online) where now it combines/manages users under “User Management” and the usual extension/users module, that will have an iSymphony account tied to it, as shown below. It is optional to enable or not.
    This below is my user 10000 i created:
    image
  4. Now, that user 10000 has access to iSymphony, via http://192.168.2.55:58080/client/client where 192.168.2.55 is your own IP Address
  5. Simply login and you can see the wonderful features/interface as below
    image
  6. Enjoy and do let me know if you need help or let us help you install in your company

Friday, February 7, 2014

IMPORTANT: Security Vulnerability Notice for FreePBX 2.9 or higher systems

Earlier today, an important security update and notice has been released to address a potentially dangerous vulnerability for remote code execution without proper authentication. Please take some time to update your systems or your clients’.

Link to the article:

http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

Taken off the link for a summary:

"We are blogging to inform you of a recently discovered security vulnerability reported yesterday in FreePBX Ticket 7123 (originally reported in ticket 7117 which is locked because of sensitive information). All FreePBX versions 2.9 and above are affected. You should immediately update your FreePBX Framework Module to secure your system from a potential attack."

Thank you FreePBX/Schmooze team for responsibly disclosing and keeping our systems safe.

 

Thank you and have a wonderful weekend.

Friday, November 22, 2013

A new kind of old phones hacking way


Image source: www.itechfreak.com

After analysing some logs we got, it was obvious that the calls that had been made were successful attempts in placing calls to expensive and exotic numbers, and the biggest one was Sierra Leone. one of the most common places these thieves dial.

What was involved:

1) Two PaBXes, one PBX A and the other was Asterisk running FreePBX

2) TollFree number, e.g. 1800XX

Please note, this attempt was NOT via SIP (or hacked extensions) but pure PSTN and therefore can happen to anyone who connects to an Asterisk box or for that matter any kind of PaBX.

 

What happened?

image

  1. Thief dials tollfree 1800XX for example and realises there are a full PaBX in there
  2. Received by PBX A which just forwards to PBX B
  3. PBX B creates a forwarding number (via follow-me) to a queue. Because of this, the context which this user rides on is “from-internal”, therefore changing the entire context of “from-trunk” to “from-internal” or commonly known as the “ALLOW ANY” rule
  4. Then while reaching the destination of the forward, (upon answer or ring), the caller does a blind transfer in Asterisk/FreePBX by dialing ##
  5. Dials a new destination, therefore the arbitrary user created, e.g. 1000 is the source and whatever destination the thief dials is the destination.

Notes about this attack

  • Thief dials to 1800XX few hundreds of times wanting to do reconnaissance over which equipment you use
  • Once they find out, they will go up and research about the equipment you use, in this particular case it was Asterisk/FreePBX
  • They then attempts the call as per the flow chart above and successfully make calls

 

What you should know about this method

  1. It is do-able on any Asterisk/FreePBX if you have a forwarded context that’s not secure, e.g. from-internal or any kind of follow-me done on extensions or a particular extension itself, inheriting that extension’s context
  2. It is normally done with TollFree numbers so the attempts and calling from the thief for actual calls or reconnaissance is free for them

 

What should you do? – And make this a habit when deploying any Asterisk/FreePBX solution for your customers!

  1. Block international calls to exotic numbers (i have a list of numbers of very commonly used numbers for these kind of hacks and also very expensive calling routes)
  2. Change the from-internal-xfer context restricting it to calling internal extensions only
  3. Enable pin based dialling for International calls on your Outbound Routes
  4. Monitor international calls, always
  5. Inform your telco to monitor your calls and put a cap on the maximum amount of calls that can be made by you

Saturday, November 16, 2013

FreePBX/Asterisk – Per User Pin Set for the poor man

Firstly, FreePBX’s PRO module does this in such elegance http://www.schmoozecom.com/pinsetpro.php. Do support the FreePBX team and make the purchase and keep those devs motivated :-). Thank you for helping!

 

This article describes step by step to do a poor man’s PINSET per user/extension in FreePBX. Why? Cause users keep sharing pinsets and no one takes responsibility on its usage.

It may not be the prettiest way of doing things, but it sure does the job :-)

 

What do you need to use this, more info etc..

  1. FreePBX 2.8 /Asterisk 1.8 or higher (may work for lower versions)
  2. If using FreePBX 2.10 or higher, there’s a setting to bypass pin (pinless dialing), this guide/hack “supports”. Meaning if you enable pinless, you won’t need a pin.
  3. This method hacks the freepbx generated configs using the _override_ file, so be sure to know what is the repercussion of hacking this, e.g. you will lose some configs made in the GUI (except for record in CDR value)
  4. If using Record in CDR, this method honours this request and records it in Account Code column inside asteriskcdrdb
  5. If using the pinset number n in which we defined custom pinsets, it will go through the custom method (per user), otherwise, it will use back the pinsets generated in the PinSet module in FreePBX Gui and work per normal pinset module. Therefore, not affecting other PINsets that you’ve been doing/using.
  6. If a particular user does not have voicemail or you do not want voicemail for that extension, this method will not work. All you got to do is be creative and use another location/method to read
  7. Why i use voicemail password? Simple, cause its user manageable through Asterisk Recording Interface (freepbx gui) or voicemailmain app on Asterisk (when you dial *97)

 

Ok here are the steps:

  1. Create “USER-PINSET” in the Pin Set module, in FreePBX, optionally put the bla bla “Uses our…”
    image
  2. NOTE: You can select to Record in CDR or not, this will be honoured in this custom per use pinset way
  3. When pinsets are created, it will be in placed in a chronological order which it was created, so if you created this particular pinset as the 3rd one, remember that order/number, we will use it later. In my example, this is my first ever created pinset, so it has the chronological order of 1.
    image
  4. The second that i created (AA-Second) will be no 2 and so on …
  5. Now, create a file in /var/lib/asterisk/agi-bin/vmbasedpin.sh, paste the following content in there;
  6. Change the location of vmconfloc if needed. Most cases you don’t have to.

    #!/bin/bash
    #by sanjay@astiostech.com
    vmconfloc="/etc/asterisk/voicemail.conf"
    #
    while test -n "$1"; do
        case "$1" in
            -E)
                ext=$2
                shift
               ;;
    esac
    shift
    done
    #
    # ERROR CHECKING FOR INPUTS
    if [[ "$ext" == "" ]]; then
        echo "ERR" | tr -d '\n' | tr -d ' '
        exit 1
    fi
    #
    #Get pin stored in conf file
    mypin=`cat $vmconfloc | grep $ext | cut -d '>' -f2 | cut -d , -f1 | tr -d " " | tr -d "\n"`
    if [[ "$mypin" == "" ]]; then
        echo "ERR" | tr -d '\n' | tr -d ' '
        exit 1
    else
        echo "$mypin" | tr '\n' ' ' | tr -d ' '
        exit 0
    fi
    exit 2

  7. Make the file executable and make asterisk user own it, in my case asterisk user/group is asterisk
    #chmod +x /var/lib/asterisk/agi-bin/vmbasedpin.sh
    #chown asterisk:asterisk /var/lib/asterisk/agi-bin/vmbasedpin.sh
  8. The above script reads the voicemail configuration file, which normally is located in /etc/asterisk/voicemail.conf. It does read only, doesn’t write anything so no special permissions required. If this file don’t exist, it means no user has voicemail enabled on the system.
  9. Now, edit the file /etc/asterisk/extensions_override_freepbx.conf and paste the content/context below in it, somewhere
  10. Define which order this special “USER-PINSET” was created, in my case its the first pinset, therefore, its 1, see bold text below

    [macro-pinsets]
    include => macro-pinsets-custom
    exten => s,1,NoOp(Starting custom PINSETS)
    exten => s,n,Set(MYCUSTOMPIN=1)
    exten => s,n,GotoIf($["${MYCUSTOMPIN}" = "${ARG1}"]?mypinset,1)
    ;
    exten => s,n,GotoIf(${ARG2} = 1?cdr,1)
    exten => s,n,ExecIf($["${DB(AMPUSER/${AMPUSER}/pinless)}" != "NOPASSWD"]?Authenticate(/etc/asterisk/pinset_${ARG1}))
    exten => s,n,ExecIf($["${DB(AMPUSER/${AMPUSER}/pinless)}" != "NOPASSWD"]?ResetCDR())
    ;
    exten => cdr,1,ExecIf($["${DB(AMPUSER/${AMPUSER}/pinless)}" != "NOPASSWD"]?Authenticate(/etc/asterisk/pinset_${ARG1},a))
    exten => cdr,n,ExecIf($["${DB(AMPUSER/${AMPUSER}/pinless)}" != "NOPASSWD"]?ResetCDR())
    ;
    exten => mypinset,1,NoOp(Custom Pinsets)
    exten => mypinset,n,GotoIf($["${ARG2}" = "1"]?mypinset-cdr,1)
    exten => mypinset,n,Set(MYPRIVATEPIN=${SHELL(/var/lib/asterisk/agi-bin/vmbasedpin.sh -E ${AMPUSERCID})})
    exten => mypinset,n,ExecIf($["${DB(AMPUSER/${AMPUSER}/pinless)}" != "NOPASSWD"]?Authenticate(${MYPRIVATEPIN}))
    exten => mypinset,n,ExecIf($["${DB(AMPUSER/${AMPUSER}/pinless)}" != "NOPASSWD"]?ResetCDR())
    ;
    exten => mypinset-cdr,1,NoOp(Custom Pinsets)
    exten => mypinset-cdr,n,Set(MYPRIVATEPIN=${SHELL(/var/lib/asterisk/agi-bin/vmbasedpin.sh -E ${AMPUSERCID})})
    exten => mypinset-cdr,n,ExecIf($["${DB(AMPUSER/${AMPUSER}/pinless)}" != "NOPASSWD"]?Authenticate(${MYPRIVATEPIN},a))
    exten => mypinset-cdr,n,ExecIf($["${DB(AMPUSER/${AMPUSER}/pinless)}" != "NOPASSWD"]?ResetCDR())

  11. Important: The variable AMPUSERCID must contain a value otherwise this will not work, or use your own variable if you know what you’re doing. FreePBX users need not worry, this value should always be there!
  12. You can first test to see if the script vmbasedpin.sh is executable or not, here i am testing for user 1000, which should return the value of 9999 (her voicemail pin number)
    #/var/lib/asterisk/agi-bin/vmbasedpin.sh -E 1001
  13. IMPORTANT: If there’s no voicemail password/pin defined, or there was an error or it can’t find the extension, or there’s no E value parsed, the output value ERR will be returned therefore, its impossible for a user to make that call particular call when this pinset is used. 
  14. Now, simply go edit your outbound route to use this pinset, like so;
    image  
  15. Go to a particular user’s configuration page, add/edit their vm password, like so;
    image  
  16. Click on Apply Config or reload the dialplan via CLI.
  17. And here’s how the CLI looks like when making a call…( i am using extension 1058, with a pin defined in my vm as 1012
    image
  18. Notice the MYPRIVATEPIN=1012, yes, that was read off the voicemail.conf file
  19. And since check the “Record in CDR” flag in that pinset inside FreePBX, the authentication parses the “,a” option
  20. Putting the value in CDR allows me to run reports using the FreePBX’s CDR Report tool and filter the “Account Code” section where the Pinset used when dialling are recorded.
  21. Enjoy and as usual, do give us feedback!

Tuesday, October 15, 2013

Debian 6 Squeeze(32/64) - Asterisk 11, FreeSWITCH living under one root(f) to make SKYPE free again!

Images taken off various sources on the internet


[UPDATE 15-10-2013]

This guide was taken off various sources but it all started from the Nerd Vittles’s forum entry here and various other wonderful resources such as FS-Wiki. I do not claim any rights/credits to this. It’s all of the contributors around the world of Asterisk that helped me put together a simple guide for simple implementation. Thanks to all the great work from all these great people who made this guide possible, Ward Mundy, the work from PSU VoIP, thank you. This is just a shortcut small mod for Debian 6 (Squeeze) 32/64bit.

Ready to Skype?

 
(img src rapgenius.com)

 

Warnings/Notices and Requirements:

  • I STRONLY RECOMMEND USING 32 BIT SYSTEMS TO AVOID THE SKYPE CLIENT COMPLICATIONS WITH 64 BIT…

  • WARNING, THIS TUTORIAL IS FOR EDUCATION PURPOSES ONLY

  • WARNING, TEST THIS BEFORE IMPLEMENTING ON LIVE/PRODUCTION SYSTEMS

  • IT IS IMPORTANT TO KNOW THAT EACH CHANNEL OPENS A NEW INSTANCE OF SKYPE CLIENT ON A WHOLE NEW VIRTUAL ENV, SO, HAVE LOTS OF MEMORY IF YOU WANT TO RUN MULTIPLE INSTANCES/CHANNELS

  • I STRONGLY RECOMMEND YOU TO USE A PHYSICAL SERVER/PC TO DO THIS, VMS ARE FINE FOR TESTS!

  • A sound card
  • Virtualised sound card (like in VMs), like below for VirtualBox (to detect audio device in VMs, you need their respective guest addons software)
  • You must be able to see an audio device when do you
    • #lspci | grep Audio
  • e.g. Virtualbox setup for virtual audio
    image 
    • NOTE: I’ve had better quality with ICHAC97 for virtual box

Optionally you could

  • Run a local asterisk (all in one soup)
  • swsterisk debian 64bit image

How it works

  • A Skype mod in FreeSWITCH called mod_skypopen load and registers Skype client connections made by the Linux Skype client which can be loaded as many times as you want (each load=1 channel) meaning you can possible have multiple channels on Skype for free

How is this different from Skype Manager/Business

  • This is not the SIP trunk service called SkypeConnect
  • It connects far faster than SkypeConnect
  • It supports multichannels for Free
  • It support all skype clients, including normal skype users or business users (created in Skype Manager)
  • This is free but should be used for testing (do not infringe any terms and conditions from Skype by using this commercially)
  • Its FREE
  • Its FREE
  • Its FREE again

IMPORTANT

  • You will need to expose your skype password in clear, so be aware of that
  • At minimum you need FreeSWITCH, Asterisk is optional, but since are Asterisk and FreePBX fanboys we make the all-in-one soup

And here are the steps!

  • You can use a bare installed Debian 64 or 32 (highly recommended to use 32 bit)
  • Add contrib into your repo
  • #nano /etc/apt/sources.list
  • At the end of each line that says main, add the word contrib like below
    image
  • Run
  • #apt-get update 
  • #apt-get install libX11-dev subversion automake autoconf wget  libtiff4-dev libtool \
    libncurses5-dev xvfb libx11-dev libasound2-dev xfs xfonts-100dpi \
    xfonts-75dpi xfonts-scalable git-core dpkg-cross binutils-multiarch libasound2 \
    libstdc++6 libgcc1 libstdc++6 libncurses5-dev zlib1g alsa-base \
    linux-sound-base libfontenc1 libfs6 libice6 libpixman-1-0 libsm6 \
    libx11-6 libx11-data libx11-dev libxau-dev libxau6 libxaw7 libxcb1 \
    libxcb1-dev libxcursor1 libxdmcp-dev libxdmcp6 libxext6 libxfixes3 \
    libxfont1 libxi6 libxinerama1 libxkbfile1 libxmu6 libxmuu1 libxpm4 \
    libxrandr2 libxrender1 libxss1 libxt6 libxv1 x11-common pulseaudio-module-hal     \
    x11proto-core-dev x11proto-input-dev x11proto-kb-dev xauth libqt4-dbus libqt4-webkit \
    xfonts-100dpi xfonts-75dpi xfonts-encodings xfonts-scalable \
    xfonts-utils xfs xkb-data xml-core xserver-common xtrans-dev xvfb \
    libgl1-mesa-dri libcurl4-openssl-dev libjpeg62-dev pulseaudio  xfonts-100dpi xfonts-75dpi xfonts-scalable xfonts-cyrillic \
    linux-headers-`uname -r` cabextract x-ttcidfont-conf
     ttf-mscorefonts-installer
  • Select freetype when prompted
    • #dpkg-reconfigure x-ttcidfont-conf
  • #nano /etc/X11/XF86Config-4
  • Add  the following two lines
    • FontPath "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"
    • FontPath "/var/lib/defoma/x-ttcidfont-conf.d/dirs/CID"
  • #nano /etc/X11/fs/config
  • At the end of the catalogue= add the following lines separated by commas like below (don’t forget the first comma)
    • ,/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType/,/var/lib/defoma/x-ttcidfont-conf.d/dirs/CID/
  • Restart xfs
    • # /etc/init.d/xfs restart
  • FOR 64bit SQUEEZE only, NOTE: Because you are forcing different arcs, you may get errors on your next run of #apt-get install….
  • #reboot    (strongly suggested)
  • Time to install FreeSWITCH
  • #cd /usr/src
  • #git clone git://git.freeswitch.org/freeswitch.git
  • #cd freeswitch && ./bootstrap.sh && ./configure
  • #sed -i 's/\#codecs\/mod_g729/codecs\/mod_g729/g' /usr/src/freeswitch/modules.conf
  • #sed -i 's/\#codecs\/mod_silk/codecs\/mod_silk/g' /usr/src/freeswitch/modules.conf
  • #sed -i 's/\#endpoints\/mod_skypopen/endpoints\/mod_skypopen/g' /usr/src/freeswitch/modules.conf
  • #make && make install
  • #mv /usr/local/freeswitch/conf/autoload_configs /usr/local/freeswitch/conf/autoload_configs_noload
  • #cd /usr/src/freeswitch/src/mod/endpoints/mod_skypopen/oss
  • #make clean && make &&  insmod ./skypopen.ko && mknod /dev/dsp c 14 3
  • Create a backup of the freeswitch.xml files as we will be getting our own basic configuration that does not listen to 5060 (As it will conflict with Asterisk, we will use UDP 5070) and simply throws all calls coming into FreeSWITCH to Asterisk via SIP and all calls from Asterisk to throw to mod_skypopen and into Skype VoIP cloud. If you are throwing the calls out on another Asterisk box (external box) be sure to modify the value  127.0.0.1 inside the new freeswitch.xml <settings> tag to something like your local IP and/or the public (natted) IP if it is natted. Also, when the asterisk server is external, change 127.0.0.1 to your external asterisk server IP address under the tag <gateways>. If you are planning to install and run Asterisk 11 on the same box, then don’t change anything there!

  • #mv /usr/local/freeswitch/conf/freeswitch.xml /usr/local/freeswitch/conf/freeswitch.xml.bak
  • #cd /usr/src
  • #mkdir fs-skypecfg
  • #cd fs-skypecfg
  • #wget www.astiostech.com/public/fsskype/freeswitch.tar.gz
  • #tar -zxvf freeswitch.tar.gz
  • #cp ./freeswitch.xml /usr/local/freeswitch/conf/
  • #chmod +x setup-skype-4.pl
  • Ok, now its time to setup one or more of your Skype Accounts, simply run and follow on screen instructions. PS: If you can’t get through this below, what are you doing here mate?. WARNING! You should not get any errors! If you do, let us know report here!

  • #./setup-skype-4.pl
    • It will ask your skype username

    • It will ask your skype password (be sure to test logon using a normal Skype client to see can work or not!)

    • Destination –> Use as suggested

    • Channels –> How many channels you need concurrently

    • Answer few more questions and it will download Skype client 4.2

    • At the end you must see the word SUCCESS!!!

  • Be sure freeswitch run as a normal user for startime

    • #adduser --disabled-password  --quiet --system --home /usr/local/freeswitch --gecos "FreeSWITCH Voice Platform" --ingroup daemon freeswitch
    • #chown -R freeswitch:daemon /usr/local/freeswitch/
    • #chmod -R o-rwx /usr/local/freeswitch/
  • Add the init scripts for freeswitch and fsskype as fsskype single script

    • #cd /etc/init.d/
    • #wget www.astiostech.com/public/fsskype/fsskype
    • #chmod +x fsskype
    • NOTE: fsskype starts and stops freeswitch as well, so just start fsskype during startup. Also be sure that this starts right at the end

    • #update-rc.d fsskype defaults 99
  • Now, do your regular Asterisk install as described in the most basic way here, or if you are running Asterisk and FreePBX then great, proceed to enable/configure Asterisk trunk settings and allowing communications.

  • Add a SIP trunk inside FreePBX like this

    • TrunkName: FreeSWITCH-Asterisk
    • Trunk Name in peer details: freeswitch
      • username=freeswitch
      • type=user
      • trustrpid=yes
      • sendrpid=yes
      • port=5070 ;remember freeswitch sip runs on this port
      • insecure=port,invite
      • host=127.0.0.1 ; remember freeswitch only listens to localhost
      • context=from-trunk
  • Setup an inbound route. Lets say your skype username is sanjayws, then create an inbound route where the DID will then be sanjayws, e.g. like below
    image
    • Send the incoming call to any destination of your fancy, in my case, its a conference room
  • Under Asterisk SIP settings, be sure to allow 127.0.0.1 as your local network, to avoid one way audio issues or natting problems, my other network, the normal ETH0 network is 192….while the 202 is my liveIP incase i need to connect from Outside of my LAN or via my public network with NAT
    image
  • And you’re done!, lets start fsskype

    • WARNING you should not get any errors before, while or after starting fsskype!, if you do, report here

    • DO NOTE, the more channels you have the longer the start will be, it can be very long, so chillout and don’t freak out!

    • #/etc/init.d/fsskype start
  • Now, you should see your skype username (if you’ve already added that person into your skype account, pop open as online). If you do not see it online, its likely that you’ve not logged into that account and added manually or just ignore that and straightaway right click on the name and call (not via PSTN call or Phone number)

  • Just wait a while if Skype doesn’t automatically bridges calls to FS and Asterisk, wait like a minute!

  • Try also outbound [not covering here], you need a phone capable of dialing out with letters since Skype are all alpha {duh}

  • Well anyway, here are some screen shot

  • My skype, with user sanjayW online inside our Debian box


    image image
  • FreeSWITCH received the call and passing it to Asterisk

    image

  • Asterisk passing it to Conference app

    image

  • Process info – Skype single channel, if you got more channels, more lines will appear

    image

 

Thank you for reading. And as usual please do give us your feedback! Thank you.

Thursday, September 19, 2013

Upgrade to Asterisk 11 and fail2ban 0.8.8 to protect Asterisk like never before, here’s why and how.

image source: www.thegeekstuff.com

 

Asterisk 11 introduced the security log event channel which basically throws all security (success, failure, etc) which the past full log couldn’t show. Scripts attacks like sipvicious that does scanning on your system or even tries to bombard your system with auth requests would trigger a super uber cool tool like fail2ban because the source IP is not show, such as the log entries like below;

[2013-08-13 19:05:16] NOTICE[4027][C-000051b0] chan_sip.c: Failed to authenticate device 100<sip:100@<myserverIP>>;tag=d6b948e3
[2013-08-13 19:05:17] NOTICE[4027][C-000051b1] chan_sip.c: Failed to authenticate device 100<sip:100@<myserverIP>>;tag=baeae036
[2013-08-13 19:05:18] NOTICE[4027][C-000051b2] chan_sip.c: Failed to authenticate device 100<sip:100@<myserverIP>>;tag=0097749c
[2013-08-13 19:05:19] NOTICE[4027][C-000051b3] chan_sip.c: Failed to authenticate device 100<sip:100@<myserverIP>>;tag=f2a79638
[2013-08-13 19:05:21] NOTICE[4027][C-000051b4] chan_sip.c: Failed to authenticate device 100<sip:100@<myserverIP>>;tag=2bc55684
[2013-08-13 19:05:22] NOTICE[4027][C-000051b5] chan_sip.c: Failed to authenticate device 100<sip:100@<myserverIP>>;tag=f7ba490c

NOTE: <myserverIP> has been changed by me to hide my server IP.

As you can see, the “attack” above can go on and on without fail2ban being able to do anything since the source IP is not shown in that log, sadly.

Now with Asterisk 11 and enabling with security log, you could see much more data of the similar attack/test;

[2013-09-18 02:56:20] SECURITY[8324] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1379444180-215558",Severity="Error",Service="SIP",EventVersion="2",AccountID="100",SessionID="0x9ad18cc",LocalAddress="IPV4/UDP/<myserverIP>/5060",RemoteAddress="IPV4/UDP/37.8.42.146/12495",
Challenge="642e69ae",ReceivedChallenge="642e69ae",ReceivedHash="56c74b58db0a623d5193a7afee4da7ff"

NOTE: <myserverIP> has been changed by me to hide my server IP.

Now, notice the similar attack with security logging channel enabled, shows the IP of the attacker highlighted in bold, as above. Now, there’s enough information for fail2ban to do “something” like ban his ass for 2000 years :)

Enough to convince you to use Asterisk 11? For me it is sufficient to put 11 as our main distribution.

If you’re convinced, and would like to use this, you would need the following

1) Asterisk 11 (with or without FreePBX)

2) Enable security channel

3) Install/use latest fail2ban or version 0.8.8

4) Setup  the appropriate jail.conf and patterns

5) Auto start fail2ban after asterisk starts (important!)

In this guide i will not show you how to setup or upgrade to Asterisk 11, but there’s a blog posting here in my blog which you can already find such steps. I will start from no.2 onwards. Do note, this is designed for a Debian system, but you can use the settings herein of course to match your own operating system. To find out requirements for fail2ban, visit www.fail2ban.org, basically for this below, have iptables and python v 2.4 or higher

Enable security channel logs

  1. FreePBX users, the “Log File Setting” module does not support security as its option, so the only way is to edit the file /etc/asterisk/logger_logfiles_custom.conf. By default, the “messages” channel is also not created in FreePBX, so now when you want to take advantage of fail2ban enable it. Add the following lines for FreePBX users

    messages => security,notice,warning,error
  2. If you’re not using freepbx, simply add that above line in logger.conf under [logfiles] section
  3. Reload the logger
    #asterisk –rx “logger reload”
  4. Now, check if the messages log is populated, in my installation log files are in /var/log/asterisk/
    #tail –f /var/log/asterisk/messages
  5. If you see entries with “SECURITY” as the event type, then it works great, proceed to next step

Install/use/upgrade/configure/autostart to latest fail2ban

The apt repo for fail2ban is only at version 0.6.X which does not have some cool features like single host unbanning. Install fail2ban with dpkg first, then do the source file way of upgrading

  1. #wget http://ftp.us.debian.org/debian/pool/main/f/fail2ban/fail2ban_0.8.6-3wheezy1_all.deb
  2. #dpkg -i fail2ban_0.8.6-3wheezy1_all.deb
    This will properly populate all files including the init.d files for you
  3. Now, we perform the upgrade
  4. #wget http://www.astiostech.com/asterisk-installer/astbin/current/fail2ban_0.8.8.orig.tar.gz
  5. #tar –zxvf fail2ban_0.8.8.orig.tar.gz
  6. #cd fail2ban && python setup.py install
  7. Now, lets start editing the important files, be sure to copy paste correctly
  8. #cd /etc/fail2ban
  9. #cp jail.conf jail.original.conf
  10. #nano jail.conf 
    Be sure to edit the dest email, this action triggers iptables-apports meaning ban the source address from all ports for 259200 seconds after 6 attempts. Modify as you wish. An email with WHOIS information will be sent to the email address specified. Notice we are checking the /var/log/asterisk/messages as defined above for the event triggers as seen in item 15 asterisk.conf below.

    Add the following codes into jail.conf at the end

    ##start##
    [asterisk-iptables]

    enabled  = true
    filter   = asterisk
    action   = iptables-allports[name=ASTERISK, protocol=all]
    # Modify and uncomment below to send email, make sure exim4 has been reconfigured
               mail-whois[name=ASTERISK, dest=support@astiostech.com, sender=root@asterisk.localhost]
    logpath  = /var/log/asterisk/messages
    maxretry = 6
    bantime = 259200

    ##end##

  11. Inside jail.conf, there’s a option called ignoreip = 127.0.0.1, you can add more IPs which you want to whitelist there. "ignoreip" can be an IP address, a CIDR mask or a DNS host separated by a space for each entry.
  12. Now, we edit the filter, this is where we take advantage of the security log, see the final few entries which has the option for security log based log entries as well.
  13. #cd /etc/fail2ban/filter.d/
  14. #cp asterisk.conf asterisk.original.conf
  15. #nano asterisk.conf
    Copy and paste exactly like shown below, remember, everything here must be in a single line even if it doesn’t show it that way in the blog. Change where you see fit, do note, if you don’t know what you’re doing, don’t change it.

    ##start##

    # Fail2Ban configuration file
    # Author: Xavier Devlamynck

    [INCLUDES]

    # Read common prefixes. If any customizations available -- read them from
    # common.local
    before = common.conf

    [Definition]

    # Option:  failregex
    # Notes.:  regex to match the password failures messages in the logfile.
    # Values:  TEXT
    #
    log_prefix= \[\]\s*(?:NOTICE|SECURITY)%(__pid_re)s:?(?:\[\S+\d*\])? \S+:\d*

    failregex = ^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - Wrong password$
                ^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - No matching peer found$
                ^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - Username/auth name mismatch$
                ^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - Device does not match ACL$
                ^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - Peer is not supposed to register$
                ^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - ACL error \(permit/deny\)$
                ^%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - Not a local domain$
                ^%(log_prefix)s Call from '[^']*' \(<HOST>:\d+\) to extension '\d+' rejected because extension not found in context 'default'\.$
                ^%(log_prefix)s Host <HOST> failed to authenticate as '[^']*'$
                ^%(log_prefix)s No registration for peer '[^']*' \(from <HOST>\)$
                ^%(log_prefix)s Host <HOST> failed MD5 authentication for '[^']*' \([^)]+\)$
                ^%(log_prefix)s Failed to authenticate (user|device) [^@]+@<HOST>\S*$
                ^%(log_prefix)s (?:handle_request_subscribe: )?Sending fake auth rejection for (device|user) \d*<sip:[^@]+@<HOST>>;tag=\w+\S*$
                ^%(log_prefix)s SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="[\d-]+",Severity="[\w]+",Service="[\w]+",EventVersion="\d+",AccountID="\d+",SessionID="0x[\da-f]+",LocalAddress="IPV[46]/(UD|TC)P/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UD|TC)P/<HOST>/\d+"(,Challenge="\w+",ReceivedChallenge="\w+")?(,ReceivedHash="[\da-f]+")?$

    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =

    ##end##

  16. And that’s it, it will now be able to detect almost any kind of security related events. If you know how to edit regexes, this will be a super security Swiss army knife for you.
  17. Now, start/restart fail2ban
    #/etc/init.d/fail2ban restart
  18. Checkout if fail2ban is running / not
    #iptables –L –vn
    You should see the fail2ban-asterisk somewhere at the end of IPTABLES chains definitions
  19. Now, before you do this test below, be sure you’ve got a way to access your server when it does get banned
  20. Do a sipvicious scan on your server and after 6 lame attempts, you get banned! [or not, if this above is not configured properly]