I am using the following script to ban users failing to authenticate with fail2ban: My problem is that it logs attempts of users only existing to the database I would like to modify it in order to log all FAILED authentication attempts Is this possible?
# Authentication route route[AUTH] { #!ifdef WITH_AUTH
if(is_present_hf("Authorization")) { if($sht(a=>$au::auth_count)==3) { $var(exp) = $Ts - 900; if($sht(a=>$au::last_auth) > $var(exp)) { sl_send_reply("403", "Try later"); exit; } else { $sht(a=>$au::auth_count) = 0; } } if(!www_authenticate("$td", "subscriber")) { switch ($retcode) { case -1: sl_send_reply("403", "Forbidden"); exit; case -2: #fixed null -> $null: if($sht(a=>$au::auth_count) == $null) $sht(a=>$au::auth_count) = 0; $sht(a=>$au::auth_count) = $sht(a=>$au::auth_count) + 1; xlog("User $fu Authenticating from ip $si\n"); if($sht(a=>$au::auth_count) == 3) xlog("User $fU Authenticating for the 3d time from ip $si\n"); $sht(a=>$au::last_auth) = $Ts; break; } www_challenge("$td"/*realm*/,"0"/*qop*/); exit; } $sht(a=>$au::auth_count) = 0; } else { www_challenge("$td","0"); exit; } } #!endif
Hi!
you need to add one more case in switch ($retcode) condition: -3 (invalid user) - authentication user does not exist
look in complete list of negative codes here: http://www.kamailio.org/docs/modules/4.3.x/modules/auth_db.html#auth_db.f.ww...
Hope this helps
Cheers!
-- View this message in context: http://sip-router.1086192.n5.nabble.com/htable-banning-users-tp146572p146577... Sent from the Users mailing list archive at Nabble.com.
Hello,
I think auth_check() returns a particular code if the user doesn't exits -- see the readme and add the return code to the switch along with the -2 value.
Alternative, you can use the function is_subscriber() from auth_db module to detect if the user exists or not, and if not, ban it directly without
Cheers, Daniel
On 15/03/16 12:55, meres gr wrote:
I am using the following script to ban users failing to authenticate with fail2ban: My problem is that it logs attempts of users only existing to the database I would like to modify it in order to log all FAILED authentication attempts Is this possible?
# Authentication route route[AUTH] { #!ifdef WITH_AUTH
if(is_present_hf("Authorization")) { if($sht(a=>$au::auth_count)==3) { $var(exp) = $Ts - 900; if($sht(a=>$au::last_auth) > $var(exp)) { sl_send_reply("403", "Try later"); exit; } else { $sht(a=>$au::auth_count) = 0; } } if(!www_authenticate("$td", "subscriber")) { switch ($retcode) { case -1: sl_send_reply("403", "Forbidden"); exit; case -2: #fixed null -> $null: if($sht(a=>$au::auth_count) == $null) $sht(a=>$au::auth_count) = 0; $sht(a=>$au::auth_count) = $sht(a=>$au::auth_count) + 1; xlog("User $fu Authenticating from ip $si\n"); if($sht(a=>$au::auth_count) == 3) xlog("User $fU Authenticating for the 3d time from ip $si\n"); $sht(a=>$au::last_auth) = $Ts; break; } www_challenge("$td"/*realm*/,"0"/*qop*/); exit; } $sht(a=>$au::auth_count) = 0; } else { www_challenge("$td","0"); exit; } } #!endif
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
meres gr -
Vasiliy Ganchev