forked from norman/fusionpbx-install.sh-github-mirror
4fc59b5e5e
- Added optional applications.sh scripts. - Added call_recordings.php script for wav - mp3 conversion. - Updated ubuntu\resources\fusionpbx\config.conf to add entry for setting the event socket password and a comment at the top to direct admins to where they can find more configuration options for this file. - Updated config.sh to add switch_token entry and some version changes to make the installer Ubuntu 24.04 compatible. - Added on the Optional applications. - Updated environment.sh to include setting the PATH just in case. - Updated finish.sh to include output of database username and password to save a few steps when setting up. - Added freeswitch-acl.conf from the Debian side as more security is important. - Updated jail.local to include freeswitch-acl as well as turning several items on by default (security should always be the default). - Updated install.sh to include some missing dependencies (nginx and build-essential) - Updated php.sh, and nginx.sh to include 8.1, 8.2 and 8.3 - Swapped plocate for mlocate in dependency install in ubuntu\resources\switch\source-release.sh - uncommented ./bootstrap.sh -j line for git compatibility - removed duplicate $switch_version from sed commands, added sed command to disable mod_av. - Added environment.sh include to switch.sh - Added monit files for freeswitch perms etc.
144 lines
3.6 KiB
Plaintext
Executable File
144 lines
3.6 KiB
Plaintext
Executable File
[ssh]
|
|
enabled = true
|
|
port = 22
|
|
protocol = ssh
|
|
filter = sshd
|
|
logpath = /var/log/auth.log
|
|
action = iptables-allports[name=sshd, protocol=all]
|
|
maxretry = 5
|
|
findtime = 7200
|
|
bantime = 86400
|
|
|
|
[freeswitch]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = freeswitch
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=freeswitch, protocol=all]
|
|
maxretry = 5
|
|
findtime = 600
|
|
bantime = 3600
|
|
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
|
|
|
[freeswitch-acl]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = freeswitch-acl
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=freeswitch-acl, protocol=all]
|
|
maxretry = 900
|
|
findtime = 60
|
|
bantime = 86400
|
|
|
|
[freeswitch-ip]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = freeswitch-ip
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=freeswitch-ip, protocol=all]
|
|
maxretry = 3
|
|
findtime = 30
|
|
bantime = 86400
|
|
|
|
[auth-challenge-ip]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = auth-challenge-ip
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=auth-challenge-ip, protocol=all]
|
|
maxretry = 3
|
|
findtime = 30
|
|
bantime = 86400
|
|
|
|
[sip-auth-challenge]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = sip-auth-challenge
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=sip-auth-challenge, protocol=all]
|
|
maxretry = 50
|
|
findtime = 30
|
|
bantime = 7200
|
|
|
|
[sip-auth-failure]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = sip-auth-failure
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=sip-auth-failure, protocol=all]
|
|
maxretry = 3
|
|
findtime = 30
|
|
bantime = 7200
|
|
|
|
[fusionpbx-404]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = fusionpbx-404
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=fusionpbx-404, protocol=all]
|
|
maxretry = 3
|
|
findtime = 300
|
|
bantime = 86400
|
|
|
|
[fusionpbx]
|
|
enabled = true
|
|
port = 80,443
|
|
protocol = tcp
|
|
filter = fusionpbx
|
|
logpath = /var/log/auth.log
|
|
action = iptables-allports[name=fusionpbx, protocol=all]
|
|
# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
|
maxretry = 10
|
|
findtime = 600
|
|
bantime = 3600
|
|
|
|
[fusionpbx-mac]
|
|
enabled = true
|
|
port = 80,443
|
|
protocol = tcp
|
|
filter = fusionpbx-mac
|
|
logpath = /var/log/syslog
|
|
action = iptables-allports[name=fusionpbx-mac, protocol=all]
|
|
# sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
|
maxretry = 5
|
|
findtime = 300
|
|
bantime = 86400
|
|
|
|
[nginx-404]
|
|
enabled = true
|
|
port = 80,443
|
|
protocol = tcp
|
|
filter = nginx-404
|
|
logpath = /var/log/nginx/access*.log
|
|
action = iptables-allports[name=nginx-404, protocol=all]
|
|
bantime = 3600
|
|
findtime = 60
|
|
maxretry = 120
|
|
|
|
[nginx-dos]
|
|
# Based on apache-badbots but a simple IP check (any IP requesting more than
|
|
# 300 pages in 60 seconds, or 5p/s average, is suspicious)
|
|
enabled = true
|
|
port = 80,443
|
|
protocol = tcp
|
|
filter = nginx-dos
|
|
logpath = /var/log/nginx/access*.log
|
|
action = iptables-allports[name=nginx-dos, protocol=all]
|
|
findtime = 60
|
|
bantime = 86400
|
|
maxretry = 300
|