fail2ban + Asterisk + Debian

1) # apt-get install fail2ban iptables python
2) # cd /etc/fail2ban/filter.d/
тут фильтры. (ололо)
3) # vim asterisk.conf

[INCLUDES]

failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Wrong password

            NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching peer found

            NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching peer found

            NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Username/auth name mismatch

            NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Device does not match ACL

            NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Peer is not supposed to register

            NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - ACL error (permit/deny)

            NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Device does not match ACL

            NOTICE.* .*: Registration from '\".*\".*' failed for '<HOST>:.*' - No matching peer found

            NOTICE.* .*: Registration from '\".*\".*' failed for '<HOST>:.*' - Wrong password

            NOTICE.* <HOST> failed to authenticate as '.*'$

            NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)

            NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)

            NOTICE.* .*: Failed to authenticate user .*@<HOST>.*

            NOTICE.* .*: <HOST> failed to authenticate as '.*'

            NOTICE.* .*: <HOST> tried  to authenticate with nonexistent user '.*'

            VERBOSE.*SIP/<HOST>-.*Received incoming SIP connection from unknown peer

ignoreregex =

4) # vim /etc/fail2ban/jail.conf
дописать в конфиг параметры очевидны.

# from asterisk
[asterisk-iptables]
enabled  = true
filter   = asterisk
action   = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=root, sender=root@kyct.ru]
logpath  = /home/asterisk/ap/log/messages
maxretry = 6
bantime = 259200

5) # vim /home/asterisk/ap/etc/logger.conf
 дописать в конфиг

[general]
dateformat=%F %T

6) Перезапускаем проверяем. 
# iptables -L -v
 

proxmox usb port to kvm

root@proxmox:~# lsusb -t
1-1.4:1.0: No such file or directory
/:  Bus 03.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M
    |__ Port 1: Dev 2, If 0, Class=HID, Driver=usbhid, 12M
    |__ Port 1: Dev 2, If 1, Class=HID, Driver=usbhid, 12M
/:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=ehci_hcd/2p, 480M
    |__ Port 1: Dev 2, If 0, Class=hub, Driver=hub/6p, 480M
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci_hcd/2p, 480M
    |__ Port 1: Dev 2, If 0, Class=hub, Driver=hub/6p, 480M
        |__ Port 4: Dev 3, If 0, Class=vend., Driver=, 12M
        |__ Port 5: Dev 5, If 0, Class=vend., Driver=usbfs, 1.5M
        |__ Port 6: Dev 6, If 0, Class=vend., Driver=usbfs, 1.5M



vim /etc/pve/qemu-server/100.conf
add
usb0: host=1-1.6

openvz mount host directory

Example

 :~# cat > /etc/vz/conf/113.mount
  #!/bin/bash
. /etc/vz/vz.conf
. /etc/vz/conf/113.conf
SRC=/home/kyct/host
DST=/home/kyct/virt
VE_ROOT=/vz/root/113
if [ ! -e ${VE_ROOT}$DST} ]; then mkdir -p ${VE_ROOT}${DST}; fi
mount -n -t simfs ${SRC} ${VE_ROOT}${DST} -o ${SRC}
 
:~# chmod 755 /etc/vz/conf/113.mount

для рачков:

vz - 113
SRC - папка на хост машине
DST - папка в гостевой машине

proxmox bridge interfaces

proxmox-main:~# cat /etc/network/interfaces

# network interface settings
auto lo
iface lo inet loopback

# dns-* options are implemented by the resolvconf package, if installed
iface eth1 inet manual
iface eth0 inet manual
# eth0 кабель с локалкой
# eth1 ненужен

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.10
        netmask 255.255.255.0
        gateway 192.168.1.1
        dns-nameserver 192.168.1.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

ставим proxmox

1) apt-get install vim 
2) vim /etc/hosts 
#ставим ip компа (без этого ошибки при установки)
3) vim /etc/apt/sources.list

# 

# deb cdrom:[Debian GNU/Linux 6.0.6 _Squeeze_ - Official amd64 NETINST Binary-1 20120930-15:53]/ squeeze main

#deb cdrom:[Debian GNU/Linux 6.0.6 _Squeeze_ - Official amd64 NETINST Binary-1 20120930-15:53]/ squeeze main

deb http://ftp.at.debian.org/debian squeeze main contrib

# PVE packages provided by proxmox.com
deb http://download.proxmox.com/debian squeeze pve

# security updates
deb http://security.debian.org/ squeeze/updates main contrib

4)

wget -O- "http://download.proxmox.com/debian/key.asc" | apt-key add -

5) aptitude update
6) aptitude upgrade
7) aptitude install pve-kernel-2.6.32-19-pve
#актуальность версии http://download.proxmox.com/debian/dists/squeeze/pve/binary-amd64/
8) reboot
9) uname -a 
#проверяем ядро 2.6.32-19-pve 
10) aptitude install pve-headers-2.6.32-19-pve proxmox-ve-2.6.32 ntp ssh lvm2 postfix ksm-control-daemon vzprocps
11) a2ensite pve-redirect.conf
12) /etc/init.d/apache2 restart