[OpenSIPS-Users] OpenSIPs w/ Fail2Ban - Change Log File (HOW TO)

Sat Feb 13 11:17:58 EST 2021

Dear OpenSIPs Community,

My goal for this topic is to get OpenSIPS 3.1 logging to a new file
OpenSIPs.log and then have Fail2Ban monitoring that log file for failed
login attempts by IP addresses.
I’m running OpenSIPS 3.1 on Debain 10.7

The Directions in the URL below are valid for OpenSIPS up to version 2.4
But with OpenSIPS 3.1 it is different as they do not use   www_challenge("",
"0");   but   www_challenge("", "auth");   Instead.
The difference is the '0' in OpenSIPS 2.4 and the  'auth' in OpenSIPS 3.1

Same like the instructions in URL link below.

It is obvious that the code in the needs to be tweaked to work with but all
my attempts to make the edits to the /etc/opensips/opensips.cfg only makes
OpenSIPs unable to load because of bad config file.

My question is... Where can I go for the source to find out what
www_challenge codes I should use for different login results to log?
Or more end result question... How should I change the directions in 2.4
document to work with a OpenSIPS 3.1 opensips.cfg file?

----------------------------------------------------------------------------
-------------------------------------------
Rick McGill – CEO
Rick at NetroVOIP.com     |     Rick at NetropolitanWorks.com 
Thailand: +66-2105-4262  x1001  |   USA: +1-737-237-2030   |    Mobile:
+66-85557-3000
Support:: +66-97047-2000  |  SKYPE & LINE ID:  NetroVOIP  |
Support at NetroVOIP.com
  ₪  www.NetroVOIP.com  Telecommunications / Video Consulting & Solutions
Provider
----------------------------------------------------------------------------
----------------------------------------------   

https://www.opensips.org/Documentation/Tutorials  

Document 28.  OpenSIPS and fail2ban (Direction for OpenSIPS ver 2.4)
This is a small tutorial so you can use fail2ban together with opensips to
block via firewall the attackers that are using wrong authentication
credentials

https://www.opensips.org/Documentation/Tutorials-Fail2Ban 

The is what is in the link above:

-------
from:
----------------------------------------------------------------------------
------

 if (!www_authorize("", "subscriber")) {
	www_challenge("", "0");
	exit;
}
----------------------------------------------------------------------------
----

----
To:
----------------------------------------------------------------------------
-----

$var(auth_code) = www_authorize("", "subscriber");
if ( $var(auth_code) == -1 || $var(auth_code) == -2 ) {
		xlog("L_NOTICE","Auth error for $fU@$fd from $si cause
$var(auth_code)");
}
if ( $var(auth_code) < 0 ) {
		www_challenge("", "0");
		exit;
}
----------------------------------------------------------------------------
----

The issue is that my new install of OpenSIP has code a bit different.
Instead of "0" it has "AUTH".
And when I change the Code like the TO: section above OpenSIPS will not
start because it says Error in Config File it cannot load opensips.

------------
This is what the default code looks like in the opensips.cfg for OpenSIPS
3.1 after a new fresh install like I have:   Notice that www_challenger is
"auth" and not "0"   I have tried to enter it as '0" as per the instructions
in URL link above but that is when it then causes OpenSIPS to not be able to
restart.
----------------------------------------------------------------------------
----
	if (is_method("REGISTER")) {
		# authenticate the REGISTER requests
		if (!www_authorize("", "subscriber")) {
			www_challenge("", "auth");
			exit;
		}
----------------------------------------------------------------------------
----