#64 Asterisk support

open
nobody
None
5
2014-08-02
2011-08-31
X D
No

Could you add support for asterisk in fail2ban ?
If you need more informations, I can provide them.

Discussion

  • Cidi Rome
    Cidi Rome
    2014-08-02

    Hi.

    There is a filter for Asterisk:

    /etc/fail2ban/filter.d/asterisk.conf

    [INCLUDES]
    before = common.conf
    [Definition]
    failregex = NOTICE%(pid_re)s .: Registration from '.' failed for '<HOST>.*' - Wrong password$
    NOTICE%(
    pid_re)s .: Registration from '.' failed for '<HOST>.' - No matching peer found$
    NOTICE%(pid_re)s .: Registration from '.' failed for '<HOST>.*' - Username/auth name mismatch$
    NOTICE%(
    pid_re)s .
    : Registration from '.' failed for '<HOST>.' - Device does not match ACL$
    NOTICE%(pid_re)s .: Registration from '.' failed for '<HOST>.*' - Peer is not supposed to register$
    NOTICE%(
    pid_re)s .: Registration from '.' failed for '<HOST>.' - ACL error (permit/deny)$
    NOTICE%(pid_re)s <HOST>. failed to authenticate as '.'$
    NOTICE%(
    pid_re)s .
    : No registration for peer '.' (from <HOST>.)$
    NOTICE%(pid_re)s .: Host <HOST>. failed MD5 authentication for '.' (.)$
    NOTICE%(
    pid_re)s .: Failed to authenticate user .@<HOST>.*$
    ignoreregex =

    and in jail.conf

    [asterisk-tcp]
    enabled = true
    filter = asterisk
    action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
    sendmail-whois[name=Asterisk, dest=myemail@mydomain.com, sender=myemailsender@mydomain.com]
    logpath = /var/log/asterisk/full
    maxretry = 3
    bantime = 172800

    [asterisk-udp]
    enabled = true
    filter = asterisk
    action = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
    logpath = /var/log/asterisk/full
    maxretry = 3
    bantime = 172800

    You may have to adapt the configurations to you system