Cidi Rome - 2014-08-02

Hi.

There is a filter for Asterisk:

/etc/fail2ban/filter.d/asterisk.conf

[INCLUDES]
before = common.conf
[Definition]
failregex = NOTICE%(__pid_re)s .: Registration from '.' failed for '<host>.' - Wrong password$
NOTICE%(__pid_re)s .
: Registration from '.' failed for '<host>.</host>' - No matching peer found$
NOTICE%(__pid_re)s .: Registration from '.' failed for '<host>.' - Username/auth name mismatch$
NOTICE%(__pid_re)s .
: Registration from '.' failed for '<host>.</host>' - Device does not match ACL$
NOTICE%(__pid_re)s .: Registration from '.' failed for '<host>.' - Peer is not supposed to register$
NOTICE%(__pid_re)s .
: Registration from '.' failed for '<host>.</host>' - ACL error (permit/deny)$
NOTICE%(__pid_re)s <host>. failed to authenticate as '.'$
NOTICE%(__pid_re)s .: No registration for peer '.' (from <host>.)$
NOTICE%(__pid_re)s .
: Host <host>. failed MD5 authentication for '.' (.)$
NOTICE%(__pid_re)s .
: Failed to authenticate user .@<host>.</host>$
ignoreregex =</host></host></host></host></host></host>

and in jail.conf

[asterisk-tcp]
enabled = true
filter = asterisk
action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
sendmail-whois[name=Asterisk, dest=myemail@mydomain.com, sender=myemailsender@mydomain.com]
logpath = /var/log/asterisk/full
maxretry = 3
bantime = 172800

[asterisk-udp]
enabled = true
filter = asterisk
action = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
logpath = /var/log/asterisk/full
maxretry = 3
bantime = 172800

You may have to adapt the configurations to you system