#64 Asterisk support

[X D]

Could you add support for asterisk in fail2ban ?
If you need more informations, I can provide them.

[Cidi Rome]

Hi.

There is a filter for Asterisk:

/etc/fail2ban/filter.d/asterisk.conf

[INCLUDES]
before = common.conf
[Definition]
failregex = NOTICE%(pid_re)s .: Registration from '.' failed for '<HOST>.*' - Wrong password$
NOTICE%(pid_re)s .: Registration from '.' failed for '<HOST>.' - No matching peer found$
NOTICE%(pid_re)s .: Registration from '.' failed for '<HOST>.*' - Username/auth name mismatch$
NOTICE%(pid_re)s .: Registration from '.' failed for '<HOST>.' - Device does not match ACL$
NOTICE%(pid_re)s .: Registration from '.' failed for '<HOST>.*' - Peer is not supposed to register$
NOTICE%(pid_re)s .: Registration from '.' failed for '<HOST>.' - ACL error (permit/deny)$
NOTICE%(pid_re)s <HOST>. failed to authenticate as '.'$
NOTICE%(pid_re)s .: No registration for peer '.' (from <HOST>.)$
NOTICE%(pid_re)s .: Host <HOST>. failed MD5 authentication for '.' (.)$
NOTICE%(pid_re)s .: Failed to authenticate user .@<HOST>.*$
ignoreregex =

and in jail.conf

[asterisk-tcp]
enabled = true
filter = asterisk
action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
sendmail-whois[name=Asterisk, dest=myemail@mydomain.com, sender=myemailsender@mydomain.com]
logpath = /var/log/asterisk/full
maxretry = 3
bantime = 172800

[asterisk-udp]
enabled = true
filter = asterisk
action = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
logpath = /var/log/asterisk/full
maxretry = 3
bantime = 172800

You may have to adapt the configurations to you system