Asterisk iptables block bruteforce attacks howto with fail2ban


yum -y install fail2ban

vi /etc/fail2ban/jail.conf

[asterisk-tcp]

enabled  = true
filter   = asterisk
action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath  = /var/log/asterisk/messages
maxretry = 10

[asterisk-udp]

enabled  = true
filter   = asterisk
action   = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath  = /var/log/asterisk/messages
maxretry = 10

vi /etc/fail2ban/filter.d/asterisk.conf

# Fail2Ban configuration file
#
# Author: Xavier Devlamynck
#
# $Revision$
#


[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?PS+)
# Values:  TEXT
#
failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Wrong password$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - No matching peer found$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Username/auth name mismatch$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Device does not match ACL$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Peer is not supposed to register$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - ACL error (permit/deny)$
            NOTICE%(__pid_re)s failed to authenticate as '.*'$
            NOTICE%(__pid_re)s .*: No registration for peer '.*' (from )$
            NOTICE%(__pid_re)s .*: Host failed MD5 authentication for '.*' (.*)$
            NOTICE%(__pid_re)s .*: Failed to authenticate user .*@.*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
~                                                                                                                                                                                                                                           
~                                                                                                                                                                                                                                           
~                                                                                                                                                                                                                                           
~                                             

chkconfig fail2ban on
service fail2ban start

cat /var/log/fail2ban.log
2013-11-25 09:17:43,789 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.7
2013-11-25 09:17:43,791 fail2ban.jail   : INFO   Creating new jail 'asterisk-udp'
2013-11-25 09:17:43,828 fail2ban.jail   : INFO   Jail 'asterisk-udp' uses Gamin
2013-11-25 09:17:43,944 fail2ban.jail   : INFO   Initiated 'gamin' backend
2013-11-25 09:17:43,985 fail2ban.filter : INFO   Added logfile = /var/log/asterisk/messages
2013-11-25 09:17:43,987 fail2ban.filter : INFO   Set maxRetry = 10
2013-11-25 09:17:43,989 fail2ban.filter : INFO   Set findtime = 600
2013-11-25 09:17:43,991 fail2ban.actions: INFO   Set banTime = 600
2013-11-25 09:17:44,067 fail2ban.jail   : INFO   Creating new jail 'asterisk-tcp'
2013-11-25 09:17:44,068 fail2ban.jail   : INFO   Jail 'asterisk-tcp' uses Gamin
2013-11-25 09:17:44,070 fail2ban.jail   : INFO   Initiated 'gamin' backend
2013-11-25 09:17:44,072 fail2ban.filter : INFO   Added logfile = /var/log/asterisk/messages
2013-11-25 09:17:44,074 fail2ban.filter : INFO   Set maxRetry = 10
2013-11-25 09:17:44,077 fail2ban.filter : INFO   Set findtime = 600
2013-11-25 09:17:44,078 fail2ban.actions: INFO   Set banTime = 600
2013-11-25 09:17:44,129 fail2ban.jail   : INFO   Jail 'asterisk-udp' started
2013-11-25 09:17:44,136 fail2ban.jail   : INFO   Jail 'asterisk-tcp' started
                                                                                                                                                                                             
~                                             


Tags:

asterisk, iptables, bruteforce, attacks, howto, ban, yum, install, vi, etc, conf, tcp, enabled, filter, multiport, quot, protocol, sendmail, whois, dest, sender, logpath, var, maxretry, udp, configuration, author, xavier, devlamynck, revision, includes, prefixes, customizations, definition, failregex, regex, password, failures, logfile, matched, ip, hostname, matching, alias, ps, text, __pid_re, registration, peer, username, auth, mismatch, acl, register, permit, authenticate, md, authentication, user, ignoreregex, ignored, chkconfig, server, info, logging, creating, gamin, initiated, backend, findtime, bantime,

Latest Articles

  • CentOS 6 impossible to compile a newer libguestfs
  • chroot
  • How To Get Started on Ubuntu with gpt-2 OpenAI Text Prediction
  • Remove cloud-init in your VM
  • QEMU-KVM KVM Command Line Practical Guide
  • Linux How To Change NIC Name to eth0 instead of enps33 or enp0s25
  • virt-resize: error: libguestfs error: could not create appliance through libvirt.
  • Asterisk Does Not Retry When Authentication Fails
  • Linux Debian Ubuntu How To Install PEPPER Faster and Latest Adobe Flash Player in Firefox
  • How To Speed Up Linux Ubuntu and Debian Based Computers By Improving CPU Performance and Changing the CPU Governor
  • Convert data or file to base64 on a single line
  • Linux Mint Ubuntu Debian radeon slow 2D performance issues radeon_dp_aux_transfer_native: 158 callbacks suppressed
  • mdadm: super0.90 cannot open /dev/sdb1: Device or resource busy mdadm: /dev/sdb1 is not suitable for this array.
  • How To Install NextCloud on Centos 7 and Centos 8
  • AH01630: client denied by server configuration:
  • ERROR: Could not find a version that satisfies the requirement PIL (from versions: none) ERROR: No matching distribution found for PIL
  • ZTE Camera Cannot Work unable to connect to camera. Camera has been disabled becaue of security policies or is being used by other apps
  • QEMU KVM how to boot off a physical CD/DVD/BDROM Drive
  • How To Install OpenProject on Centos 7 Step-by-Step Guide
  • Ubuntu Debian Linux Cannot Install Wine Solution - wine1.6 : Depends: wine1.6-i386 (= 1:1.6.2-0ubuntu14.2) but it is not installable wine1.4 : Depends: wine1.6 but it is not going to be installed