Asterisk iptables block bruteforce attacks howto with fail2ban


yum -y install fail2ban

vi /etc/fail2ban/jail.conf

[asterisk-tcp]

enabled  = true
filter   = asterisk
action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath  = /var/log/asterisk/messages
maxretry = 10

[asterisk-udp]

enabled  = true
filter   = asterisk
action   = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath  = /var/log/asterisk/messages
maxretry = 10

vi /etc/fail2ban/filter.d/asterisk.conf

# Fail2Ban configuration file
#
# Author: Xavier Devlamynck
#
# $Revision$
#


[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?PS+)
# Values:  TEXT
#
failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Wrong password$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - No matching peer found$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Username/auth name mismatch$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Device does not match ACL$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Peer is not supposed to register$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - ACL error (permit/deny)$
            NOTICE%(__pid_re)s failed to authenticate as '.*'$
            NOTICE%(__pid_re)s .*: No registration for peer '.*' (from )$
            NOTICE%(__pid_re)s .*: Host failed MD5 authentication for '.*' (.*)$
            NOTICE%(__pid_re)s .*: Failed to authenticate user .*@.*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
~                                                                                                                                                                                                                                           
~                                                                                                                                                                                                                                           
~                                                                                                                                                                                                                                           
~                                             

chkconfig fail2ban on
service fail2ban start

cat /var/log/fail2ban.log
2013-11-25 09:17:43,789 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.7
2013-11-25 09:17:43,791 fail2ban.jail   : INFO   Creating new jail 'asterisk-udp'
2013-11-25 09:17:43,828 fail2ban.jail   : INFO   Jail 'asterisk-udp' uses Gamin
2013-11-25 09:17:43,944 fail2ban.jail   : INFO   Initiated 'gamin' backend
2013-11-25 09:17:43,985 fail2ban.filter : INFO   Added logfile = /var/log/asterisk/messages
2013-11-25 09:17:43,987 fail2ban.filter : INFO   Set maxRetry = 10
2013-11-25 09:17:43,989 fail2ban.filter : INFO   Set findtime = 600
2013-11-25 09:17:43,991 fail2ban.actions: INFO   Set banTime = 600
2013-11-25 09:17:44,067 fail2ban.jail   : INFO   Creating new jail 'asterisk-tcp'
2013-11-25 09:17:44,068 fail2ban.jail   : INFO   Jail 'asterisk-tcp' uses Gamin
2013-11-25 09:17:44,070 fail2ban.jail   : INFO   Initiated 'gamin' backend
2013-11-25 09:17:44,072 fail2ban.filter : INFO   Added logfile = /var/log/asterisk/messages
2013-11-25 09:17:44,074 fail2ban.filter : INFO   Set maxRetry = 10
2013-11-25 09:17:44,077 fail2ban.filter : INFO   Set findtime = 600
2013-11-25 09:17:44,078 fail2ban.actions: INFO   Set banTime = 600
2013-11-25 09:17:44,129 fail2ban.jail   : INFO   Jail 'asterisk-udp' started
2013-11-25 09:17:44,136 fail2ban.jail   : INFO   Jail 'asterisk-tcp' started
                                                                                                                                                                                             
~                                             


Tags:

asterisk, iptables, bruteforce, attacks, howto, ban, yum, install, vi, etc, conf, tcp, enabled, filter, multiport, quot, protocol, sendmail, whois, dest, sender, logpath, var, maxretry, udp, configuration, author, xavier, devlamynck, revision, includes, prefixes, customizations, definition, failregex, regex, password, failures, logfile, matched, ip, hostname, matching, alias, ps, text, __pid_re, registration, peer, username, auth, mismatch, acl, register, permit, authenticate, md, authentication, user, ignoreregex, ignored, chkconfig, server, info, logging, creating, gamin, initiated, backend, findtime, bantime,

Latest Articles

  • CentOS 7 / 8 cannot boot with with mdadm RAID array solution
  • How To Add Default Gateway in Linux using the ip route command routing
  • Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: No URLs in mirrorlist Solution for Centos8 yum package install error
  • md mdadm array inactive how to start and activate the RAID array
  • Loaded: masked (Reason: Unit hostapd.service is masked.) Solution in Linux Debian Mint Ubuntu
  • Linux Mint Ubuntu Ubiquity Installer Bug EFI Installed To Wrong Partition Solution
  • Libreoffice Impress How To Change The Color of Links
  • ecryptfs How To Backup / Migrate Linux Mint Ubuntu Debian system ecryptfs properly and restore access
  • i915 nouveau Nvidia GPU not starting lightdm Xorg failing solution for Could not determine valid watermarks for inherited state
  • br0: received packet on bond0 with own address as source address Linux Solution Mint Debian Redhat CentOS bridge bridging
  • Debian Mint Ubuntu Howto Disable Network Manager
  • AMD GPU Xorg Won't Start [3576284.324] (EE) Segmentation fault at address 0x0 [3576284.325] (EE) Fatal server error: [3576284.325] (EE) Caught signal 11 (Segmentation fault). Server aborting
  • symbol 'grub_calloc' not found grub boot error solution / fix
  • /var/log/journal huge/too large solution in Debian Mint Ubuntu Linux Howot Fix
  • Libreoffice Calc Opens CSV Spreadsheet File as Asian Language/Chinese Characters Solution Fix
  • RTL8821AU Setup Configure Wifi Realtek 8821 in Linux Debian Mint Ubuntu Howto
  • How To Tell Which Repository a Package Comes From Debian Mint Ubuntu
  • How To Reload All Kernel Modules And List Required Moduels for Each Device - Linux Mint Debian Ubuntu Troubleshooting
  • Debian Ubuntu Mint How To Change Default Display Manager
  • Ubuntu Mint Debian Howto Execute Command / Script / Program Upon Wakeup From Sleep