Asterisk iptables block bruteforce attacks howto with fail2ban


yum -y install fail2ban

vi /etc/fail2ban/jail.conf

[asterisk-tcp]

enabled  = true
filter   = asterisk
action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath  = /var/log/asterisk/messages
maxretry = 10

[asterisk-udp]

enabled  = true
filter   = asterisk
action   = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath  = /var/log/asterisk/messages
maxretry = 10

vi /etc/fail2ban/filter.d/asterisk.conf

# Fail2Ban configuration file
#
# Author: Xavier Devlamynck
#
# $Revision$
#


[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?PS+)
# Values:  TEXT
#
failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Wrong password$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - No matching peer found$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Username/auth name mismatch$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Device does not match ACL$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - Peer is not supposed to register$
            NOTICE%(__pid_re)s .*: Registration from '.*' failed for '' - ACL error (permit/deny)$
            NOTICE%(__pid_re)s failed to authenticate as '.*'$
            NOTICE%(__pid_re)s .*: No registration for peer '.*' (from )$
            NOTICE%(__pid_re)s .*: Host failed MD5 authentication for '.*' (.*)$
            NOTICE%(__pid_re)s .*: Failed to authenticate user .*@.*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
~                                                                                                                                                                                                                                           
~                                                                                                                                                                                                                                           
~                                                                                                                                                                                                                                           
~                                             

chkconfig fail2ban on
service fail2ban start

cat /var/log/fail2ban.log
2013-11-25 09:17:43,789 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.7
2013-11-25 09:17:43,791 fail2ban.jail   : INFO   Creating new jail 'asterisk-udp'
2013-11-25 09:17:43,828 fail2ban.jail   : INFO   Jail 'asterisk-udp' uses Gamin
2013-11-25 09:17:43,944 fail2ban.jail   : INFO   Initiated 'gamin' backend
2013-11-25 09:17:43,985 fail2ban.filter : INFO   Added logfile = /var/log/asterisk/messages
2013-11-25 09:17:43,987 fail2ban.filter : INFO   Set maxRetry = 10
2013-11-25 09:17:43,989 fail2ban.filter : INFO   Set findtime = 600
2013-11-25 09:17:43,991 fail2ban.actions: INFO   Set banTime = 600
2013-11-25 09:17:44,067 fail2ban.jail   : INFO   Creating new jail 'asterisk-tcp'
2013-11-25 09:17:44,068 fail2ban.jail   : INFO   Jail 'asterisk-tcp' uses Gamin
2013-11-25 09:17:44,070 fail2ban.jail   : INFO   Initiated 'gamin' backend
2013-11-25 09:17:44,072 fail2ban.filter : INFO   Added logfile = /var/log/asterisk/messages
2013-11-25 09:17:44,074 fail2ban.filter : INFO   Set maxRetry = 10
2013-11-25 09:17:44,077 fail2ban.filter : INFO   Set findtime = 600
2013-11-25 09:17:44,078 fail2ban.actions: INFO   Set banTime = 600
2013-11-25 09:17:44,129 fail2ban.jail   : INFO   Jail 'asterisk-udp' started
2013-11-25 09:17:44,136 fail2ban.jail   : INFO   Jail 'asterisk-tcp' started
                                                                                                                                                                                             
~                                             


Tags:

asterisk, iptables, bruteforce, attacks, howto, ban, yum, install, vi, etc, conf, tcp, enabled, filter, multiport, quot, protocol, sendmail, whois, dest, sender, logpath, var, maxretry, udp, configuration, author, xavier, devlamynck, revision, includes, prefixes, customizations, definition, failregex, regex, password, failures, logfile, matched, ip, hostname, matching, alias, ps, text, __pid_re, registration, peer, username, auth, mismatch, acl, register, permit, authenticate, md, authentication, user, ignoreregex, ignored, chkconfig, server, info, logging, creating, gamin, initiated, backend, findtime, bantime,

Latest Articles

  • Unable to mount location Failed to retrieve share list from server: Connection timed out - Samba/Linux Filesharing Not working Ubuntu Mint Linux Solution
  • How To Resize, Reduce a Video to a Specific Size and Quality Ubuntu Linux using ffmpeg
  • vi how to delete all lines in the file
  • Linux Mint / Ubuntu 20 Intel I219 NIC disconnects
  • Linux can't boot/grub boot loader screen with no options solution
  • EFI PXE grub2 Howto guide for Linux EFI PXE Booting on Debian, Mint, Ubuntu, RHEL
  • Aruba/HP/Dell IAP Wireless Controller Common Default Passwords
  • Debian, Mint Ubuntu how to remove package and associated config files
  • Linux Grub not booting the intended kernel solution in Debian, Mint, Ubuntu how to specify which kernel to boot by default
  • QEMU KVM Keyboard Problems Not Working Right Repeating Characters, Ctrl+C Copy and Paste not working right when using PS2 mouse in guests Solution
  • Linux how to compile binary with static sharedobjects embedded instead of dynamic to use on multi-distributions and avoid glibc compatiblity issues
  • /bin/sh: msgfmt: not found error solution on Linux Compilation Ubuntu Debian Mint Centos
  • Mikrotik RouterOS CHR/ISO Basic and Quick Setup Howto Guide
  • qemu 4 compilation options
  • CentOS 7 8 PXEBoot Netinstall Not Working Solution "Pane is dead "new value non-exisetnt xfs filesystem is not valid as a default fs type"
  • CentOS 6 EOL yum repo won't work Error: Cannot find a valid baseurl for repo: base Solution
  • CentOS 7 8 How To Disable SELinux
  • Wordpress How To Add Featured Image To Post in Hueman Theme
  • kdenlive full reset how to erase all config files
  • CentOS 7 8 yum error Trying other mirror. To address this issue please refer to the below wiki article