Hosted Vicidial server starts from $39 Contact Us Buy Now!
Home
Asterisk
Linux

how to install fail2ban in asterisk

Estimated read time: 2 min

 Installing Fail2ban in centos



yum install fail2ban
If your CentOS doesn't find the package, please execute the following command and then try

or
wget https://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2?use_mirror=transact

tar -xf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
cp files/redhat-initd /etc/init.d/fail2ban
chkconfig --add fail2ban
chkconfig fail2ban on

Once installing the Fail2ban  create asteirsk.conf file under the fail2ban directory

vi /etc/fail2ban/filter.d/asterisk.conf

and copy and paste the below

# ===================
# /etc/fail2ban/filter.d/asterisk.conf
# Fail2Ban configuration file
#
#
# $Revision: 250 $
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
#The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias
#for
# (?:::f{4,6}:)?(?PS+)
# Values: TEXT
#

failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
            Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
            Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
            Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
            Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register
            NOTICE.* <HOST> failed to authenticate as '.*'$
            NOTICE.* .*: No registration for peer '.*' (from <HOST>)
            NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
            VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')


# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
# ===================
Add the [asterisk-iptables] section to your /etc/fail2ban/jail.conf file :
# /etc/fail2ban/jail.conf
#====================

Save and exit the file
vi /etc/fail2ban/jail.conf
go to the last line of theis file and paste the below lines there

[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK,
dest=youremailaddress@somewhere.com, sender=fail2ban@somewhere.com]
logpath = /var/log/asterisk/full
maxretry = 5
bantime = 600
#====================

Also in /etc/fail2ban/jail.conf file you want to add your own IP address range ( ours is192.168.1.0 ) :
ignoreip = 127.0.0.1 192.168.1.0/24

make the fail2ban to start at startup
chkconfig fail2ban on
start the fail2ban now
/etc/init.d/fail2ban start
now check whether the fail2ban is installed properly to detect the attacks
 iptables -L –v
      You should see "fail2ban-ASTERISK" in your iptables output.


now try to register a extension from outside with wrong password or worng extension and run the iptables command to see the blocked ip addresses
#Asterisk #Linux #security

1 comment

  1. second ago
    sir it's not work for me i'm using Vicidial scratch on centos 7 that's help ,e lot but sir this is not working.
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details