On the test I will use Asterisk 13.1.0 and Fail2Ban 0.9.3-1 installed in Ubuntu Server 16.04.1 LTS.
Install Fail2Ban as I wrote in this article – Installing and Configuring Fail2ban
Open the configuration file Asterisk responsible for logging events in /var/log/asterisk/messages:
sudo nano /etc/asterisk/logger.conf
Add security to messages:
messages => notice,warning,error,security
Restart the asterisk logging system:
sudo asterisk -rvv logger reload quit
Add the Asterisk configuration file to the directory with the Fail2Ban configuration, thus activating the monitoring of its logs:
sudo nano /etc/fail2ban/jail.d/asterisk.conf
where 86400 in seconds = 24 hours, that is, the attacker will be blocked for a day.
[asterisk] enabled = true bantime = 86400
Or, change the file /etc/fail2ban/jail.conf where [asterisk-tcp] and [asterisk-udp] are false to true.
Restart fail2ban for the new configuration file to load:
sudo fail2ban-client reload
Let’s check the work:
sudo fail2ban-client status asterisk
Done, now Fail2Ban will block IP addresses from which the passwords to Asterisk accounts are not correctly entered.