Configuring Fail2Ban for Asterisk

On the test I will use Asterisk 13.1.0 and Fail2Ban 0.9.3-1 installed in Ubuntu Server 16.04.1 LTS.

Install Fail2Ban as I wrote in this article – Installing and Configuring Fail2ban

Open the configuration file Asterisk responsible for logging events in /var/log/asterisk/messages:

sudo nano /etc/asterisk/logger.conf

Add security to messages:

messages => notice,warning,error,security

Restart the asterisk logging system:

sudo asterisk -rvv
logger reload
quit

Add the Asterisk configuration file to the directory with the Fail2Ban configuration, thus activating the monitoring of its logs:

sudo nano /etc/fail2ban/jail.d/asterisk.conf

where 86400 in seconds = 24 hours, that is, the attacker will be blocked for a day.

[asterisk]
enabled = true
bantime = 86400

Or, change the file /etc/fail2ban/jail.conf where [asterisk-tcp] and [asterisk-udp] are false to true.

Restart fail2ban for the new configuration file to load:

sudo fail2ban-client reload

Let’s check the work:

sudo fail2ban-client status asterisk

Done, now Fail2Ban will block IP addresses from which the passwords to Asterisk accounts are not correctly entered.

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply