Tag Archives: Fail2Ban

Configuring Fail2Ban for Asterisk

On the test I will use Asterisk 13.1.0 and Fail2Ban 0.9.3-1 installed in Ubuntu Server 16.04.1 LTS.

Install Fail2Ban as I wrote in this article – Installing and Configuring Fail2ban

Open the configuration file Asterisk responsible for logging events in /var/log/asterisk/messages:

sudo nano /etc/asterisk/logger.conf

Add security to messages:

messages => notice,warning,error,security

Restart the asterisk logging system:

sudo asterisk -rvv
logger reload
quit

Add the Asterisk configuration file to the directory with the Fail2Ban configuration, thus activating the monitoring of its logs:

sudo nano /etc/fail2ban/jail.d/asterisk.conf

where 86400 in seconds = 24 hours, that is, the attacker will be blocked for a day.

[asterisk]
enabled = true
bantime = 86400

Or, change the file /etc/fail2ban/jail.conf where [asterisk-tcp] and [asterisk-udp] are false to true.

Restart fail2ban for the new configuration file to load:

sudo fail2ban-client reload

Let’s check the work:

sudo fail2ban-client status asterisk

Done, now Fail2Ban will block IP addresses from which the passwords to Asterisk accounts are not correctly entered.

Configuring Fail2Ban for ProFTPd

Suppose Fail2Ban is already installed, if not, then see my article – Installing and Configuring Fail2ban.

In Fail2Ban by default, there are already filters for ProFTPd and it knows that the log file is located at /var/log/proftpd/proftpd.log, so it’s enough to create the file:

sudo nano /etc/fail2ban/jail.d/proftpd.local

And enter the data below, thereby activating the check of the log file /var/log/proftpd/proftpd.log:

[proftpd]
enabled = true
bantime = 86400

Restart Fail2Ban to apply the changes:

sudo service fail2ban restart

You can check the status:

sudo fail2ban-client status proftpd