Asterisk Fail2ban configuration

Asterisk PBXIn this article I’ll describe how to protect Asterisk from hacking attempts with Fail2ban in CentOS Linux. Fail2Ban is a standard Linux tool used to scan log files and then block IP’s found in those log files using iptables. Fail2ban depends completely on the application (in this case Asterisk) to detect any intrusion/failure and log the user data, upon which fail2ban can then act. Fail2ban does not provide any type of intrusion detection, hack detection, etc., it depends completely on Asterisk to do that.

Fail2ban Installation

As simple as:

Fail2ban Configuration

In /etc/fail2ban/jail.local make sure you have the section configured like this:

Check that /etc/fail2ban/filter.d/asterisk.conf has the following content:

Asterisk logger.conf configuration

Make sure to set

and

in /etc/asterisk/logger.conf

Reload Asterisk logger with:

And start fail2ban:

Execute

and you should see two new chains probably already filled with some banned IPs:

You are all set!

 

 

 

 

 

 

 

 

 

Be sociable 🙂 Share!

Comments/Коментарі/Комментарии