Home > Asterisk, Debian, Ubuntu > fail2ban for Asterisk 11 Ubuntu, Debian 7 wheezy

fail2ban for Asterisk 11 Ubuntu, Debian 7 wheezy

0. Установить fail2ban

# aptitude install fail2ban

1. Добавьте к /etc/asterisk/logger.conf

[general]
dateformat=%F %T

[logfiles]
security => security


1.1 Перегрузить настроки логирования Asterisk 11

#asterisk -rx “logger reload”

2. Добавьте в конец /etc/fail2ban/jail.conf

[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban@myoguz.info]
logpath = /var/log/asterisk/security
maxretry = 5
findtime = 21600
bantime = 86400

3. Создайте файл /etc/fail2ban/filter.d/asterisk.conf с содержимым:

# Fail2Ban configuration file
#
#
# $Revision: 250 $
#

[INCLUDES]

# Read common prefixes. If any customizations available — read them from
# common.local
#before = common.conf

[Definition]

#_daemon = asterisk

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named “host”. The tag “” can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#

failregex = SECURITY.* SecurityEvent=”FailedACL”.*RemoteAddress=”.+?/.+?//.+?”.*
SECURITY.* SecurityEvent=”InvalidAccountID”.*RemoteAddress=”.+?/.+?//.+?”.*
SECURITY.* SecurityEvent=”ChallengeResponseFailed”.*RemoteAddress=”.+?/.+?//.+?”.*
SECURITY.* SecurityEvent=”InvalidPassword”.*RemoteAddress=”.+?/.+?//.+?”.*

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

4. Перезапустить fail2ban

#service fail2ban restart

  1. No comments yet.
  1. No trackbacks yet.