Skip to content

Phils Blog and Stuff

TELECOMS. VIRTUALIZATION. IT. CODING. and more…

Menu
  • Home
  • Resources
    • Subnet Mask Cheat Sheet
    • Easy Dmarc+Email
    • MX Tool Box
  • Contact Me
Menu

Simple way to protect asterisk from being hacked… FAIL2BAN…..

Posted on 12/11/201108/03/2023 by Phil

Introduction

This guide will detail how to install fail2ban on a centos 32bit system with asterisk installed.

It is intended to allow you to add an extra level of protection from your asterisk PBX from being hacked.

Fail2ban will guard against most services such as SSH and SMTP however this guide will concentrate on protecting asterisk

The Installation and configuration

1) Install fail2ban “yum install -y fail2ban”
2) create a “asterisk.conf” file in “/etc/fail2ban/filter.d/” that contacts the below

# Fail2Ban configuration file
#
#
# $Revision: 250 $
#

[INCLUDES]

# Read common prefixes. If any customizations available — read them from
# common.local
#before = common.conf

[Definition]

#_daemon = asterisk

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named “host”. The tag “<HOST>” can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

failregex = NOTICE.* .*: Registration from ‘.*’ failed for ‘<HOST>’ – Wrong password
NOTICE.* .*: Registration from ‘.*’ failed for ‘<HOST>’ – No matching peer found
NOTICE.* .*: Registration from ‘.*’ failed for ‘<HOST>’ – Username/auth name mismatch
NOTICE.* .*: Registration from ‘.*’ failed for ‘<HOST>’ – Device does not match ACL
NOTICE.* .*: Registration from ‘.*’ failed for ‘<HOST>’ – Peer is not supposed to register
NOTICE.* <HOST> failed to authenticate as ‘.*’$
NOTICE.* .*: No registration for peer ‘.*’ \(from <HOST>\)
NOTICE.* .*: Host <HOST> failed MD5 authentication for ‘.*’ (.*)
NOTICE.* .*: Failed to authenticate user .*@<HOST>.*

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

3) edit the /etc/fail2ban/fail.conf file and at the bottum of the file add

[asterisk-iptables]

enabled  = true
filter   = asterisk
action   = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban@example.org]
logpath  = /var/log/asterisk/full
maxretry = 5
bantime = 259200

4) next edit “/etc/asterisk/logger.conf” and add the below to the edit of the file

[general]
dateformat=%F %T

5) restart fail2ban & asterisk

asterisk -rx “logger reload”
service fail2ban start

Set fail2ban to start up on machine start up

chkconfig fail2ban on

Please note that you can set

maxretry = 5
bantime = 259200

to any number you like the above will ban an IP address that has failed to log in more than 5 times for 3 days.

Enjoy.

Little ol’Me

Greetings, I'm Phil, an Infrastructure Engineer with a wealth of 21 years of experience in the industry.

My expertise spans the domains of datacenter management, virtualization, VoIP implementation, and network design and configuration.

I have a penchant for Open Source software, particularly M0n0wall, pfSense, OPNsense, and VyOS.

Please don't hesitate to reach out to me for any inquiries or collaborations. Thanks! :-)

Donations - £5.00 GBP

POSTS

  • Home Assistant. Add water meter with PHP+MQTT+YML.
  • Automating your home with Home Assistant. Initial install and config (Hyper-V).
  • The importance of setting up email security correctly.
  • Automate Debian installations with Seed, DHCP and Nginx.
  • A simple link shortener.. Fun little project…

WORD CLOUD

3CX 3CX Phone System Apache Asterisk Cacti CentOS CRM DHCP DNS Email Fail over Failover File System Firewall FreeBSD FreeNAS FXO IAX install IP IP PBX Linux M0n0wall Nottingham Open Source PBX PFSense PHP Router Server SIP snom SSH TrixBox ubuntu VLAN Voice VoIP VPN vyatta WAN Website WiFi yealink ZFS

© 2023 Phils Blog and Stuff | Powered by Superbs Personal Blog theme