Setup Fail2ban for Asterisk Verion 11.16 on Debian

INSTALL PACKAGES

Install iptables
# apt-get install iptables

Install fail2ban
# apt-get install fail2ban


SETUP


1 - Add Asterisk into fail2ban filter directory to be monitored
Create this file: /etc/fail2ban/filter.d/asterisk.conf
with the following content:

# Fail2Ban configuration file
#
#
# $Revision: 250 $
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf


[Definition]

#_daemon = asterisk

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

# Asterisk 1.4 use the following failregex

failregex = NOTICE.* .*: Registration from '\".*\".*' failed for '<HOST>:.*' - Wrong password
# you can add more regrex here depend on log lines in /var/log/asterisk/full

2 - Now, edit the fail2ban configuration, FreePBX configuration is in /etc/fail2ban/jail.conf, so we will add these configuration info at the end of the file as here:

[asterisk-iptables]
enabled  = true
filter   = asterisk
action   = iptables-allports[name=ASTERISK, protocol=all]
           sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban@example.org]
logpath  = /var/log/asterisk/full
maxretry = 4
bantime = 259200


3 - Turn it on for good

If all is well up to this point, let's make sure that fail2ban and iptables restart with the server by issuing the following commands.

Debian/Ubuntu:

update-rc.d iptables defaults
update-rc.d fail2ban defaults

You should now be somewhat protected against SIP scans and brute force attacks!