easyAsterisk.org

Informations

What's easyAsterisk? Licensing Components Pbx features Supported hardware Architectures Online demo Resellers

Tips

Call Recording

Portech GSM

Fail2Ban integration

Login

Lost Password?

Register now!

easyAsterisk 2.6.1.1 and Fail2Ban integration

easyAsterisk 2.6.1.1 update has been released. The main new feature of this release is the support for Fail2ban ( http://www.fail2ban.org/ ). The main purpose of fail2ban is to prevent brute force attacks against our pbx. For example if a malicious user is able to authenticate as SIP user he could easily make phone calls using our pbx. In this case after a defined number of failed authentication attempts Fail2ban block the IP address of the potential attacker configuring a rule in iptables.

Let's see how to integrate Fail2ban with easyAsterisk.

First of all you need to install easyAsterisk 2.6.1.1 update. Login in console as root user from your 2.6.1 box and run:

# yum update

Now you need to configure properly asterisk logs. Using the easyAsterisk administration interface go to the "System => Log Management => Settings" menu and in the "General" section add the following parameter:

dateformat=%F %T

Remember also to verify that "Notice" is enabled on "full" log file (this should be the default). Save changes.

Login in console as root user and run the following script to install Fail2ban:

# fail2ban_install

A wizard provides automatic installation and configuration of the software. At the end you can customize the default settings editing the section [asterus-iptables] in the file "/etc/fail2ban/jail.conf":

### Asterisk Jail ###
[asterisk-iptables]
enabled = true
filter   = asterisk
action   = iptables-allports[name=ASTERISK, protocol=all]
           sendmail-whois[name=ASTERISK, dest=user@domain.tld, sender=pbx@localhost]
logpath = /var/log/asterisk/full
maxretry = 5
bantime = 3600

It is recommended to customize the parameters "dest" and "sender" for email notifications and "maxretry" and "bantime" respectively for the number of authentications attempts and the duration of the ban in seconds.

Now in the homepage of the easyAsterisk administration portal in the "Services" box the Fail2ban service status is shown. If you click on the service name a table is opened with the status of the iptables chain.