Fail2Ban

Fail2Ban is a standard Linux tool used to scan log files and then block IP's found in those log files using iptables. Fail2ban depends completely on the application (in this case Asterisk) to detect any intrusion/failure and log the user data, upon which fail2ban can then act. Fail2ban does not provide any type of intrusion detection, hack detection, etc., it depends completely on Asterisk to do that. As noted by Digium http://forums.asterisk.org/viewtopic.php?p=159984 fail2ban is not an intrusion detection / anti-hacking tool

Note that as of Asterisk 13 Digium is moving towards security events through the AMI, and moving away from log files. For now fail2ban is still compatible with Asterisk but consider fail2ban a short-term solution only. See this wiki page for alternatives: Asterisk security

You can get Fail2Ban, as well as more documentation, at www.fail2ban.org. At the time this is being written, the current release is 0.8.4.

Fail2Ban With Asterisk

The following describes how to setup Fail2Ban to work with Asterisk:

SECURITY NOTE: fail2ban is rather limited in its ability to detect attacks against asterisk.
More info http://forums.asterisk.org/viewtopic.php?p=159984
Consider a more comprehensive product like the free edition of SecAst www.telium.ca

Easy Install Script for Fail2ban version 0.8.4 / Red Hat

This script was written by Cédric Brohée in order to simplify and accelerate the integration of the solution in a basic Asterisk configuration on Red Hat.
Do not hesitate to read the bash script and make changes to match your own configuration.

Before running it, you will have to do chmod 755. ...