Fail2Ban
Fail2Ban is a limited intrusion detection/prevention system. It works by scanning log files and then taking action based on the entries in those logs.
We are implementing Fail2Ban with a configuration to be able to prevent SIP brute force attacks against our Asterisk PBXs.
Page Contents
You can get Fail2Ban, as well as more documentation, at www.fail2ban.org. At the time this is being written, the current release is 0.8.4.
Fail2Ban With Asterisk
The following describes how to setup Fail2Ban to protect an Asterisk PBX from SIP brute force attempts and scans utilizing the iptables firewall.
SECURITY NOTE: fail2ban is rather limited in its ability to detect attacks against asterisk.
More info http://forums.asterisk.org/viewtopic.php?p=159984
Easy Install Script for Fail2ban version 0.8.4 / Red Hat
This script was written by Cédric Brohée in order to simplify and accelerate the integration of the solution in a basic Asterisk configuration on Red Hat.
Do not hesitate to read the bash script and make changes to match your own configuration.
Before running it, you will have to do chmod 755.
Download script with new dedicated sources :
Installing
Log into the system and su - root, or sudo -i to get a root shell on Ubuntu.
CentOS/Red Hat (this method may install an older version of fail2ban):
Install rpmforge or optionally fetch the fail2ban rpm directly from rpmforge.
Install fail2ban using yum:
yum install fail2ban
Debian/Ubuntu:
apt-get install fail2ban
Source installation:
Change directories to /usr/src:
cd /usr/src
Download and extract Fail2Ban (check for newer releases):
wget http://sourceforge. ...