System information

ManualsBrandsATech Machine ManualsComputer equipmentLIBRA-02 M

601

602

603

604

605

606

607

608

609

610

NOTICE.* .*: Registration from '.*' failed for '<HOST>'

# - No matching peer found

NOTICE.* .*: Registration from '.*' failed for '<HOST>'

# - Username/auth name mismatch

NOTICE.* .*: Registration from '.*' failed for '<HOST>'

# - Device does not match ACL

NOTICE.* <HOST> failed to authenticate as '.*'$

NOTICE.* .*: No registration for peer '.*' $from <HOST>$

NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)

NOTICE.* .*: Failed to authenticate user .*@<HOST>.*

# Option: ignoreregex

# Notes.: regex to ignore. If this regex matches, the line is ignored.

# Values: TEXT

ignoreregex =

Next, you must enable the new Asterisk filter that you just created. To do so, append

the following contents to /etc/fail2ban/jail.conf. You will need to modify the dest and

sender options to specify the appropriate email addresses for the To and From headers:

[asterisk-iptables]

enabled = true

filter = asterisk

action = iptables-allports[name=ASTERISK, protocol=all]

sendmail-whois[name=ASTERISK, dest=me@shifteight.org,

sender=fail2ban@shifteight.org]

logpath = /var/log/asterisk/messages

maxretry = 5

bantime = 259200

Finally, there are a couple of options in the [DEFAULT] section of /etc/fail2ban/jail.conf

that should be updated. The ignoreip option specifies a list of IP addresses that should

never be blocked. It is a good idea to list your IP address(es) here so that you never

accidentally block yourself if you make a mistake while trying to set up a phone, for

example.

†

You should consider adding other IP addresses as well, such as that of your

SIP provider. The whitelisting of good IP addresses protects you against abuse of your

Fail2ban configuration. A clever attacker could cause a denial of service by crafting a

series of packets that will result in Fail2ban blocking the IP address of their choice.

The destemail option should be set, as well. This address will be used for emails not

specific to the Asterisk filter such as the email Fail2ban sends out when it first starts

up. Here’s how you configure these options:

† Leif learned this one the hard way. He thought his PBX was down, while Russell and Jim had no problems

connecting to the conference bridge. It turned out that Fail2ban had banned him from his own PBX.

570 | Chapter 26: Security