ASTERISK
Configuration for ASTERISK, a communication server (VOIP Gateway, conference server, etc).
ASTERISK configuration
ASTERISK has to be configured to log all messages to one file.
We'll use /var/log/asterisk/messages.log here.
The file /etc/asterisk/logger.conf must have this line, in the [logfiles] section:
/var/log/asterisk/messages.log => security,notice,warning,error,dtmfreaction configuration
reaction follows the logs configured in last section and matches any security alert. Adapt them according to you needs!
{
streams: {
// Ban hosts failing to connect via asterisk
asterisk: {
cmd: ['tail', '-F', '-n0', '/var/log/asterisk/messages.log'],
filters: {
failedlogin: {
regex: [
// Auth fail
@'Request .* from .* failed for .<ip>',
@'Registration from .* failed for <ip>',
@'No registration for peer .* \(from <ip>\)',
@'Rejecting unknown SIP connection from <ip>',
@'SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)".*RemoteAddress=.*/<ip>/',
],
retry: 3,
retryperiod: '6h',
actions: banFor('48h'),
},
},
},
},
}