Add asterisk support

config/filter.d/asterisk.conf

@@ -0,0 +1,32 @@
+# Fail2Ban configuration file
+#
+# Author: Xavier Devlamynck
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password
+            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found
+            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch
+            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL
+            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Peer is not supposed to register
+            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - ACL error (permit/deny)
+            NOTICE.* <HOST> failed to authenticate as '.*'$
+            NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)
+            NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
+            NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

config/jail.conf

@@ -254,3 +254,11 @@ action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
 logpath  = /var/log/named/security.log
 ignoreip = 168.192.0.1
 
+[asterisk]
+enabled  = true
+filter   = asterisk
+action   = iptables-multiport[name=Asterisk, port="5060", protocol="tcp,udp"]
+           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
+logpath  = /var/log/asterisk/messages
+maxretry = 5
+bantime = 259200