From 7d465f98c109801d6162ecb01d301aee7fbe2d8c Mon Sep 17 00:00:00 2001
From: Xavier Devlamynck <xd@eyepea.eu>
Date: Wed, 11 Jan 2012 16:35:40 +0100
Subject: [PATCH] Add asterisk support

---
 config/filter.d/asterisk.conf | 32 ++++++++++++++++++++++++++++++++
 config/jail.conf              |  8 ++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 config/filter.d/asterisk.conf

diff --git a/config/filter.d/asterisk.conf b/config/filter.d/asterisk.conf
new file mode 100644
index 00000000..6d493f13
--- /dev/null
+++ b/config/filter.d/asterisk.conf
@@ -0,0 +1,32 @@
+# Fail2Ban configuration file
+#
+# Author: Xavier Devlamynck
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password
+            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found
+            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch
+            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL
+            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Peer is not supposed to register
+            NOTICE.* .*: Registration from '.*' failed for '<HOST>' - ACL error (permit/deny)
+            NOTICE.* <HOST> failed to authenticate as '.*'$
+            NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)
+            NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
+            NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
diff --git a/config/jail.conf b/config/jail.conf
index cdef1cb3..6ebb223b 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -254,3 +254,11 @@ action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
 logpath  = /var/log/named/security.log
 ignoreip = 168.192.0.1
 
+[asterisk]
+enabled  = true
+filter   = asterisk
+action   = iptables-multiport[name=Asterisk, port="5060", protocol="tcp,udp"]
+           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
+logpath  = /var/log/asterisk/messages
+maxretry = 5
+bantime = 259200