Centos 7 and Asterisk using fail2ban
I punched holes in my firewall for SIP and RTP so I could
get to my asterisk server off net on my softphone. I quickly noticed I was getting
attacked. Although I am using very cryptic passwords for my extensions, best
practices is to not let this go on, and I have limited bandwidth at my house
with COX home service 50/5.
At the time of this post I am behind a Linksys EA5400
router. I have a new pfSense I built the other day on a fanless mini ITX
platform but I want to play with it more before I move it in front of my COX MTA.
Yes I have COX home as well J
Replacing the router will not affect my network or Asterisk setup
as I will use the same IP’s as the Linksys when I replace it, and yes, add the
port forward rules for SIP and RTP.
Install iptables
#
systemctl stop firewalld
# systemctl mask firewalld
# yum –y install
iptables-services
# systemctl enable
iptables
Edit the
/etc/sysconfig/iptables file. Below is mine. Very
basic allowing for web, ssh, SIP, and RTP.
# vi
/etc/sysconfig/iptables
*filter
:INPUT
ACCEPT [0:0]
:FORWARD
ACCEPT [0:0]
:OUTPUT
ACCEPT [214:43782]
-A
INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A
INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A
INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A
INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A
INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A
INPUT -i lo -j ACCEPT
COMMIT
Start iptables with:
#
systemctl restart iptables
Make sure it is running with:
#
systemctl status iptables
Check your rules with:
# iptables –L
Install fail2ban
Make sure you have the epel for Centos 7 installed for use
in yum. As user root:
#
yum –y install fail2ban
Setup conf file. Don’t use jail.conf, but rather jail.local
# vi /etc/fail2ban/jail.local
[DEFAULT]
bantime = 3600
findtime = 21600
maxretry = 3
backend = auto
[asterisk-iptables]
# if more than 4 attempts are made within 6 hours, ban for 24 hours
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail[name=ASTERISK, dest=you@yourmail.co.uk, sender=fail2ban@local.local]
logpath = /var/log/asterisk/messages
maxretry = 4
findtime = 21600
bantime = 86400
Make sure your logpath is correct under the [asterisk-iptables] context above. If not it will not be able to read log and ban the bad guys.
Enable fail2ban and start service:
# systemctl enable fail2ban
# systemctl start fail2ban
# systemctl status fail2ban
Log file is /var/log/fail2ban.log
Enjoy!
No comments:
Post a Comment