Add Asterisk jail to fail2ban

NethServer Version: 7.5.1804
Module: fail2ban

I would like to create/enable a jail for asterisk.
In security -> fail2ban there’s no asterisk checkbox.
How can i add this jail without breaking anything else?


I found this:

Has somebody an idea how to do it?

Maybe @stephdl can have a look. He’s the maintainer for fail2ban.

do you have some evidences of tentative of intrusion in asterisk logs , could be a good start

create a file

vim /etc/e-smith/templates/etc/fail2ban/jail.local/10Asterisk

put this content

enabled  = true
port     = 5060,5061
logpath  = /var/log/asterisk/messages
maxretry = 3

I suppose that the log file is /var/log/asterisk/messages, please double check

then expand the file

signal-event nethserver-fail2ban-save

verifiy the jail exists


run few days and report, if you want a precise statistic then do

cat /var/lib/nethserver/fail2ban/fail2ban.json

1 Like

Thanks for support!
the log path is /var/log/asterisk/full

I followed your instruction and it works perfectly!

asterisk Jail enabled
- Currently banned: 7 - Total banned after service start: 7
- Banned IP: list of banned ip

Here a sample of bad registration tentative:
[2018-06-27 22:29:47] NOTICE[774]: res_pjsip/pjsip_distributor.c:649 log_failed_request: Request ‘REGISTER’ from ‘“2001” sip:2001@XX.XX.XX.XX’ failed for ‘’ (callid: 2302148521) - Failed to authenticate


if you uninstall asterisk, think to remove the custom file, please monitor it and we could add it per default


please could you take a look to

and could you paste the content of /etc/asterisk/logger.conf

The file is all commented.

; Do NOT edit this file as it is auto-generated by FreePBX. All modifications to ;
; this file must be done via the web gui. There are alternative files to make    ;
; custom modifications, details at:       ;
; This file is part of FreePBX.
;    FreePBX is free software: you can redistribute it and/or modify
;    it under the terms of the GNU General Public License as published by
;    the Free Software Foundation, either version 2 of the License, or
;    (at your option) any later version.
;    FreePBX is distributed in the hope that it will be useful,
;    but WITHOUT ANY WARRANTY; without even the implied warranty of
;    GNU General Public License for more details.
;    You should have received a copy of the GNU General Public License
;    along with FreePBX.  If not, see <>.
; Copyright (C) 2007 Astrogen LLC (USA)

#include logger_general_additional.conf
#include logger_general_custom.conf

#include logger_logfiles_additional.conf
#include logger_logfiles_custom.conf

@Stll0 how do you trick freepbx if you need to rewrite a configuration file. It is not a mandatory but the fail2ban team advices to enable the extra logging and use it in fail2ban to ban attackers


needed configurations are in two included logfiles:
/etc/asterisk/logger_general_additional.conf: dateformat=%F %T (which is correct)
/etc/asterisk/logger_logfiles_additional.conf: full => debug,error,notice,verbose,warning
in this one we should add security events. This could be done from FreePBX interface -> Settings -> Asterisk logfile settings -> log files

I think that it isn’t very nice to enable it by default for two reason:

  • security log is verbose with FreePBX because logs a lot of false positive warnings about dialplan
  • changing it means change a mysql row after installation (or change FreePBX installation) and we can’t know if user changed it or if it’s a default setting

We could do it, but since it’s not mandatory and can be easily configured from interface, maybe it’s better to write it in documentation.

What do you think?


if we could break something by adding a new setting, you know the mantra, do not break existing installations. We could document it

What are the news, how many attackers have you banned ?

I could see a /var/log/asterisk/fail2ban what is the content please ?

please could you test

yum install

think to remove your custom template


It is empty

1 Like

La vache (french translation of wtf)

Did you see the asterisk number of bans :’)

Do you have installed the new rpm ?

1 Like

We are implementing the asterisk jail, is it possible you send me the two logs per email (stephdl at de-labrusse dot org)


I feel the number of bans a bit high, either you were under a heavy attack, or your users were banned, what do you think ?

did you make some configuration modifications in asterisk also


Give me some days to install the rpm, i’m slightly busy!
the bans are hight, but it’s normal for a public vm!

Hi all

I hope that your holidays are/were good

I need some QA on this topic

thank for your help