Asterisk Security

[Techstyle]

is Asterisk in LMCE 10.04 vunerable to brute force attacks?

there was a period earlier where lots of people were being billed for hacked calls, is security better now or is it still suggested to use something like fail2ban?

[cfernandes]

i use fail2ban to protect all off my servers from brute force attacks.

[Techstyle]

Thank You

Can you confirm that the wiki page for this is correct?

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force

should the ignore IP line look like:

ignoreip = 127.0.0.1 192.168.80.1 192.168.80.0/254

[cfernandes]

the wiki is correct.

and work on  my last instalation

[pw44]

Can you confirm that the wiki page for this is correct?

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force

should the ignore IP line look like:

ignoreip = 127.0.0.1 192.168.80.1 192.168.80.0/254

The wiki is correct, i tested it again with lmce 10.04. I created it while using lmce 8.10.
The ignoreip will make fail2ban ignore the given ip's or blocks, so ip's in your network will not be blocked by fail2ban in case of successive failed tries..

[Techstyle]

so I failed on the second step:

/etc/asterisk/sip.conf doesn't exist

[cfernandes]

you no need to change sip.conf

this change is implemented on asterisk realtime database  by Foxi.

[microbrain]

I use CSF firewall on all my servers to protect them. Very easy to set up and offers a little more flexibility and a lot more features than fail2ban does. Install webmin first (http://prdownloads.sourceforge.net/webadmin/webmin-1.580-1.noarch.rpm) then,
 CSF (http://www.configserver.com/free/csf.tgz).

I have had no issues with any of my servers including brute force attacks on those with asterisk installed since using CSF.


microbrain

[pw44]

so I failed on the second step:

/etc/asterisk/sip.conf doesn't exist

You can enter it in the asterisk database, table ast_config, mine looks like:
    Edit    Delete    83    0    18    0    sip.conf    general    alwaysauthreject    yes

[Techstyle]

cfernandes

thanks for updating the wiki page

[pw44]

Wiki http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force was updated for asterisk 1.8. As asterisk 1.8 logs includes the host IP and the port, fail2ban was not blocking attackers IP.
For the ones using lmce 1004, please update the fail2ban configuration file according the the wiki example.
For lmce 810, no change is needed.