Asterisk with fail2ban
I recently started to add some security features to my asterisk server. One was adding a fail2ban jail. Because I have asterisk running inside of docker, I mounted my log folder and changed fail2ban (installed on my docker host itself) to use the message file (in my case: /opt/asterisk/log/messages) . Start by editing /etc/fail2ban/jail.d/asterisk.conf: [asterisk] enabled = true filter = asterisk action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] banaction = iptables-multiport logpath = /opt/asterisk/log/messages maxretry = 5 findtime = 3h bantime = 1d Fail2ban needs a specific timestamp format and to prevent asterisk from creating GBs of logs I changed it to only log notice and error messages in the /etc/asterisk/logger....