Asterisk Security with CSF

Hi folks,

I am trying to secure my asterisk box, i am also comparing csf performance with fail2ban.

I have installed csf version: 5.14
i have changed custom1 log path in csf.conf

CUSTOM1_LOG = “/var/log/asterisk/notice”

below rules have been placed in regex.custom.pm

#!/usr/bin/perl
sub custom_line {
my $line = shift;
my $lgfile = shift;

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.failed for ‘(\d+(.\d+){3})’ - (No matching peer found)./)) {
return (“Failed MondoTalkSIP login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.failed for ‘(\d+(.\d+){3})’ - (Username/auth name mismatch)./)) {
return (“Failed MondoTalkSIP login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.failed for ‘(\d+(.\d+){3})’ - (Wrong passord)./)) {
return (“Failed Asterisk login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.failed for ‘(\d+(.\d+){3})’ - (Device does not match ACL)./)) {
return (“Failed Asterisk login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.Host (\d+(.\d+){3}) (failed to authenticate)./)) {
return (“Failed Asterisk login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.*(No registration for peer).from (\d+(.\d+){3})./)) {
return (“Failed Asterisk login $1 from”,$2,“myasteriskmatch”,“3”,“5060”,“0”);
}

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.(Failed to authenticate user).@(\d+(.\d+){3}).*/)) {
return (“Failed MondoTalkSIP login $1 from”,$2,“myasteriskmatch”,“3”,“5060”,“0”);
}

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^[.Host (\d+(.\d+){3}) (failed MD5 authentication)./)) {
return (“Failed Asterisk login $2 from”,$1,“myasteriskmatch”,“3”,“5060”,“0”);
}

return 0;
}

1;

But this is not working, is there any one who can help me here? what mistake i have made?

ever have any luck with this ?

yah now working for me :smile: