Hello, I use asterisk 1.8 + realtime peers. I want to configure fail2ban, but when I try to connect using fake extension I get ‘wrong password’ instead ‘no matching peer found’ in logs. What is the problem?
On the information you have aupplied, you have a wrong password configured in one or both of Asterisk and the device.
Telling you, I am connecting from the extension that doesn’t exist on the server, but in Asterisk logs I get ‘wrong password’.
Are you using the security log? Do you have alwaysauthreject? The answer to the first needs to be yes to have anything useful for fail2ban - do not use the normal messages logs. I suspect the alwaysauthreject will show as wrong password, in the message logs.
It was not clear what you meant by fake extension (especially as Asterisk doesn’t use the term “extension” in that context).
sorry for incorrect terms)))
I use /var/log/asterisk/full, I have alwaysauthreject=yes
Also there is no security log possibility in my asterisk.
You need Asterisk 11, which has a log that is intended for detecting security issues. The full log in 1.8 is intended to help you fix misbehaving friendly systems. The faking of the response implied by alwaysauthreject is probably being reflected in the reason being logged.
I guess most people who use fail2ban don’t really care whether the attacker has a valid peer name, or not, so a bad password is just as good an indication of an attack as a bad peer.