github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH/BF: constrain regex. Fix ACL error regex

pull/237/head
Daniel Black 2013-05-30 10:15:58 +10:00
parent 0f7b609336
commit 4cf402d60e
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
config/filter.d/asterisk.conf
View File

@ -20,18 +20,18 @@ before = common.conf
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>(:[0-9]+)?' - Wrong password$
NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>(:[0-9]+)?' - No matching peer found$
NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>(:[0-9]+)?' - Username/auth name mismatch$
NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>(:[0-9]+)?' - Device does not match ACL$
NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>(:[0-9]+)?' - Peer is not supposed to register$
NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>(:[0-9]+)?' - ACL error (permit/deny)$
NOTICE%(__pid_re)s.* .*: Call from '.*' \(<HOST>:.*\) to extension '.*' rejected because extension not found in context 'default'.$
NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$
NOTICE%(__pid_re)s .*: No registration for peer '.*' \(from <HOST>\)$
NOTICE%(__pid_re)s .*: Host <HOST> failed MD5 authentication for '.*' (.*)$
NOTICE%(__pid_re)s .*: Failed to authenticate user .*@<HOST>.*$
SECURITY%(__pid_re)s .*: SecurityEvent="InvalidAccountID",EventTV=".*",Severity=".*",Service=".*",EventVersion=".*",AccountID=".*",SessionID=".*",LocalAddress=".*",RemoteAddress=".*/.*/<HOST>/.*"$
failregex = NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - Wrong password$
NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - No matching peer found$
NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - Username/auth name mismatch$
NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - Device does not match ACL$
NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - Peer is not supposed to register$
NOTICE%(__pid_re)s [^:]+: Registration from '[^']*' failed for '<HOST>(:[0-9]+)?' - ACL error \(permit/deny\)$
NOTICE%(__pid_re)s\[[^:]+\] [^:]+: Call from '[^']*' \(<HOST>:.*\) to extension '[0-9]+' rejected because extension not found in context 'default'.$
NOTICE%(__pid_re)s [^:]+: Host <HOST> failed to authenticate as '[^']*'$
NOTICE%(__pid_re)s [^:]+: No registration for peer '[^']*' \(from <HOST>\)$
NOTICE%(__pid_re)s [^:]+: Host <HOST> failed MD5 authentication for '[^']*' \([^)]+\)$
NOTICE%(__pid_re)s [^:]+: Failed to authenticate user [^@]+@<HOST>.*$
SECURITY%(__pid_re)s [^:]+: SecurityEvent="InvalidAccountID",EventTV="[0-9-]+",Severity="[a-zA-Z]+",Service="[a-zA-Z]+",EventVersion="[0-9]+",AccountID="[0-9]+",SessionID="0x[0-9a-f]+",LocalAddress="IPV[46]/(UD|TC)P/[0-9a-fA-F:.]+/[0-9]+",RemoteAddress="IPV[46]/(UD|TC)P/<HOST>/[0-9]+"$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.