github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Improved changes of gh-1458:

Browse Source 
`[^']*` after callid was wrong, changed to `[^\)]*`;
  regexp anchored at the end;
  almost the same regex grouped to one;

Closes #1458
pull/1376/merge
sebres 9 years ago
parent 72a157b8f2
commit f5f204ca7c
2 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File

4
ChangeLog
Unescape View File

@ -25,7 +25,9 @@ ver. 0.9.5 (2016/XX/XXX) - wanna-be-released
added new parameter `__date_ambit`
* gentoo-initd fixed --pidfile bug: `--pidfile` is option of start-stop-daemon,
not argument of fail2ban (see gh-1434)
* filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+
* filter.d/asterisk.conf
- fix security log support for PJSIP and Asterisk 13+ (gh-1456)
- improved log support for PJSIP and Asterisk 13+ with different callID (gh-1458)
- New Features:
* New Actions:

9
config/filter.d/asterisk.conf
Unescape View File

@ -27,13 +27,8 @@ failregex = ^%(__prefix_line)s%(log_prefix)s Registration from '[^']*' failed fo
^%(__prefix_line)s%(log_prefix)s hacking attempt detected '<HOST>'$
^%(__prefix_line)s%(log_prefix)s SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="([\d-]+|%(iso8601)s)",Severity="[\w]+",Service="[\w]+",EventVersion="\d+",AccountID="(\d*|<unknown>)",SessionID=".+",LocalAddress="IPV[46]/(UDP|TCP|WS)/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HOST>/\d+"(,Challenge="[\w/]+")?(,ReceivedChallenge="\w+")?(,Response="\w+",ExpectedResponse="\w*")?(,ReceivedHash="[\da-f]+")?(,ACLName="\w+")?$
^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP connection from <HOST>"$
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from '[^']*' failed for '<HOST>(?::\d+)?'\s\(callid: [^']*\) - No matching endpoint found
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from '[^']*' failed for '<HOST>(?::\d+)?'\s\(callid: [^']*\) - Not match Endpoint ACL
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from '[^']*' failed for '<HOST>(?::\d+)?'\s\(callid: [^']*\) - Not match Endpoint Contact ACL
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from '[^']*' failed for '<HOST>(?::\d+)?'\s\(callid: [^']*\) - Failed to authenticate
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from '[^']*' failed for '<HOST>(?::\d+)?'\s\(callid: [^']*\) - Error to authenticate
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from '[^']*' failed for '<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - (?:No matching endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to authenticate)\s*$
ignoreregex =

Write Preview
Loading…
Cancel
Save