Commit Graph

29 Commits (25c2334bc89a28812b1a3dc9ce4f3a8b502aeb0f)

Author SHA1 Message Date
sebres d8e81eb417 regexp rewritten (few vulnerable as previous) + test case added 2016-02-08 12:01:25 +01:00
3eBoP 257b7049d8 Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number.
Closes #1309
2016-02-08 11:51:37 +01:00
Ivan Poddubny 7a4e6fa6e5 Asterisk security log: add support for websocket protocol events
Thanks to @kcormier.
2015-05-25 08:13:30 +03:00
Ivan Poddubny 988d9a08da Asterisk security log: accept events containing Response/ExpectedResponse
Event containing Challenge may come without ReceivedChallenge, but with
Response and ExpectedResponse.
Also Challenge now accepts '/' character, since it is used at least by PJSIP.
2015-05-25 08:12:51 +03:00
Ivan Poddubny 189265a323 Asterisk security log: accept SessionID of PJSIP events
Unlike chan_sip and manager, PJSIP populates SessionID using
Call-Id header of a related SIP message.
As Call-Id of a SIP message can contain almost anything,
the regular expression for SessionID has been loosened.
2015-05-25 08:11:34 +03:00
Ivan Poddubny ab2ac1a367 Asterisk security log: accept <unknown> in AccountID 2015-05-24 12:47:55 +03:00
Ivan Poddubny 977f9955e7 Asterisk security log: accept EventTV in ISO8601
Asterisk uses ISO8601 dates in security log since version 12.

Closes #988
2015-05-24 12:46:54 +03:00
Lee Clemens 72f4bcfbff Match hacking attempt IP instead of asterisk server IP (closes #1000) 2015-03-24 19:03:26 -04:00
Daniel Black 77fda9498c ENH: pull asterisk filter change to support syslog from 0.9 branch 2014-03-14 23:15:46 +11:00
Tomas Pihl b52a4441fd Support ACL-events without AccountID. Typically happens when a registration
from an unknown domain is performed.

Add credits
2014-01-12 01:28:55 +01:00
Daniel Black eb9663eb4f BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning 2013-11-12 09:22:41 +11:00
Daniel Black d7560d4041 ENH: condense asterisk regexs for speed 2013-11-08 10:24:50 +11:00
Daniel Black 89fd792dfb DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-31 00:02:59 +11:00
Jamyn Shanley 8936f2cd02 fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11 2013-07-27 00:06:06 +00:00
Daniel Black 619603fe05 BF: match asterisk InvalidPassword correctly 2013-07-07 17:48:20 +10:00
Daniel Black 0086a7edab ENH: missed a $ 2013-06-29 11:30:37 +10:00
Daniel Black fa7a105483 ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages 2013-06-27 09:16:14 +10:00
Yaroslav Halchenko 09302c5c25 ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
2013-06-13 23:15:48 -04:00
Daniel Black 6a09ecff5c ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal . 2013-06-14 08:41:50 +10:00
Carlos Alberto Lopez Perez 47b063b022 Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
* I have been seeing bruteforcing attempts where asterisk fails with
   AUTH_UNKNOWN_DOMAIN (Not a local domain)
2013-06-10 19:50:35 +02:00
Daniel Black 05c88bd85d ENH: purge a few more .* 2013-05-30 11:34:04 +10:00
Daniel Black 4cf402d60e ENH/BF: constrain regex. Fix ACL error regex 2013-05-30 10:15:58 +10:00
Daniel Black 0f7b609336 ENH: port optional 2013-05-30 09:43:39 +10:00
silviogarbes 5c8fb68a2c Update asterisk.conf
Para ficar compatível com asterisk 11
2013-05-14 08:04:11 -03:00
Daniel Black 495f2dd877 DOC: purge of svn tags 2013-05-03 16:03:38 +10:00
Xavier Devlamynck 8c00ce0a65 Add the INCLUDE section to use __pid_re feature 2012-02-28 17:28:06 +01:00
Xavier Devlamynck c679a1a588 Change NOTICE by NOTICE%(__pid_re)s 2012-02-21 18:05:53 +01:00
Xavier D d98cdb25d6 Add $ at the end of the failregex 2012-02-13 17:11:32 +01:00
Xavier Devlamynck 7d465f98c1 Add asterisk support 2012-01-11 16:35:40 +01:00