sebres
d8e81eb417
regexp rewritten (few vulnerable as previous) + test case added
2016-02-08 12:01:25 +01:00
3eBoP
257b7049d8
Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number.
...
Closes #1309
2016-02-08 11:51:37 +01:00
Ivan Poddubny
7a4e6fa6e5
Asterisk security log: add support for websocket protocol events
...
Thanks to @kcormier.
2015-05-25 08:13:30 +03:00
Ivan Poddubny
988d9a08da
Asterisk security log: accept events containing Response/ExpectedResponse
...
Event containing Challenge may come without ReceivedChallenge, but with
Response and ExpectedResponse.
Also Challenge now accepts '/' character, since it is used at least by PJSIP.
2015-05-25 08:12:51 +03:00
Ivan Poddubny
189265a323
Asterisk security log: accept SessionID of PJSIP events
...
Unlike chan_sip and manager, PJSIP populates SessionID using
Call-Id header of a related SIP message.
As Call-Id of a SIP message can contain almost anything,
the regular expression for SessionID has been loosened.
2015-05-25 08:11:34 +03:00
Ivan Poddubny
ab2ac1a367
Asterisk security log: accept <unknown> in AccountID
2015-05-24 12:47:55 +03:00
Ivan Poddubny
977f9955e7
Asterisk security log: accept EventTV in ISO8601
...
Asterisk uses ISO8601 dates in security log since version 12.
Closes #988
2015-05-24 12:46:54 +03:00
Lee Clemens
72f4bcfbff
Match hacking attempt IP instead of asterisk server IP ( closes #1000 )
2015-03-24 19:03:26 -04:00
Daniel Black
77fda9498c
ENH: pull asterisk filter change to support syslog from 0.9 branch
2014-03-14 23:15:46 +11:00
Tomas Pihl
b52a4441fd
Support ACL-events without AccountID. Typically happens when a registration
...
from an unknown domain is performed.
Add credits
2014-01-12 01:28:55 +01:00
Daniel Black
eb9663eb4f
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning
2013-11-12 09:22:41 +11:00
Daniel Black
d7560d4041
ENH: condense asterisk regexs for speed
2013-11-08 10:24:50 +11:00
Daniel Black
89fd792dfb
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page
2013-10-31 00:02:59 +11:00
Jamyn Shanley
8936f2cd02
fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
2013-07-27 00:06:06 +00:00
Daniel Black
619603fe05
BF: match asterisk InvalidPassword correctly
2013-07-07 17:48:20 +10:00
Daniel Black
0086a7edab
ENH: missed a $
2013-06-29 11:30:37 +10:00
Daniel Black
fa7a105483
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
2013-06-27 09:16:14 +10:00
Yaroslav Halchenko
09302c5c25
ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
...
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
2013-06-13 23:15:48 -04:00
Daniel Black
6a09ecff5c
ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
2013-06-14 08:41:50 +10:00
Carlos Alberto Lopez Perez
47b063b022
Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
...
* I have been seeing bruteforcing attempts where asterisk fails with
AUTH_UNKNOWN_DOMAIN (Not a local domain)
2013-06-10 19:50:35 +02:00
Daniel Black
05c88bd85d
ENH: purge a few more .*
2013-05-30 11:34:04 +10:00
Daniel Black
4cf402d60e
ENH/BF: constrain regex. Fix ACL error regex
2013-05-30 10:15:58 +10:00
Daniel Black
0f7b609336
ENH: port optional
2013-05-30 09:43:39 +10:00
silviogarbes
5c8fb68a2c
Update asterisk.conf
...
Para ficar compatível com asterisk 11
2013-05-14 08:04:11 -03:00
Daniel Black
495f2dd877
DOC: purge of svn tags
2013-05-03 16:03:38 +10:00
Xavier Devlamynck
8c00ce0a65
Add the INCLUDE section to use __pid_re feature
2012-02-28 17:28:06 +01:00
Xavier Devlamynck
c679a1a588
Change NOTICE by NOTICE%(__pid_re)s
2012-02-21 18:05:53 +01:00
Xavier D
d98cdb25d6
Add $ at the end of the failregex
2012-02-13 17:11:32 +01:00
Xavier Devlamynck
7d465f98c1
Add asterisk support
2012-01-11 16:35:40 +01:00