fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	1a562bed0f	Merge remote-tracking branch 'master' into 0.10 # Conflicts: # config/filter.d/asterisk.conf	7 years ago
sebres	a5b62a7f36	failregex extended and simplified (partially ported from gh-1409).	7 years ago
sebres	098abae4e6	Remove greedy catch-all before `<HOST>`, make regex more universal, fewer prone to errors (should avoid future changes, if some optional parameters coming again before/after `RemoteAddress`) + non-captured groups now. Test for possible injection (5.6.7.8 in session-id) already available, line 59 (thus already covered).	7 years ago
Kirill	4c0c7b97c0	Update asterisk.conf to new log message I got an issue like this: [2016-05-15 22:53:00] SECURITY[26428] res_security_log.c: SecurityEvent="FailedACL",EventTV="2016-05-15T22:53:00.203+0300",Severity="Error",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7fb580001518",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/78.129.227.4/62389",SessionTV="1970-01-01T03:00:00.000+0300" # [sebres] rebased to current master and resolving conflicts.	7 years ago
sebres	546cd55342	Merge branch 'master' into 0.10	8 years ago
sebres	a1d0633e69	filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302): - optional space between NOTICE and pid; - optional part "Host " before IP-address;	8 years ago
sebres	22afdbd536	Several filters optimized with pre-filtering using new option `prefregex`	8 years ago
sebres	ab0ac2111c	added possibility to specify more precise default date pattern: - `datepattern = {^LN-BEG}` - only line-begin anchored default patterns (matches date only at begin of line, or with max distance up to 2 non-alphanumeric characters from line-begin); - `datepattern = {*WD-BEG}` - only word-begin anchored default patterns; - `datepattern = ^prefix{DATE}suffix` - exact specified default patterns (using prefix and suffix); common filter configs gets a more precise, line-begin anchored (datepattern = {^LN-BEG}) resp. custom anchoring default date-patterns;	8 years ago
sebres	4a1d720344	filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix	8 years ago
sebres	f5f204ca7c	Improved changes of gh-1458: `[^']` after callid was wrong, changed to `[^\)]`; regexp anchored at the end; almost the same regex grouped to one; Closes #1458	9 years ago
nturcksin	72a157b8f2	Improve PJSIP log support for asterisk 13+ with different callID (Squash gh-1458) Change the asterisk pjsip filter to don't take the callId part Add optional part between "Request" and "from" Listed all log message from asterisk	9 years ago
Ludovic Gasc	f85fb45b29	Asterisk pjsip (#1456 ) * Improve PJSIP log support for Asterisk 13+ * Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+ * Change pjsip regexp with sebres observation, thanks to @nturcksin	9 years ago
sebres	cb4f9be8b2	the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit;	9 years ago
sebres	d8e81eb417	regexp rewritten (few vulnerable as previous) + test case added	9 years ago
3eBoP	257b7049d8	Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number. Closes #1309	9 years ago
Ivan Poddubny	7a4e6fa6e5	Asterisk security log: add support for websocket protocol events Thanks to @kcormier.	10 years ago
Ivan Poddubny	988d9a08da	Asterisk security log: accept events containing Response/ExpectedResponse Event containing Challenge may come without ReceivedChallenge, but with Response and ExpectedResponse. Also Challenge now accepts '/' character, since it is used at least by PJSIP.	10 years ago
Ivan Poddubny	189265a323	Asterisk security log: accept SessionID of PJSIP events Unlike chan_sip and manager, PJSIP populates SessionID using Call-Id header of a related SIP message. As Call-Id of a SIP message can contain almost anything, the regular expression for SessionID has been loosened.	10 years ago
Ivan Poddubny	ab2ac1a367	Asterisk security log: accept <unknown> in AccountID	10 years ago
Ivan Poddubny	977f9955e7	Asterisk security log: accept EventTV in ISO8601 Asterisk uses ISO8601 dates in security log since version 12. Closes #988	10 years ago
Lee Clemens	72f4bcfbff	Match hacking attempt IP instead of asterisk server IP (closes #1000 )	10 years ago
Daniel Black	77fda9498c	ENH: pull asterisk filter change to support syslog from 0.9 branch	11 years ago
Tomas Pihl	b52a4441fd	Support ACL-events without AccountID. Typically happens when a registration from an unknown domain is performed. Add credits	11 years ago
Daniel Black	eb9663eb4f	BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning	11 years ago
Daniel Black	d7560d4041	ENH: condense asterisk regexs for speed	11 years ago
Daniel Black	89fd792dfb	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	11 years ago
Jamyn Shanley	8936f2cd02	fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11	12 years ago
Daniel Black	619603fe05	BF: match asterisk InvalidPassword correctly	12 years ago
Daniel Black	0086a7edab	ENH: missed a $	12 years ago
Daniel Black	fa7a105483	ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages	12 years ago
Yaroslav Halchenko	09302c5c25	ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[ detected date portion is stripped from the string to be matched, so it is not only the right ] is left, but also the left one ;-)	12 years ago
Daniel Black	6a09ecff5c	ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .	12 years ago
Carlos Alberto Lopez Perez	47b063b022	Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list * I have been seeing bruteforcing attempts where asterisk fails with AUTH_UNKNOWN_DOMAIN (Not a local domain)	12 years ago
Daniel Black	05c88bd85d	ENH: purge a few more .*	12 years ago
Daniel Black	4cf402d60e	ENH/BF: constrain regex. Fix ACL error regex	12 years ago
Daniel Black	0f7b609336	ENH: port optional	12 years ago
silviogarbes	5c8fb68a2c	Update asterisk.conf Para ficar compatível com asterisk 11	12 years ago
Daniel Black	495f2dd877	DOC: purge of svn tags	12 years ago
Xavier Devlamynck	8c00ce0a65	Add the INCLUDE section to use __pid_re feature	13 years ago
Xavier Devlamynck	c679a1a588	Change NOTICE by NOTICE%(__pid_re)s	13 years ago
Xavier D	d98cdb25d6	Add $ at the end of the failregex	13 years ago
Xavier Devlamynck	7d465f98c1	Add asterisk support	13 years ago

42 Commits (b185e7cb04206aac48f33414685f4d54662dfdf0)