Asterisk 11: Detect device auth failures #305

Merged
merged 2 commits into from Aug 8, 2013

Conversation

Projects
None yet
5 participants
@Jamyn
Contributor

Jamyn commented Jul 25, 2013

Sebastian Arcus to fail2ban-users:

Just some more log variations I noticed today slipping through the cracks unnoticed by current asterisk.conf filter from git. Asterisk version is 11.4.0. Here are the lines from the log:

[2013-07-25 07:26:43] NOTICE[26015][C-000006b2] chan_sip.c: Failed to authenticate device 101sip:101@92.28.85.72;tag=65d997a4

# Running tests

Use regex line : Failed to authenticate (user|device) [^@]+@\S*$
Use single line: [2013-07-25 07:26:43] NOTICE[26015][C-000006b2] ch...

Results

Failregex: 1 total
|- #) [# of hits] regular expression
| 1) [1] Failed to authenticate (user|device) [^@]+@\S*$
`-

Ignoreregex: 0 total

Summary

Addresses found:
[1]
92.28.85.72 (Thu Jul 25 07:26:43 2013)

Date template hits:
2 hit(s): Year-Month-Day Hour:Minute:Second

Success, the total number of match is 1

@coveralls

This comment has been minimized.

Show comment Hide comment
@coveralls

coveralls Jul 25, 2013

Coverage Status

Coverage remained the same when pulling 156ee8a0e9db0f9fc433d040491501edad5d8d53 on Jamyn:master into 2d52fc3 on fail2ban:master.

Coverage Status

Coverage remained the same when pulling 156ee8a0e9db0f9fc433d040491501edad5d8d53 on Jamyn:master into 2d52fc3 on fail2ban:master.

@grooverdan

This comment has been minimized.

Show comment Hide comment
@grooverdan

grooverdan Jul 26, 2013

Contributor

Thanks @Jamyn . Looks good.

Can you please commit a sample log entry to testcases/files/logs/asterisk along with the "# failJSON: { .." line above it.

Contributor

grooverdan commented Jul 26, 2013

Thanks @Jamyn . Looks good.

Can you please commit a sample log entry to testcases/files/logs/asterisk along with the "# failJSON: { .." line above it.

@Jamyn

This comment has been minimized.

Show comment Hide comment
@Jamyn

Jamyn Jul 27, 2013

Contributor

Updated commit Jamyn/fail2ban@8936f2c

Thanks!

Contributor

Jamyn commented Jul 27, 2013

Updated commit Jamyn/fail2ban@8936f2c

Thanks!

@coveralls

This comment has been minimized.

Show comment Hide comment
@coveralls

coveralls Jul 27, 2013

Coverage Status

Coverage remained the same when pulling 8936f2c on Jamyn:master into 1721991 on fail2ban:master.

Coverage Status

Coverage remained the same when pulling 8936f2c on Jamyn:master into 1721991 on fail2ban:master.

#306
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.

Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
@coveralls

This comment has been minimized.

Show comment Hide comment
@coveralls

coveralls Jul 27, 2013

Coverage Status

Coverage remained the same when pulling a355fab on Jamyn:master into 1721991 on fail2ban:master.

Coverage Status

Coverage remained the same when pulling a355fab on Jamyn:master into 1721991 on fail2ban:master.

@kwirk

This comment has been minimized.

Show comment Hide comment
@kwirk

kwirk Jul 27, 2013

Contributor

Looks good @Jamyn.
Noticed your dropbear changes from #307 have got muddled in. We'll probably just merge both from here once #307 is complete as well…

Contributor

kwirk commented Jul 27, 2013

Looks good @Jamyn.
Noticed your dropbear changes from #307 have got muddled in. We'll probably just merge both from here once #307 is complete as well…

@ghost ghost assigned yarikoptic Aug 8, 2013

@yarikoptic yarikoptic merged commit a355fab into fail2ban:master Aug 8, 2013

1 check passed

default The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment