From eecff52b37ba9015526b094df13dd20c33905a8e Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Tue, 4 Mar 2025 17:11:00 +0100
Subject: [PATCH] Enhance fail2ban configuration for Asterisk by adding
 additional logpath and failregex for CTI HTTP 401 responses

---
 root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk | 2 +-
 root/etc/fail2ban/filter.d/asterisk_nethserver.conf           | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk b/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
index fa566486..36c8bd1e 100644
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
@@ -9,7 +9,7 @@
         $OUT .= "\n[$_]\n";
         $OUT .= "enabled = true\n";
         $OUT .= "port = $port\n";
-        $OUT .= "logpath = /var/log/asterisk/full\n";
+        $OUT .= "logpath = /var/log/asterisk/full /var/log/asterisk/nethcti.log\n";
         $OUT .= "maxretry = $maxretry\n";
         $OUT .= "action = $action\n\n"
 
diff --git a/root/etc/fail2ban/filter.d/asterisk_nethserver.conf b/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
index 6dcd9850..deb1be8b 100644
--- a/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
+++ b/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
@@ -22,5 +22,6 @@ failregex =  ^%(__prefix_line)s%(log_prefix)s <HOST> failed to authenticate as '
              ^%(__prefix_line)s%(log_prefix)s <HOST> tried to authenticate with nonexistent user '.*'$
              ^%(__prefix_line)s%(log_prefix)s <HOST> failed to pass IP ACL as '.*'$
              ^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP connection from <HOST>:.*"$
+             ^%(__prefix_line)s *.send HTTP 401 response to <HOST>:.*$
 
 ignoreregex =