From 12178121bb13a83c308c4ae99c616a2f810aea01 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Tue, 4 Mar 2025 17:11:00 +0100
Subject: [PATCH 1/2] Enhance fail2ban configuration for Asterisk by adding
 additional logpath and failregex for CTI HTTP 401 responses

---
 root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk | 2 +-
 root/etc/fail2ban/filter.d/asterisk_nethserver.conf           | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk b/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
index fa566486..36c8bd1e 100644
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
@@ -9,7 +9,7 @@
         $OUT .= "\n[$_]\n";
         $OUT .= "enabled = true\n";
         $OUT .= "port = $port\n";
-        $OUT .= "logpath = /var/log/asterisk/full\n";
+        $OUT .= "logpath = /var/log/asterisk/full /var/log/asterisk/nethcti.log\n";
         $OUT .= "maxretry = $maxretry\n";
         $OUT .= "action = $action\n\n"
 
diff --git a/root/etc/fail2ban/filter.d/asterisk_nethserver.conf b/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
index 6dcd9850..deb1be8b 100644
--- a/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
+++ b/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
@@ -22,5 +22,6 @@ failregex =  ^%(__prefix_line)s%(log_prefix)s <HOST> failed to authenticate as '
              ^%(__prefix_line)s%(log_prefix)s <HOST> tried to authenticate with nonexistent user '.*'$
              ^%(__prefix_line)s%(log_prefix)s <HOST> failed to pass IP ACL as '.*'$
              ^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP connection from <HOST>:.*"$
+             ^%(__prefix_line)s *.send HTTP 401 response to <HOST>:.*$
 
 ignoreregex =

From e250ecc185f72b870e132947578a1772c33fc645 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Tue, 4 Mar 2025 17:59:30 +0100
Subject: [PATCH 2/2] UI: update build script for NS7 with improved tar command

---
 prep-sources | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/prep-sources b/prep-sources
index 5874aff5..357b6c76 100755
--- a/prep-sources
+++ b/prep-sources
@@ -1,9 +1,17 @@
 #!/bin/bash
 
-# Prepare source for RPM build
+#
+# Build  NS7 UI
+#
 
-# download langs from transifex
+set -e
 
-# tar directory
-pushd ui && npm install && npm run build && cd dist && tar cvzf ../../nethserver-fail2ban-cockpit.tar.gz *
-popd
\ No newline at end of file
+# Build UI
+NODE_OPTIONS="--openssl-legacy-provider"
+export NODE_OPTIONS
+pushd ui
+npm install
+npm run build
+popd
+
+tar -C ui/dist -c -z -f nethserver-fail2ban-cockpit.tar.gz .