From 260b4ecf3dfc54ef9d1b0f945d6dcf258e818b4f Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Tue, 4 Mar 2025 18:07:52 +0100
Subject: [PATCH 1/3] fail2ban: update Asterisk jail configuration to include
 additional log path and regex

---
 root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk | 2 +-
 root/etc/fail2ban/filter.d/asterisk_nethserver.conf           | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk b/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
index fa566486..36c8bd1e 100644
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
@@ -9,7 +9,7 @@
         $OUT .= "\n[$_]\n";
         $OUT .= "enabled = true\n";
         $OUT .= "port = $port\n";
-        $OUT .= "logpath = /var/log/asterisk/full\n";
+        $OUT .= "logpath = /var/log/asterisk/full /var/log/asterisk/nethcti.log\n";
         $OUT .= "maxretry = $maxretry\n";
         $OUT .= "action = $action\n\n"
 
diff --git a/root/etc/fail2ban/filter.d/asterisk_nethserver.conf b/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
index 6dcd9850..deb1be8b 100644
--- a/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
+++ b/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
@@ -22,5 +22,6 @@ failregex =  ^%(__prefix_line)s%(log_prefix)s <HOST> failed to authenticate as '
              ^%(__prefix_line)s%(log_prefix)s <HOST> tried to authenticate with nonexistent user '.*'$
              ^%(__prefix_line)s%(log_prefix)s <HOST> failed to pass IP ACL as '.*'$
              ^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP connection from <HOST>:.*"$
+             ^%(__prefix_line)s *.send HTTP 401 response to <HOST>:.*$
 
 ignoreregex =

From a5cc6cb7ead94383edba7d1ced3424bfc0115c09 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Thu, 13 Mar 2025 18:40:39 +0100
Subject: [PATCH 2/3] fail2ban: refine regex for HTTP 401 response in Asterisk
 filter

---
 root/etc/fail2ban/filter.d/asterisk_nethserver.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/root/etc/fail2ban/filter.d/asterisk_nethserver.conf b/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
index deb1be8b..879493f0 100644
--- a/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
+++ b/root/etc/fail2ban/filter.d/asterisk_nethserver.conf
@@ -22,6 +22,6 @@ failregex =  ^%(__prefix_line)s%(log_prefix)s <HOST> failed to authenticate as '
              ^%(__prefix_line)s%(log_prefix)s <HOST> tried to authenticate with nonexistent user '.*'$
              ^%(__prefix_line)s%(log_prefix)s <HOST> failed to pass IP ACL as '.*'$
              ^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP connection from <HOST>:.*"$
-             ^%(__prefix_line)s *.send HTTP 401 response to <HOST>:.*$
+             send HTTP 401 response to <HOST>:\d+$
 
 ignoreregex =

From aab800e4ce330d3913afddb3b6de2eb4ebc9f307 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Thu, 13 Mar 2025 18:49:20 +0100
Subject: [PATCH 3/3] fail2ban: fix logpath formatting in Asterisk jail
 configuration

---
 root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk b/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
index 36c8bd1e..3b54cbdc 100644
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.local/10asterisk
@@ -9,7 +9,7 @@
         $OUT .= "\n[$_]\n";
         $OUT .= "enabled = true\n";
         $OUT .= "port = $port\n";
-        $OUT .= "logpath = /var/log/asterisk/full /var/log/asterisk/nethcti.log\n";
+        $OUT .= "logpath = /var/log/asterisk/full\n /var/log/asterisk/nethcti.log\n";
         $OUT .= "maxretry = $maxretry\n";
         $OUT .= "action = $action\n\n"