[asterisk-users] Security Logging

Tzafrir Cohen tzafrir.cohen at xorcom.com
Thu Feb 11 05:48:34 CST 2010 

On Wed, Feb 10, 2010 at 09:53:46PM -0600, Lyle Giese wrote:
> Warren Selby wrote:
> > On Tue, Feb 9, 2010 at 5:54 PM, Lyle Giese <lyle at lcrcomputer.net
> > <mailto:lyle at lcrcomputer.net>> wrote:
> >
> >     Here's a start for you, just run from cron once a day:
> >
> >     Lyle
> >
> >
> > So basically, nothing built into asterisk that already provides
> > security logging mechanisms?  Maybe I'm using the wrong term; In
> > Windows, I think it would be called Security Auditing, successful /
> > unsuccessful login attempts that get recorded in the Windows Event
> > Viewer in the security log.  These login attempts (whether successful
> > or not) are recorded, and you get the IP address of the workstation
> > attempting the login, the username used, and whether or not it was
> > successful.  A log dedicated just to security auditing (or a new
> > option in /etc/logger.conf that adds this functionality (say, messages
> > => notice,warning,error,verbose,security) seems like it would be a
> > nice addition to asterisk.
> >
> > I've already got tools that can monitor log files and create bans
> > based on failed login attempts...but I don't always seem to see login
> > failures in the asterisk messages log. 
> >
> > I recall from Astricon 2009, Russel and Kevin (I think) commenting on
> > security features in asterisk and not sure how much to include (i.e
> > automatically banning people based on failed login attempts being a
> > process asterisk controls or just simply logs so that another tool can
> > do the banning, etc).  I just don't remember if there was any followup
> > to those discussions.

> I think that is the problem.  Nobody can agree on how it should be
> implemented.  So just log the events and the user/admin find and use a
> log analyzer or build your own tools for those that want/need such.

What do you want to log, exactly?

I believe, though, that SELinux, err Security Event Logging,
(res/res_security_log.c , in trunk/1.8) is basically what you're after.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

More information about the asterisk-users mailing list