The security events framework API was changed in Asterisk 10 but the unit tests
were not updated at the same time.
This patch does the following:
* Adds two more security events that were added to the API
* Add challenge, received_challenge and received_hash in the inval_password
security event unit test
(Closes issue ASTERISK-19760)
Reported by: Michael L. Young
Tested by: Michael L. Young
Patches:
issue-asterisk-19760-trunk.diff uploaded by Michael L. Young (license 5026)
Review: https://reviewboard.asterisk.org/r/1897/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@365248 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The Security Events Framework API changed in trunk to support IPv6. This broke
the building of the security events test which was based around IPv4. This
patches fixes the build by changing the test to conform to the new changes.
(related to issue ASTERISK-19447)
Review: https://reviewboard.asterisk.org/r/1874/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362432 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit introduces the security events API. This API is to be used by
Asterisk components to report events that have security implications.
A simple example is when a connection is made but fails authentication. These
events can be used by external tools manipulate firewall rules or something
similar after detecting unusual activity based on security events.
Inside of Asterisk, the events go through the ast_event API. This means that
they have a binary encoding, and it is easy to write code to subscribe to these
events and do something with them.
One module is provided that is a subscriber to these events - res_security_log.
This module turns security events into a parseable text format and sends them
to the "security" logger level. Using logger.conf, these log entries may be
sent to a file, or to syslog.
One service, AMI, has been fully updated for reporting security events.
AMI was chosen as it was a fairly straight forward service to convert.
The next target will be chan_sip. That will be more complicated and will
be done as its own project as the next phase of security events work.
For more information on the security events framework, see the documentation
generated from doc/tex/. "make asterisk.pdf"
Review: https://reviewboard.asterisk.org/r/273/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@206021 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Jonathan Rose
Michael L. Young
Paul Belanger
Leif Madsen
Russell Bryant