diff --git a/app/provision/index.php b/app/provision/index.php index 158747ee9f..32ba7129be 100644 --- a/app/provision/index.php +++ b/app/provision/index.php @@ -232,6 +232,7 @@ //check if provisioning has been enabled if ($provision["enabled"] != "true") { + syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but provisioning is not enabled for ".check_str($_REQUEST['mac'])); echo "access denied"; exit; } @@ -240,6 +241,7 @@ if (strlen($_SERVER['auth_server']) > 0) { $result = send_http_request($_SERVER['auth_server'], 'mac='.check_str($_REQUEST['mac']).'&secret='.check_str($_REQUEST['secret'])); if ($result == "false") { + syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but the remote auth server said no for ".check_str($_REQUEST['mac'])); echo "access denied"; exit; } @@ -263,6 +265,7 @@ } } if (!$found) { + syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but failed CIDR check for ".check_str($_REQUEST['mac'])); echo "access denied"; exit; } @@ -344,6 +347,7 @@ } else { //access denied + syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but failed http basic authentication for ".check_str($_REQUEST['mac'])); header('HTTP/1.0 401 Unauthorized'); header('WWW-Authenticate: Basic realm="'.$_SESSION['domain_name'].'"'); unset($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); @@ -359,11 +363,12 @@ if (strlen($provision['password']) > 0) { //deny access if the password doesn't match if ($provision['password'] != check_str($_REQUEST['password'])) { + syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt bad password for ".check_str($_REQUEST['mac'])); //log the failed auth attempt to the system, to be available for fail2ban. openlog('FusionPBX', LOG_NDELAY, LOG_AUTH); syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt bad password for ".check_str($_REQUEST['mac'])); closelog(); - echo "access denied 4"; + echo "access denied"; return; } }