Create filter for Dante SOCKS server

3 files changed, 25 insertions, 0 deletions

diff --git a/config/filter.d/dante.conf b/config/filter.d/dante.conf
new file mode 100644
index 00000000..b597d461
--- /dev/null
+++ b/config/filter.d/dante.conf
@@ -0,0 +1,16 @@
+# Fail2Ban filter for dante
+#
+# Make sure you have "log: error" set in your "client pass" directive
+#
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+_daemon = danted
+
+failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes in \d+ seconds: (could not access user "\w+"'s records in the system password file: no system error|system password authentication failed for user "\w+")$
+
+[Init]
+journalmatch = _SYSTEMD_UNIT=danted.service
+
diff --git a/config/jail.conf b/config/jail.conf
index fe8db527..f4990e09 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -978,3 +978,8 @@ banaction = %(banaction_allports)s
 [monitorix]
 port	= 8080
 logpath = /var/log/monitorix-httpd
+
+[dante]
+port    = 1080
+logpath = %(syslog_daemon)s
+
diff --git a/fail2ban/tests/files/logs/dante b/fail2ban/tests/files/logs/dante
new file mode 100644
index 00000000..a7f08eb2
--- /dev/null
+++ b/fail2ban/tests/files/logs/dante
@@ -0,0 +1,4 @@
+# failJSON: { "time": "2005-04-14T15:35:03", "match": true , "host": "1.2.3.4" }
+Apr 14 15:35:03 vps111111 danted[17969]: info: block(1): tcp/accept ]: 1.2.3.4.50550 0.0.0.0.1080: error after reading 35 bytes in 0 seconds: could not access user "roooooooot"'s records in the system password file: no system error
+# failJSON: { "time": "2005-04-14T15:44:26", "match": true , "host": "1.2.3.4" }
+Apr 14 15:44:26 vps111111 danted[1846]: info: block(1): tcp/accept ]: 1.2.3.4.57178 0.0.0.0.1080: error after reading 18 bytes in 0 seconds: system password authentication failed for user "aland"