diff options
author | Sergey G. Brester <serg.brester@sebres.de> | 2022-11-18 12:43:44 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-18 12:43:44 +0100 |
commit | bd6e7aeff029db1b52d169efb5f79ce1619ee8db (patch) | |
tree | b07ecff1466b3c5349493b96a0f8c5fd37267781 | |
parent | ae5fe2e0032b8055a6a3c707f4cabfdd283f4245 (diff) | |
parent | efbbcb41ea51db6722a3ed78767579c98dc2cd0a (diff) | |
download | fail2ban-bd6e7aeff029db1b52d169efb5f79ce1619ee8db.tar.gz |
Merge pull request #2112 from al42and/dante
Create filter for Dante SOCKS server
-rw-r--r-- | config/filter.d/dante.conf | 16 | ||||
-rw-r--r-- | config/jail.conf | 5 | ||||
-rw-r--r-- | fail2ban/tests/files/logs/dante | 6 |
3 files changed, 27 insertions, 0 deletions
diff --git a/config/filter.d/dante.conf b/config/filter.d/dante.conf new file mode 100644 index 00000000..e3f6f7b2 --- /dev/null +++ b/config/filter.d/dante.conf @@ -0,0 +1,16 @@ +# Fail2Ban filter for dante +# +# Make sure you have "log: error" set in your "client pass" directive +# + +[INCLUDES] +before = common.conf + +[Definition] +_daemon = danted + +failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes? in \d+ seconds?: (?:could not access |system password authentication failed for )user "<F-USER>[^"]+</F-USER>" + +[Init] +journalmatch = _SYSTEMD_UNIT=danted.service + diff --git a/config/jail.conf b/config/jail.conf index fe8db527..f4990e09 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -978,3 +978,8 @@ banaction = %(banaction_allports)s [monitorix] port = 8080 logpath = /var/log/monitorix-httpd + +[dante] +port = 1080 +logpath = %(syslog_daemon)s + diff --git a/fail2ban/tests/files/logs/dante b/fail2ban/tests/files/logs/dante new file mode 100644 index 00000000..80d6744f --- /dev/null +++ b/fail2ban/tests/files/logs/dante @@ -0,0 +1,6 @@ +# failJSON: { "time": "2005-04-14T15:35:03", "match": true , "host": "1.2.3.4" } +Apr 14 15:35:03 vps111111 danted[17969]: info: block(1): tcp/accept ]: 1.2.3.4.50550 0.0.0.0.1080: error after reading 35 bytes in 0 seconds: could not access user "roooooooot"'s records in the system password file: no system error +# failJSON: { "time": "2005-04-14T15:44:26", "match": true , "host": "1.2.3.4" } +Apr 14 15:44:26 vps111111 danted[1846]: info: block(1): tcp/accept ]: 1.2.3.4.57178 0.0.0.0.1080: error after reading 18 bytes in 0 seconds: system password authentication failed for user "aland" +# failJSON: { "time": "2005-04-14T15:44:26", "match": true , "host": "1.2.3.4" } +Apr 14 15:44:26 vps111111 danted[1846]: info: block(1): tcp/accept ]: 1.2.3.4.57178 0.0.0.0.1080: error after reading 1 byte in 1 second: system password authentication failed for user "aland" |