diff options
author | Andrey Alekseenko <al42and@gmail.com> | 2018-08-13 20:22:37 +0300 |
---|---|---|
committer | Andrey Alekseenko <al42and@gmail.com> | 2022-11-17 23:22:56 +0100 |
commit | df91b047d2104e0dd26636d2cea33b480538c919 (patch) | |
tree | 994750dd67c9140be65444ef3b27552f0f292c6a | |
parent | 05c162ef102026450244b41a6806e1137f340aba (diff) | |
download | fail2ban-df91b047d2104e0dd26636d2cea33b480538c919.tar.gz |
Dante SOCKS server: handle "1 byte/second" case
Thanks to @Loriowar and @sebres for pointing it out
-rw-r--r-- | config/filter.d/dante.conf | 2 | ||||
-rw-r--r-- | fail2ban/tests/files/logs/dante | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/config/filter.d/dante.conf b/config/filter.d/dante.conf index b597d461..d95f96b4 100644 --- a/config/filter.d/dante.conf +++ b/config/filter.d/dante.conf @@ -9,7 +9,7 @@ before = common.conf [Definition] _daemon = danted -failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes in \d+ seconds: (could not access user "\w+"'s records in the system password file: no system error|system password authentication failed for user "\w+")$ +failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes? in \d+ seconds?: (could not access user "\w+"'s records in the system password file: no system error|system password authentication failed for user "\w+")$ [Init] journalmatch = _SYSTEMD_UNIT=danted.service diff --git a/fail2ban/tests/files/logs/dante b/fail2ban/tests/files/logs/dante index a7f08eb2..80d6744f 100644 --- a/fail2ban/tests/files/logs/dante +++ b/fail2ban/tests/files/logs/dante @@ -2,3 +2,5 @@ Apr 14 15:35:03 vps111111 danted[17969]: info: block(1): tcp/accept ]: 1.2.3.4.50550 0.0.0.0.1080: error after reading 35 bytes in 0 seconds: could not access user "roooooooot"'s records in the system password file: no system error # failJSON: { "time": "2005-04-14T15:44:26", "match": true , "host": "1.2.3.4" } Apr 14 15:44:26 vps111111 danted[1846]: info: block(1): tcp/accept ]: 1.2.3.4.57178 0.0.0.0.1080: error after reading 18 bytes in 0 seconds: system password authentication failed for user "aland" +# failJSON: { "time": "2005-04-14T15:44:26", "match": true , "host": "1.2.3.4" } +Apr 14 15:44:26 vps111111 danted[1846]: info: block(1): tcp/accept ]: 1.2.3.4.57178 0.0.0.0.1080: error after reading 1 byte in 1 second: system password authentication failed for user "aland" |