Last active
August 13, 2018 14:32
-
-
Save Loriowar/51e496b1e1eb7819f65cd8ff94dd9ce1 to your computer and use it in GitHub Desktop.
Fail2Ban filter for Dante
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Fail2Ban filter for dante | |
# This filter is for sockd.log, NOT for errors log | |
# | |
# Prevent a bruteforce of a login/password combination and some other strange actions. | |
[INCLUDES] | |
# Read syslog common prefixes | |
before = common.conf | |
[Definition] | |
_daemon = danted | |
failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes? in \d+ seconds?: (could not access user "\w+"'s records in the system password file: no system error|system password authentication failed for user "\w+"|client offered no acceptable authentication method|unknown SOCKS version \d+ in client request)$ | |
ignoreregex = |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Inspired by this pull-request. Checked on Fail2Ban v0.9.3 with Dante v1.4.1.