Dante SOCKS server: handle "1 byte/second" case

Thanks to @Loriowar and @sebres for pointing it out
6 years ago · df91b047d2
2 changed files with 3 additions and 1 deletions
--- a/config/filter.d/dante.conf
+++ b/config/filter.d/dante.conf
@ -9,7 +9,7 @@ before = common.conf
 [Definition]
 _daemon = danted

-failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes in \d+ seconds: (could not access user "\w+"'s records in the system password file: no system error|system password authentication failed for user "\w+")$
+failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes? in \d+ seconds?: (could not access user "\w+"'s records in the system password file: no system error|system password authentication failed for user "\w+")$

 [Init]
 journalmatch = _SYSTEMD_UNIT=danted.service
--- a/fail2ban/tests/files/logs/dante
+++ b/fail2ban/tests/files/logs/dante
@ -2,3 +2,5 @@
 Apr 14 15:35:03 vps111111 danted[17969]: info: block(1): tcp/accept ]: 1.2.3.4.50550 0.0.0.0.1080: error after reading 35 bytes in 0 seconds: could not access user "roooooooot"'s records in the system password file: no system error
 # failJSON: { "time": "2005-04-14T15:44:26", "match": true , "host": "1.2.3.4" }
 Apr 14 15:44:26 vps111111 danted[1846]: info: block(1): tcp/accept ]: 1.2.3.4.57178 0.0.0.0.1080: error after reading 18 bytes in 0 seconds: system password authentication failed for user "aland"
+# failJSON: { "time": "2005-04-14T15:44:26", "match": true , "host": "1.2.3.4" }
+Apr 14 15:44:26 vps111111 danted[1846]: info: block(1): tcp/accept ]: 1.2.3.4.57178 0.0.0.0.1080: error after reading 1 byte in 1 second: system password authentication failed for user "aland"