From e93daa8622497339fef3008a1c91ec4933c24031 Mon Sep 17 00:00:00 2001
From: Loops <gerald.paquis@sensimedia.org>
Date: Wed, 11 Oct 2023 09:57:24 +0200
Subject: [PATCH 1/6] Create sonic-audit.local

Add support for Dell Enterprise Sonic. Parse audit.log to ban failled authentication
---
 jail.d/sonic-audit.local | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 jail.d/sonic-audit.local

diff --git a/jail.d/sonic-audit.local b/jail.d/sonic-audit.local
new file mode 100644
index 0000000..cb41c4e
--- /dev/null
+++ b/jail.d/sonic-audit.local
@@ -0,0 +1,8 @@
+[sonic-audit]
+
+banaction = nftables-multiport
+chain = input
+
+enabled = true
+logpath = /var/log/audit.log
+maxretry = 3

From 2c27977761b44cf822f84a82b8f4bcca8b3f3632 Mon Sep 17 00:00:00 2001
From: Loops <gerald.paquis@sensimedia.org>
Date: Wed, 11 Oct 2023 10:00:38 +0200
Subject: [PATCH 2/6] Create sonic-audit.local

Filter rules for Dell Enterprise SONiC
---
 filter.d/sonic-audit.local | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 filter.d/sonic-audit.local

diff --git a/filter.d/sonic-audit.local b/filter.d/sonic-audit.local
new file mode 100644
index 0000000..0a56645
--- /dev/null
+++ b/filter.d/sonic-audit.local
@@ -0,0 +1,7 @@
+[INCLUDES]
+
+before =  common.conf
+
+[Definition]
+failregex = ^.*Failed password for (.*)from <HOST>
+ignoreregex = 

From 617245570fe8fff7f8459586c835598538374d55 Mon Sep 17 00:00:00 2001
From: Loops <gerald.paquis@sensimedia.org>
Date: Wed, 11 Oct 2023 10:05:33 +0200
Subject: [PATCH 3/6] Rename sonic-audit.local to sonic-audit.conf

---
 filter.d/{sonic-audit.local => sonic-audit.conf} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename filter.d/{sonic-audit.local => sonic-audit.conf} (100%)

diff --git a/filter.d/sonic-audit.local b/filter.d/sonic-audit.conf
similarity index 100%
rename from filter.d/sonic-audit.local
rename to filter.d/sonic-audit.conf

From 7f9ca7d076c369aed733da65bdc94565ceb33419 Mon Sep 17 00:00:00 2001
From: Loops <gerald.paquis@sensimedia.org>
Date: Wed, 11 Oct 2023 10:06:05 +0200
Subject: [PATCH 4/6] Rename sonic-audit.local to sonic-audit.conf

---
 jail.d/{sonic-audit.local => sonic-audit.conf} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename jail.d/{sonic-audit.local => sonic-audit.conf} (100%)

diff --git a/jail.d/sonic-audit.local b/jail.d/sonic-audit.conf
similarity index 100%
rename from jail.d/sonic-audit.local
rename to jail.d/sonic-audit.conf

From 853f1f954f74d49a699fc37513a85057c6a486ec Mon Sep 17 00:00:00 2001
From: Loops <gerald.paquis@sensimedia.org>
Date: Wed, 11 Oct 2023 11:22:20 +0200
Subject: [PATCH 5/6] Update sonic-audit.conf

---
 filter.d/sonic-audit.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/filter.d/sonic-audit.conf b/filter.d/sonic-audit.conf
index 0a56645..8d8cc17 100644
--- a/filter.d/sonic-audit.conf
+++ b/filter.d/sonic-audit.conf
@@ -1,3 +1,6 @@
+## Version 2023/11/10
+# Fail2Ban filter rules for DES
+
 [INCLUDES]
 
 before =  common.conf

From a53221939b76f53c8e73c19bcf574e179b6ddfd5 Mon Sep 17 00:00:00 2001
From: Loops <gerald.paquis@sensimedia.org>
Date: Wed, 11 Oct 2023 11:23:43 +0200
Subject: [PATCH 6/6] Update sonic-audit.conf

---
 jail.d/sonic-audit.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/jail.d/sonic-audit.conf b/jail.d/sonic-audit.conf
index cb41c4e..c648bde 100644
--- a/jail.d/sonic-audit.conf
+++ b/jail.d/sonic-audit.conf
@@ -1,3 +1,6 @@
+## Version 2023/11/10
+# Fail2Ban jail configuration for Dell Enterprise SONiC
+
 [sonic-audit]
 
 banaction = nftables-multiport