Il 05/01/22 08:28, Piviul ha scritto:
Il 04/01/22 19:17, sam g ha scritto:
Hello,
I'm sure I'm asking a silly question but where would be this
Guacamole log file where the login failed attempts are written?
I tried but I don't see anything in my
/var/log/tomcat9/*localhost_access_log*.2022-01-04.txt or in
/var/log/tomcat9/*localhost_access_log*.2022-01-04.txt .
With a "*systemctl status tomcat9*" I can see some "*WARN
o.a.g.r.auth.AuthenticationService - Authentication attempt from
a.b.c.d for user "zzzf" failed.*"
In my debian buster guacamole logs are sent to tomcat, so I can find
failed logs in /var/log/tomcat/catalina.out
I add that after installing fail2ban you have enable it; in my debian
buster I have added the file /etc/fail2ban/jail.d/guacamole.conf:
$ cat /etc/fail2ban/jail.d/guacamole.conf
[guacamole]
enabled = true
and then I updated the failregex to discover failed login attempt in
/etc/fail2ban/filter.d/guacamole.conf. My failregex is:
failregex = ^.*WARNÂ o\.a\.g\.r\.auth\.AuthenticationService -
Authentication attempt from <HOST> for user "[^"]*" failed\.$
Then look into /var/log/fail2ban.log to see if all is working as expected
Piviul