Re: anyone still using fail2ban

Wed, 16 May 2018 14:38:46 -0700

many thanks but no joy there either, sure i am missing something simple but it has been a long day :) 

Running tests
=============

Use�� failregex filter file : tomcat, basedir: /etc/fail2ban
Use�������� maxlines : 5
Use�������� log file : /opt/tomcat/logs/catalina.out
Use�������� encoding : UTF-8

Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|� [2] ^24hour:Minute:Second
`-

Lines: 2 lines, 0 ignored, 0 matched, 2 missed [processed in 0.00 sec]
|- Missed line(s):

|� 22:16:24.088 [https-jsse-nio-8443-exec-6] WARN 
o.a.g.r.auth.AuthenticationService - Authentication attempt from 
192.168.1.3 for user "bold" failed.
|� 22:18:46.077 [https-jsse-nio-8443-exec-6] INFO 
o.a.g.r.auth.AuthenticationService - User "dave" successfully 
authenticated from 192.168.1.3.




Erik Berndt wrote:

We use a Tomcat filter and it works just fine for Guacamole.

Filter:

# Fail2Ban tomcat filter
#
[INCLUDES]
#
[Definition]

failregex = \bAuthentication attempt from \[<HOST>(?:,.*)?\] for user 
".*" failed\.

#
[Init]
#
journalmatch = _SYSTEMD_UNIT=tomcat.service
maxlines = 5

Jail.local:

[tomcat]
port = http,https,8080
logpath = %(tomcat_access_log)s
enabled = yes
bantime = 14400
maxretry = 5



Erik Berndt / Systems Administrator
5551 Wellington Rd, Gainesville, VA 20155
703.631.0004 x520 (Phone) / 703.257.1725 (Fax)
http://www.superiorpaving.net

Need to open an IT support ticket? �

http://FixIT.superiorpaving.net/portal or fi...@superiorpaving.net 
<mailto:fi...@superiorpaving.net>



On Wed, May 16, 2018 at 4:25 PM, mdbarber <md...@aol.com 
<mailto:md...@aol.com>> wrote:


    to cover guacamole?
    using it to protect a webmin instance but the default gucamole
    filter doesn't work and all the documentation i can find regarding
    syntax for filters is out of date.
    Any hints please?
    regards
    mdb

    ---
    This email has been checked for viruses by Avast antivirus software.
    https://www.avast.com/antivirus <https://www.avast.com/antivirus>




This e-mail and any files transmitted with it are confidential and are 
intended solely for the use of the individual or entity to whom they 
are addressed.  If you are not the intended recipient or the person 
responsible for delivering the e-mail to the intended recipient, be 
advised that you have received this e-mail in error and that any use, 
dissemination, forwarding, printing or copying of this e-mail is 
strictly prohibited.  If you have received this e-mail in error, 
please immediately notify Superior Paving Corp. by telephone at (703) 
631-0004.  You will be reimbursed for reasonable costs incurred in 
notifying us.


























					Reply via email to