many thanks but no joy there either, sure i am missing something simple
but it has been a long day :)
Running tests
=============
Use�� failregex filter file : tomcat, basedir: /etc/fail2ban
Use�������� maxlines : 5
Use�������� log file : /opt/tomcat/logs/catalina.out
Use�������� encoding : UTF-8
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
|� [2] ^24hour:Minute:Second
`-
Lines: 2 lines, 0 ignored, 0 matched, 2 missed [processed in 0.00 sec]
|- Missed line(s):
|� 22:16:24.088 [https-jsse-nio-8443-exec-6] WARN
o.a.g.r.auth.AuthenticationService - Authentication attempt from
192.168.1.3 for user "bold" failed.
|� 22:18:46.077 [https-jsse-nio-8443-exec-6] INFO
o.a.g.r.auth.AuthenticationService - User "dave" successfully
authenticated from 192.168.1.3.
Erik Berndt wrote:
We use a Tomcat filter and it works just fine for Guacamole.
Filter:
# Fail2Ban tomcat filter
#
[INCLUDES]
#
[Definition]
failregex = \bAuthentication attempt from \[<HOST>(?:,.*)?\] for user
".*" failed\.
#
[Init]
#
journalmatch = _SYSTEMD_UNIT=tomcat.service
maxlines = 5
Jail.local:
[tomcat]
port = http,https,8080
logpath = %(tomcat_access_log)s
enabled = yes
bantime = 14400
maxretry = 5
Erik Berndt / Systems Administrator
5551 Wellington Rd, Gainesville, VA 20155
703.631.0004 x520 (Phone) / 703.257.1725 (Fax)
http://www.superiorpaving.net
Need to open an IT support ticket? �
http://FixIT.superiorpaving.net/portal or fi...@superiorpaving.net
<mailto:fi...@superiorpaving.net>
On Wed, May 16, 2018 at 4:25 PM, mdbarber <md...@aol.com
<mailto:md...@aol.com>> wrote:
to cover guacamole?
using it to protect a webmin instance but the default gucamole
filter doesn't work and all the documentation i can find regarding
syntax for filters is out of date.
Any hints please?
regards
mdb
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus <https://www.avast.com/antivirus>
This e-mail and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they
are addressed. If you are not the intended recipient or the person
responsible for delivering the e-mail to the intended recipient, be
advised that you have received this e-mail in error and that any use,
dissemination, forwarding, printing or copying of this e-mail is
strictly prohibited. If you have received this e-mail in error,
please immediately notify Superior Paving Corp. by telephone at (703)
631-0004. You will be reimbursed for reasonable costs incurred in
notifying us.