Piviul ha scritto il 21/03/20 alle 08:13:
Il 20/03/20 18:51, Mike Jumper ha scritto:
[...]
Any idea what pattern/regex the fail2ban plugin is using to match
login failures? It may be that the plugin is out-of-date and no longer
matches the messages logged by the webapp.
yes, in effect the log pattern doesn't match. Do you know if guacamole
distribute the fail2ban filter for the 1.1.0 or I have to modify the
filter myself?
I have changed the fileregex parameter from
failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*"
failed\.$
to
failregex = ^.*WARN o\.a\.g\.r\.auth\.AuthenticationService - Authentication attempt from
<HOST> for user "[^"]*" failed\.$
in the filter configuration file[¹] and all seems to work as expected.
Best regards
Piviul
[¹] /etc/fail2ban/filter.d/guacamole.conf
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
