Il 30/03/20 17:58, Giorgio ha scritto:
I would be grateful if someone can help in fail2ban on ubuntu 18.04 +
Tomcat 9 + apache Guacamole 1.1.0
I don't think ubuntu 18.04 has a very different configuration from my
debian buster...
First of all you have to check if you have enabled guacamole filter
settings in a jail. In my debian buster I have only configured the file
/etc/fail2ban/jail.conf.d/defaults-debian.conf adding a jail like:
[guacamole]
enabled=true
Check if in /etc/fail2ban/jail.conf you have the jail guacamole like
this one
[guacamole]
port = http,https
logpath = /var/log/tomcat*/catalina.out
Well now fail2ban looks auth failed attempt in file
/var/log/tomcat*/catalina.out. Did you have such a file?
Now you have to change the guacamole filter that you find in
/etc/fail2ban/filter.d/guacamole.conf changing the parameter failregex in:
failregex = ^.*WARN o\.a\.g\.r\.auth\.AuthenticationService -
Authentication attempt from <HOST> for user "[^"]*" failed\.$
now you have to restart fail2ban:
# systemctl restart fail2ban
that's all
Piviul
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
