Hi, In catalina.out file the failed attempts its logging. [2023-09-30 08:22:20] [info] 08:22:20.043 [http-nio-8080-exec-12] INFO o.a.g.a.l.AuthenticationProviderService - User "gkhjk" did not successfully authenticate against any LDAP server. [2023-09-30 08:22:20] [info] 08:22:20.043 [http-nio-8080-exec-12] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from *IP* for user "gkhjk" failed.
In the fail2ban log file its not. 023-09-30 08:18:16,015 fail2ban.filter [212019]: INFO Added logfile: '/var/log/tomcat9/catalina.out' (pos = 78668031, hash = 87a1ded384) 2023-09-30 08:18:16,016 fail2ban.jail [212019]: INFO Jail 'sshd' started 2023-09-30 08:18:16,017 fail2ban.jail [212019]: INFO Jail 'guacamole' started On Sat, Sep 30, 2023 at 1:51 PM Robert Dinse <[email protected]> wrote: > > Did you look in the logs to see if its picking up the attempts? > > > -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- > Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. > Knowledgeable human assistance, not telephone trees or script readers. > See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) > 246-6874. > > On Sat, 30 Sep 2023, khmadhu wrote: > > > Date: Sat, 30 Sep 2023 13:49:04 +0530 > > From: khmadhu <[email protected]> > > Reply-To: [email protected] > > To: [email protected] > > Subject: Re: Captcha protection to stop brute force attacks > > > > Hi Ivan, > > I tried below in fail2ban default config jail.conf file, but after 5 > > attempts it's still not blocking!, anything missing?. > > > > [guacamole] > > enabled = true > > bantime = 86400 > > maxretry = 5 > > port = http,https,8080 > > logpath = /var/log/tomcat9/catalina.out > > > > > >> From below command I checked the fail2ban guacamole client status > > fail2ban-client status guacamole > > output: > > > > Status for the jail: guacamole > > |- Filter > > | |- Currently failed: 0 > > | |- Total failed: 0 > > | `- File list: /var/log/tomcat9/catalina.out > > `- Actions > > |- Currently banned: 0 > > |- Total banned: 0 > > `- Banned IP list: > > > > > > > > > > > > On Sat, Sep 30, 2023 at 1:24 PM khmadhu <[email protected]> wrote: > > > >> Hi Ivan, > >> > >> Thanks for the link, looks like fail2ban is the way to go for now. > >> > >> > >> On Sat, Sep 30, 2023 at 12:18 PM Ivanmarcus > <[email protected]> > >> wrote: > >> > >>> As far as I'm aware there isn't any work being done on this presently, > >>> however it was discussed back in 2020. The following link may be of > some > >>> interest: > >>> > >>> https://lists.apache.org/thread/5pkbqsyks4g1vdh7vnxv20lzr11jzvnm > >>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [email protected] > >>> For additional commands, e-mail: [email protected] > >>> > >>> > >> > >> -- > >> Thanks & Regards > >> Madhusudan > >> 9844117475 > >> Bengaluru-12. > >> > > > > > > -- > > Thanks & Regards > > Madhusudan > > 9844117475 > > Bengaluru-12. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] -- Thanks & Regards Madhusudan 9844117475 Bengaluru-12.
