Tried modifying filter's in /etc/fail2ban/filter.d/guacamole.conf but no luck.
#default regex #failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$ tried below. failregex = \bAuthentication attempt from \[<HOST>(?:,.*)?\] for user ".*" failed\. #failregex = +\b[Aa]uthentication attempt from \[<HOST>(?:,[^\]]*)?\] (?:for user (?:"[^"]*" )?)?failed\.\s*$ On Sat, Sep 30, 2023 at 2:39 PM David Barber <[email protected]> wrote: > I came across the same issue a few years ago, fwir the default regex for > guacamole in fail2ban was at fault and amending that i got it to work but i > don't rem any details other than that sorry. > > -- > Regards > David Barber > > > > khmadhu wrote: > > Hi, > In catalina.out file the failed attempts its logging. > > [2023-09-30 08:22:20] [info] 08:22:20.043 [http-nio-8080-exec-12] INFO > o.a.g.a.l.AuthenticationProviderService - User "gkhjk" did not > successfully authenticate against any LDAP server. > [2023-09-30 08:22:20] [info] 08:22:20.043 [http-nio-8080-exec-12] WARN > o.a.g.r.auth.AuthenticationService - Authentication attempt from *IP* > for user "gkhjk" failed. > > In the fail2ban log file its not. > > 023-09-30 08:18:16,015 fail2ban.filter [212019]: INFO Added > logfile: '/var/log/tomcat9/catalina.out' (pos = 78668031, hash = 87a1ded384) > 2023-09-30 08:18:16,016 fail2ban.jail [212019]: INFO Jail > 'sshd' started > 2023-09-30 08:18:16,017 fail2ban.jail [212019]: INFO Jail > 'guacamole' started > > > > > On Sat, Sep 30, 2023 at 1:51 PM Robert Dinse <[email protected]> > <[email protected]> wrote: > >> >> Did you look in the logs to see if its picking up the attempts? >> >> >> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- >> Eskimo North Linux Friendly Internet Access, Shell Accounts, and >> Hosting. >> Knowledgeable human assistance, not telephone trees or script readers. >> See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) >> 246-6874. >> >> On Sat, 30 Sep 2023, khmadhu wrote: >> >> > Date: Sat, 30 Sep 2023 13:49:04 +0530 >> > From: khmadhu <[email protected]> >> > Reply-To: [email protected] >> > To: [email protected] >> > Subject: Re: Captcha protection to stop brute force attacks >> > >> > Hi Ivan, >> > I tried below in fail2ban default config jail.conf file, but after 5 >> > attempts it's still not blocking!, anything missing?. >> > >> > [guacamole] >> > enabled = true >> > bantime = 86400 >> > maxretry = 5 >> > port = http,https,8080 >> > logpath = /var/log/tomcat9/catalina.out >> > >> > >> >> From below command I checked the fail2ban guacamole client status >> > fail2ban-client status guacamole >> > output: >> > >> > Status for the jail: guacamole >> > |- Filter >> > | |- Currently failed: 0 >> > | |- Total failed: 0 >> > | `- File list: /var/log/tomcat9/catalina.out >> > `- Actions >> > |- Currently banned: 0 >> > |- Total banned: 0 >> > `- Banned IP list: >> > >> > >> > >> > >> > >> > On Sat, Sep 30, 2023 at 1:24 PM khmadhu <[email protected]> wrote: >> > >> >> Hi Ivan, >> >> >> >> Thanks for the link, looks like fail2ban is the way to go for now. >> >> >> >> >> >> On Sat, Sep 30, 2023 at 12:18 PM Ivanmarcus >> <[email protected]> <[email protected]> >> >> wrote: >> >> >> >>> As far as I'm aware there isn't any work being done on this presently, >> >>> however it was discussed back in 2020. The following link may be of >> some >> >>> interest: >> >>> >> >>> https://lists.apache.org/thread/5pkbqsyks4g1vdh7vnxv20lzr11jzvnm >> >>> >> >>> >> >>> --------------------------------------------------------------------- >> >>> To unsubscribe, e-mail: [email protected] >> >>> For additional commands, e-mail: [email protected] >> >>> >> >>> >> >> >> >> -- >> >> Thanks & Regards >> >> Madhusudan >> >> 9844117475 >> >> Bengaluru-12. >> >> >> > >> > >> > -- >> > Thanks & Regards >> > Madhusudan >> > 9844117475 >> > Bengaluru-12. >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] > > > > -- > Thanks & Regards > Madhusudan > 9844117475 > Bengaluru-12. > > > > -- Thanks & Regards Madhusudan 9844117475 Bengaluru-12.
