Fail2ban Dolibarr

Déployer automatiquement partout ou Dolibarr est installé :

Fichier de filter :

# From https://github.com/Dolibarr/dolibarr/blob/develop/dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf
# Fail2Ban configuration file
#
# Regexp to detect try to check a couple login/password so we can add mitigation 
# on IP making too much tries. 


[Definition]

# To test, you can inject this example into log
# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4         functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
#
# then 
# fail2ban-client status web-dolibarr-rulesbruteforce 
#
# To test rule file on a existing log file
# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf --print-all-matched

failregex = ^ [A-Z\s]+ <HOST>\s+functions_.*::check_user_.* Authentication KO
ignoreregex =

Jail fail2ban

[dolibarr]
port = http,https
logpath = /usr/share/dolibarr/documents/dolibarr.log
enabled = true

Puis fail2ban-client reload