Skip to content
Snippets Groups Projects
Commit 99a395b6 authored by Elian Loraux's avatar Elian Loraux
Browse files

add filter and jail fail2ban

parent b41eea68
No related branches found
No related tags found
1 merge request!3Fail2ban
# Fail2Ban configuration file
#
# Regexp to detect try to check a couple login/password so we can add mitigation
# on IP making too much tries.
[Definition]
# To test, you can inject this example into log
# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO 1.2.3.4 functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
#
# then
# fail2ban-client status web-dolibarr-rulesbruteforce
#
# To test rule file on a existing log file
# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf --print-all-matched
#failregex = ^ [A-Z\s]+ <HOST>\s+functions_.*::check_user_.* Authentication KO
failregex = ^.*NOTICE\s+<HOST>\s+\d+\s+\d+\s+functions_[^\s]+::check_user_[^\s]+ Authentication KO
ignoreregex =
[dolibarr]
enabled = true
filter = dolibarr
logpath = LOG_PATH
chain = DOCKER-USER
port = http,https
findtime = 130m
banaction = docker-page
maxretry = 5
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment