I came across the same issue a few years ago, fwir the default regex for
guacamole in fail2ban was at fault and amending that i got it to work
but i don't rem any details other than that sorry.
--
Regards
David Barber
khmadhu wrote:
Hi,
In catalina.out file the failed attempts its logging.
[2023-09-30 08:22:20] [info] 08:22:20.043 [http-nio-8080-exec-12] INFO
o.a.g.a.l.AuthenticationProviderService - User "gkhjk" did not
successfully authenticate against any LDAP server.
[2023-09-30 08:22:20] [info] 08:22:20.043 [http-nio-8080-exec-12] WARN
o.a.g.r.auth.AuthenticationService - Authentication attempt from
*IP* for user "gkhjk" failed.
In the fail2ban log file its not.
023-09-30 08:18:16,015 fail2ban.filter [212019]: INFO Added
logfile: '/var/log/tomcat9/catalina.out' (pos = 78668031, hash =
87a1ded384)
2023-09-30 08:18:16,016 fail2ban.jail [212019]: INFO Jail
'sshd' started
2023-09-30 08:18:16,017 fail2ban.jail [212019]: INFO Jail
'guacamole' started
On Sat, Sep 30, 2023 at 1:51 PM Robert Dinse
<[email protected]> wrote:
Did you look in the logs to see if its picking up the attempts?
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Eskimo North Linux Friendly Internet Access, Shell Accounts, and
Hosting.
Knowledgeable human assistance, not telephone trees or script
readers.
See our web site: http://www.eskimo.com/ (206) 812-0051 or (800)
246-6874.
On Sat, 30 Sep 2023, khmadhu wrote:
> Date: Sat, 30 Sep 2023 13:49:04 +0530
> From: khmadhu <[email protected] <mailto:[email protected]>>
> Reply-To: [email protected]
<mailto:[email protected]>
> To: [email protected] <mailto:[email protected]>
> Subject: Re: Captcha protection to stop brute force attacks
>
> Hi Ivan,
> I tried below in fail2ban default config jail.conf file, but after 5
> attempts it's still not blocking!, anything missing?.
>
> [guacamole]
> enabled = true
> bantime = 86400
> maxretry = 5
> port = http,https,8080
> logpath = /var/log/tomcat9/catalina.out
>
>
>> From below command I checked the fail2ban guacamole client status
> fail2ban-client status guacamole
> output:
>
> Status for the jail: guacamole
> |- Filter
> | |- Currently failed: 0
> | |- Total failed: 0
> | `- File list: /var/log/tomcat9/catalina.out
> `- Actions
> |- Currently banned: 0
> |- Total banned: 0
> `- Banned IP list:
>
>
>
>
>
> On Sat, Sep 30, 2023 at 1:24 PM khmadhu <[email protected]
<mailto:[email protected]>> wrote:
>
>> Hi Ivan,
>>
>> Thanks for the link, looks like fail2ban is the way to go for now.
>>
>>
>> On Sat, Sep 30, 2023 at 12:18 PM Ivanmarcus
<[email protected]>
>> wrote:
>>
>>> As far as I'm aware there isn't any work being done on this
presently,
>>> however it was discussed back in 2020. The following link may
be of some
>>> interest:
>>>
>>> https://lists.apache.org/thread/5pkbqsyks4g1vdh7vnxv20lzr11jzvnm
>>>
>>>
>>>
---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
<mailto:[email protected]>
>>> For additional commands, e-mail:
[email protected] <mailto:[email protected]>
>>>
>>>
>>
>> --
>> Thanks & Regards
>> Madhusudan
>> 9844117475
>> Bengaluru-12.
>>
>
>
> --
> Thanks & Regards
> Madhusudan
> 9844117475
> Bengaluru-12.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
<mailto:[email protected]>
For additional commands, e-mail: [email protected]
<mailto:[email protected]>
--
Thanks & Regards
Madhusudan
9844117475
Bengaluru-12.
