This works for me [L_catalina] failregex = ^.*WARN o\.a\.g\.r\.auth\.AuthenticationService - Authentication attempt from <HOST> for user "[^"]*" failed\.$
datepattern = ^%%H:%%M:%%S.%%f сб, 30 сент. 2023 г. в 13:11, khmadhu <[email protected]>: > > Tried modifying filter's in /etc/fail2ban/filter.d/guacamole.conf but no > luck. > > #default regex > #failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user > "[^"]*" failed\.$ > > tried below. > failregex = \bAuthentication attempt from \[<HOST>(?:,.*)?\] for user ".*" > failed\. > #failregex = +\b[Aa]uthentication attempt from \[<HOST>(?:,[^\]]*)?\] > (?:for user (?:"[^"]*" )?)?failed\.\s*$ > > > > On Sat, Sep 30, 2023 at 2:39 PM David Barber <[email protected]> > wrote: > >> I came across the same issue a few years ago, fwir the default regex for >> guacamole in fail2ban was at fault and amending that i got it to work but i >> don't rem any details other than that sorry. >> >> -- >> Regards >> David Barber >> >> >> >> khmadhu wrote: >> >> Hi, >> In catalina.out file the failed attempts its logging. >> >> [2023-09-30 08:22:20] [info] 08:22:20.043 [http-nio-8080-exec-12] INFO >> o.a.g.a.l.AuthenticationProviderService - User "gkhjk" did not >> successfully authenticate against any LDAP server. >> [2023-09-30 08:22:20] [info] 08:22:20.043 [http-nio-8080-exec-12] WARN >> o.a.g.r.auth.AuthenticationService - Authentication attempt from *IP* >> for user "gkhjk" failed. >> >> In the fail2ban log file its not. >> >> 023-09-30 08:18:16,015 fail2ban.filter [212019]: INFO Added >> logfile: '/var/log/tomcat9/catalina.out' (pos = 78668031, hash = 87a1ded384) >> 2023-09-30 08:18:16,016 fail2ban.jail [212019]: INFO Jail >> 'sshd' started >> 2023-09-30 08:18:16,017 fail2ban.jail [212019]: INFO Jail >> 'guacamole' started >> >> >> >> >> On Sat, Sep 30, 2023 at 1:51 PM Robert Dinse <[email protected]> >> <[email protected]> wrote: >> >>> >>> Did you look in the logs to see if its picking up the attempts? >>> >>> >>> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- >>> Eskimo North Linux Friendly Internet Access, Shell Accounts, and >>> Hosting. >>> Knowledgeable human assistance, not telephone trees or script >>> readers. >>> See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) >>> 246-6874. >>> >>> On Sat, 30 Sep 2023, khmadhu wrote: >>> >>> > Date: Sat, 30 Sep 2023 13:49:04 +0530 >>> > From: khmadhu <[email protected]> >>> > Reply-To: [email protected] >>> > To: [email protected] >>> > Subject: Re: Captcha protection to stop brute force attacks >>> > >>> > Hi Ivan, >>> > I tried below in fail2ban default config jail.conf file, but after 5 >>> > attempts it's still not blocking!, anything missing?. >>> > >>> > [guacamole] >>> > enabled = true >>> > bantime = 86400 >>> > maxretry = 5 >>> > port = http,https,8080 >>> > logpath = /var/log/tomcat9/catalina.out >>> > >>> > >>> >> From below command I checked the fail2ban guacamole client status >>> > fail2ban-client status guacamole >>> > output: >>> > >>> > Status for the jail: guacamole >>> > |- Filter >>> > | |- Currently failed: 0 >>> > | |- Total failed: 0 >>> > | `- File list: /var/log/tomcat9/catalina.out >>> > `- Actions >>> > |- Currently banned: 0 >>> > |- Total banned: 0 >>> > `- Banned IP list: >>> > >>> > >>> > >>> > >>> > >>> > On Sat, Sep 30, 2023 at 1:24 PM khmadhu <[email protected]> wrote: >>> > >>> >> Hi Ivan, >>> >> >>> >> Thanks for the link, looks like fail2ban is the way to go for now. >>> >> >>> >> >>> >> On Sat, Sep 30, 2023 at 12:18 PM Ivanmarcus >>> <[email protected]> <[email protected]> >>> >> wrote: >>> >> >>> >>> As far as I'm aware there isn't any work being done on this >>> presently, >>> >>> however it was discussed back in 2020. The following link may be of >>> some >>> >>> interest: >>> >>> >>> >>> https://lists.apache.org/thread/5pkbqsyks4g1vdh7vnxv20lzr11jzvnm >>> >>> >>> >>> >>> >>> --------------------------------------------------------------------- >>> >>> To unsubscribe, e-mail: [email protected] >>> >>> For additional commands, e-mail: [email protected] >>> >>> >>> >>> >>> >> >>> >> -- >>> >> Thanks & Regards >>> >> Madhusudan >>> >> 9844117475 >>> >> Bengaluru-12. >>> >> >>> > >>> > >>> > -- >>> > Thanks & Regards >>> > Madhusudan >>> > 9844117475 >>> > Bengaluru-12. >>> > >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >> >> >> >> -- >> Thanks & Regards >> Madhusudan >> 9844117475 >> Bengaluru-12. >> >> >> >> > > -- > Thanks & Regards > Madhusudan > 9844117475 > Bengaluru-12. >
