Hi Zhukov, Thanks for the regex, this works as expected. :-)
On Sat, Sep 30, 2023 at 7:14 PM Евгений Н. Жуков <[email protected]> wrote: > This works for me > [L_catalina] > failregex = ^.*WARN o\.a\.g\.r\.auth\.AuthenticationService - > Authentication attempt from <HOST> for user "[^"]*" failed\.$ > > datepattern = ^%%H:%%M:%%S.%%f > > сб, 30 сент. 2023 г. в 13:11, khmadhu <[email protected]>: > >> >> Tried modifying filter's in /etc/fail2ban/filter.d/guacamole.conf but no >> luck. >> >> #default regex >> #failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user >> "[^"]*" failed\.$ >> >> tried below. >> failregex = \bAuthentication attempt from \[<HOST>(?:,.*)?\] for user >> ".*" failed\. >> #failregex = +\b[Aa]uthentication attempt from \[<HOST>(?:,[^\]]*)?\] >> (?:for user (?:"[^"]*" )?)?failed\.\s*$ >> >> >> >> On Sat, Sep 30, 2023 at 2:39 PM David Barber <[email protected]> >> wrote: >> >>> I came across the same issue a few years ago, fwir the default regex for >>> guacamole in fail2ban was at fault and amending that i got it to work but i >>> don't rem any details other than that sorry. >>> >>> -- >>> Regards >>> David Barber >>> >>> >>> >>> khmadhu wrote: >>> >>> Hi, >>> In catalina.out file the failed attempts its logging. >>> >>> [2023-09-30 08:22:20] [info] 08:22:20.043 [http-nio-8080-exec-12] INFO >>> o.a.g.a.l.AuthenticationProviderService - User "gkhjk" did not >>> successfully authenticate against any LDAP server. >>> [2023-09-30 08:22:20] [info] 08:22:20.043 [http-nio-8080-exec-12] WARN >>> o.a.g.r.auth.AuthenticationService - Authentication attempt from *IP* >>> for user "gkhjk" failed. >>> >>> In the fail2ban log file its not. >>> >>> 023-09-30 08:18:16,015 fail2ban.filter [212019]: INFO Added >>> logfile: '/var/log/tomcat9/catalina.out' (pos = 78668031, hash = 87a1ded384) >>> 2023-09-30 08:18:16,016 fail2ban.jail [212019]: INFO Jail >>> 'sshd' started >>> 2023-09-30 08:18:16,017 fail2ban.jail [212019]: INFO Jail >>> 'guacamole' started >>> >>> >>> >>> >>> On Sat, Sep 30, 2023 at 1:51 PM Robert Dinse <[email protected]> >>> <[email protected]> wrote: >>> >>>> >>>> Did you look in the logs to see if its picking up the attempts? >>>> >>>> >>>> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- >>>> Eskimo North Linux Friendly Internet Access, Shell Accounts, and >>>> Hosting. >>>> Knowledgeable human assistance, not telephone trees or script >>>> readers. >>>> See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) >>>> 246-6874. >>>> >>>> On Sat, 30 Sep 2023, khmadhu wrote: >>>> >>>> > Date: Sat, 30 Sep 2023 13:49:04 +0530 >>>> > From: khmadhu <[email protected]> >>>> > Reply-To: [email protected] >>>> > To: [email protected] >>>> > Subject: Re: Captcha protection to stop brute force attacks >>>> > >>>> > Hi Ivan, >>>> > I tried below in fail2ban default config jail.conf file, but after 5 >>>> > attempts it's still not blocking!, anything missing?. >>>> > >>>> > [guacamole] >>>> > enabled = true >>>> > bantime = 86400 >>>> > maxretry = 5 >>>> > port = http,https,8080 >>>> > logpath = /var/log/tomcat9/catalina.out >>>> > >>>> > >>>> >> From below command I checked the fail2ban guacamole client status >>>> > fail2ban-client status guacamole >>>> > output: >>>> > >>>> > Status for the jail: guacamole >>>> > |- Filter >>>> > | |- Currently failed: 0 >>>> > | |- Total failed: 0 >>>> > | `- File list: /var/log/tomcat9/catalina.out >>>> > `- Actions >>>> > |- Currently banned: 0 >>>> > |- Total banned: 0 >>>> > `- Banned IP list: >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > On Sat, Sep 30, 2023 at 1:24 PM khmadhu <[email protected]> wrote: >>>> > >>>> >> Hi Ivan, >>>> >> >>>> >> Thanks for the link, looks like fail2ban is the way to go for now. >>>> >> >>>> >> >>>> >> On Sat, Sep 30, 2023 at 12:18 PM Ivanmarcus >>>> <[email protected]> <[email protected]> >>>> >> wrote: >>>> >> >>>> >>> As far as I'm aware there isn't any work being done on this >>>> presently, >>>> >>> however it was discussed back in 2020. The following link may be of >>>> some >>>> >>> interest: >>>> >>> >>>> >>> https://lists.apache.org/thread/5pkbqsyks4g1vdh7vnxv20lzr11jzvnm >>>> >>> >>>> >>> >>>> >>> >>>> --------------------------------------------------------------------- >>>> >>> To unsubscribe, e-mail: [email protected] >>>> >>> For additional commands, e-mail: [email protected] >>>> >>> >>>> >>> >>>> >> >>>> >> -- >>>> >> Thanks & Regards >>>> >> Madhusudan >>>> >> 9844117475 >>>> >> Bengaluru-12. >>>> >> >>>> > >>>> > >>>> > -- >>>> > Thanks & Regards >>>> > Madhusudan >>>> > 9844117475 >>>> > Bengaluru-12. >>>> > >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>> >>> >>> >>> -- >>> Thanks & Regards >>> Madhusudan >>> 9844117475 >>> Bengaluru-12. >>> >>> >>> >>> >> >> -- >> Thanks & Regards >> Madhusudan >> 9844117475 >> Bengaluru-12. >> > > > --
