Merge pull request #296 from jeslinmx/docsupdate

updated fail2ban setup to match changes in logformat for 1.5.0
This commit is contained in:
Daniel García 2018-12-16 20:06:46 +01:00 committed by GitHub
commit 37a6da3443
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -441,7 +441,7 @@ If you are using docker-compose, add this to you yaml file:
``` ```
With the above settings in the docker-compose file. Any failed login attempts will look like this in your syslog file: With the above settings in the docker-compose file. Any failed login attempts will look like this in your syslog file:
``` ```
$DATE $TIME $SERVER $TAG[979]: ERROR: Username or password is incorrect. Try again. IP: XX.XX.XX.XX. Username: email@domain.com. MMM DD hh:mm:ss server-hostname $TAG[773]: [YYYY-MM-DD][hh:mm:ss][bitwarden_rs::api::identity][ERROR] Username or password is incorrect. Try again. IP: XXX.XXX.XXX.XXX. Username: email@domain.com.
``` ```
You can change the '$TAG' to anything you like. Just remember it because it will be in the Fail2Ban filter. You can change the '$TAG' to anything you like. Just remember it because it will be in the Fail2Ban filter.
@ -457,7 +457,8 @@ And add the following
before = common.conf before = common.conf
[Definition] [Definition]
failregex = ^%(__prefix_line)s.*$TAG.* ERROR: Username or password is incorrect. Try again. IP: <HOST>\. Username:.*$ _daemon = $TAG
failregex = ^%(__prefix_line)s.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$
ignoreregex = ignoreregex =
``` ```
Dont forget to change the '$TAG' to what you set it as from above. Dont forget to change the '$TAG' to what you set it as from above.