[rt-users] fail2ban With RT
Matt Brennan
brennanma at gmail.com
Thu Feb 12 16:59:08 EST 2015
Good Day,
I am soon going to be exposing my RT instance on a public IP. It
currently requires VPN access, but users have asked for this to be changed.
As a result, I am trying to implement fail2ban, but am running into some
issues. I'm wondering if anyone else has successfully done this.
Running fail2ban-regexp against the Apache error log and the fail2ban
filter file show that there are matches, however running fail2ban in debug
mode does not show that it's matching at run time.
The relevant configs are below. Any help appreciated.
Thanks,
Matt
jail.conf:
[rt-iptables]
enabled = true
filter = rtauth
action = iptables-allports[name=RT, protocol=all]
logpath = /var/log/apache2/error.log
maxretry = 4
findtime = 21600
bantime = 86400
filter.d/rtauth.conf:
[INCLUDES]
before = apache-common.conf
[Definition]
failregex = \[.*\] \[[^]]+\] \[error\]: FAILED LOGIN for .* from <HOST>
\(.*\)$
ignoreregex =
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150212/6f1384b1/attachment.htm>
More information about the rt-users
mailing list