[rt-users] fail2ban With RT

Matt Brennan brennanma at gmail.com
Thu Feb 12 16:59:08 EST 2015


Good Day,

  I am soon going to be exposing my RT instance on a public IP. It
currently requires VPN access, but users have asked for this to be changed.
As a result, I am trying to implement fail2ban, but am running into some
issues. I'm wondering if anyone else has successfully done this.

  Running fail2ban-regexp against the Apache error log and the fail2ban
filter file show that there are matches, however running fail2ban in debug
mode does not show that it's matching at run time.

  The relevant configs are below. Any help appreciated.

Thanks,
Matt

jail.conf:
[rt-iptables]
enabled  = true
filter   = rtauth
action   = iptables-allports[name=RT, protocol=all]
logpath  = /var/log/apache2/error.log
maxretry = 4
findtime = 21600
bantime  = 86400

filter.d/rtauth.conf:
[INCLUDES]
before = apache-common.conf

[Definition]
failregex = \[.*\] \[[^]]+\] \[error\]: FAILED LOGIN for .* from <HOST>
\(.*\)$
ignoreregex =
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150212/6f1384b1/attachment.html>


More information about the rt-users mailing list