gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-11-27 18:10:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5c009910b1
seeddms-code/doc/README.Fail2ban.md
Uwe Steinmann d4a7dc888b add file extension .md
2025-10-23 16:04:56 +02:00

954 B
Raw Blame History

Adding authentication failure check for fail2ban

Fail2ban is a very mature and sophisticated program to detect attacks on a service by checking its log file. If such an attack was detected an action will be executed, which will mostly ban the IP of the attacker for a configurable amount of time.

You will have to use at least SeedDMS 5.1.10 for this to work.

Add a filter /etc/fail2ban/filter.d/seeddms.conf with the content

[Definition]

failregex = \[error\] -- \(<HOST>\) op.Login login failed

This will tell fail2ban which lines in the log file are considered to be an incident. Here it is a failed login.

Than configure a new jail in /etc/fail2ban/jail.d/seeddms.conf

[seeddms]
enabled = yes
port = http,https
filter  = seeddms
logpath = /home/www-data/seeddms-demo/data/log/*.log

It tells fail2ban which log files shall be analysed, and which filter has to be applied.