Project

General

Profile

HowTo Configure Fail2ban For Redmine » History » Revision 3

Revision 2 (David Siewert, 2013-07-18 05:23) → Revision 3/5 (David Siewert, 2013-07-18 11:21)

h1. HowTo Configure Fail2ban For Redmine 


 h2. Install 

 install fail2ban with apt-get if not installed ( or use yum, pacman or another package manager) 

 <pre> 
  apt-get install fail2ban 
 </pre> 


 h2. Configure 

 create a new file in /etc/fail2ban/filter.d/redmine.conf 
 explanation: here we create our new filter to match failed login attempts 

 <pre> 
 # redmine configuration file 
 # 
 # Author: David Siewert 
 # 
 # $Revision$ 
 # 
 
 [Definition] 
 
 failregex = Failed [-/\w]+ for .* from <HOST> 
 
 # Option:    ignoreregex 
 # Notes.:    regex to ignore. If this regex matches, the line is ignored. 
 # Values:    TEXT 
 # 
 ignoreregex = 

 # Source: 
 #http://www.fail2ban.org/wiki/index.php/MANUAL_0_8 
 </pre> 




 add following lines somewhere in your /etc/fail2ban/jail.conf 
 explanation: here we enable our newly created createt filter and add some configuration options 
 <pre> 
 [redmine] 
 enabled    = true 
 filter     = redmine 
 port       = 80,443 
 #backend    = polling 
 action     = iptables-allports[name=redmine] 
 logpath    = /var/log/redmine/default/production.log 
 maxretry = 5 
 findtime = 7320 
 bantime    = 7320 
 </pre> 

 note 1: 
 if you our web server uses local time, then you need to increase findtime and bantime accordingly to the drift in comparison to UTC time 
 in my example configuration i used 2 h + 2 minutes = 3600 * 2 +120    = 7320, 
 because my local server time was always 2 hours earlier and i added 2 minutes just in case 


 note 2: 
 if you do not use redmine in production mode, then you need to change the logpath as well 

 note 3: 
 if this configuration does not work, you can try uncommenting "backend    = polling" 

 h2. Test 


 if you make any changes, you can check the syntax with: 

 <pre> 
 fail2ban-regex /var/log/redmine/default/production.log /etc/fail2ban/filter.d/redmine.conf  
 </pre> 


 finally start/restart fail2ban 

 <pre> 
 /etc/init.d/fail2ban restart 
 </pre> 

 and test if you can get yourself banned :) 
 note: your failed login attempts need to match the maxretry value in /etc/fail2ban/jail.conf