HowTo Configure Fail2ban For Redmine¶

Install¶

install fail2ban with apt-get if not installed ( or use yum, pacman or another package manager)

 apt-get install fail2ban

Configure¶

create a new file in /etc/fail2ban/filter.d/redmine.conf
explanation: here we create our new filter to match failed login attempts

# redmine configuration file
#
# Author: David Siewert
#
# $Revision$
#
[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

failregex = Failed [-/\w]+ for .* from <HOST>

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

# Source:
#http://www.fail2ban.org/wiki/index.php/MANUAL_0_8

add following lines somewhere in your /etc/fail2ban/jail.conf
explanation: here we enable our newly created filter and add some configuration options

[redmine]
enabled  = true
filter   = redmine
port     = 80,443
#backend  = polling
action   = iptables-allports[name=redmine]
logpath  = /var/log/redmine/default/production.log
maxretry = 5
findtime = 7320
bantime  = 7320

note 1:
if you our web server uses local time, then you need to increase findtime and bantime accordingly to the drift in comparison to UTC time
in my example configuration i used 2 h + 2 minutes = 3600 * 2 +120 = 7320,
because my local server time was always 2 hours earlier and i added 2 minutes just in case

note 2:
if you do not use redmine in production mode, then you need to change the logpath as well

note 3:
if this configuration does not work, you can try uncommenting "backend = polling"

Test¶

if you make any changes, you can check the syntax with:

fail2ban-regex /var/log/redmine/default/production.log /etc/fail2ban/filter.d/redmine.conf 

finally start/restart fail2ban

/etc/init.d/fail2ban restart

and test if you can get yourself banned :)
note: your failed login attempts need to match the maxretry value in /etc/fail2ban/jail.conf