HowTo Configure Fail2ban For Redmine » History » Version 5
Jan Catrysse, 2021-09-28 11:37
I needed to add a datepattern to have it work correctly (using FreeBSD)
| 1 | 1 | David Siewert | h1. HowTo Configure Fail2ban For Redmine |
|---|---|---|---|
| 2 | |||
| 3 | |||
| 4 | h2. Install |
||
| 5 | |||
| 6 | install fail2ban with apt-get if not installed ( or use yum, pacman or another package manager) |
||
| 7 | |||
| 8 | <pre> |
||
| 9 | apt-get install fail2ban |
||
| 10 | </pre> |
||
| 11 | |||
| 12 | |||
| 13 | h2. Configure |
||
| 14 | |||
| 15 | create a new file in /etc/fail2ban/filter.d/redmine.conf |
||
| 16 | explanation: here we create our new filter to match failed login attempts |
||
| 17 | |||
| 18 | <pre> |
||
| 19 | # redmine configuration file |
||
| 20 | # |
||
| 21 | # Author: David Siewert |
||
| 22 | # |
||
| 23 | # $Revision$ |
||
| 24 | # |
||
| 25 | 4 | Jan Catrysse | [INCLUDES] |
| 26 | |||
| 27 | # Read common prefixes. If any customizations available -- read them from |
||
| 28 | # common.local |
||
| 29 | before = common.conf |
||
| 30 | 1 | David Siewert | |
| 31 | [Definition] |
||
| 32 | 5 | Jan Catrysse | |
| 33 | datepattern = %%Y-%%m-%%d %%H:%%M:%%S %%Z$ |
||
| 34 | 1 | David Siewert | failregex = Failed [-/\w]+ for .* from <HOST> |
| 35 | |||
| 36 | # Option: ignoreregex |
||
| 37 | # Notes.: regex to ignore. If this regex matches, the line is ignored. |
||
| 38 | # Values: TEXT |
||
| 39 | # |
||
| 40 | ignoreregex = |
||
| 41 | |||
| 42 | # Source: |
||
| 43 | #http://www.fail2ban.org/wiki/index.php/MANUAL_0_8 |
||
| 44 | </pre> |
||
| 45 | |||
| 46 | |||
| 47 | |||
| 48 | |||
| 49 | add following lines somewhere in your /etc/fail2ban/jail.conf |
||
| 50 | 3 | David Siewert | explanation: here we enable our newly created filter and add some configuration options |
| 51 | 1 | David Siewert | <pre> |
| 52 | [redmine] |
||
| 53 | enabled = true |
||
| 54 | filter = redmine |
||
| 55 | port = 80,443 |
||
| 56 | #backend = polling |
||
| 57 | action = iptables-allports[name=redmine] |
||
| 58 | logpath = /var/log/redmine/default/production.log |
||
| 59 | maxretry = 5 |
||
| 60 | findtime = 7320 |
||
| 61 | bantime = 7320 |
||
| 62 | </pre> |
||
| 63 | |||
| 64 | note 1: |
||
| 65 | if you our web server uses local time, then you need to increase findtime and bantime accordingly to the drift in comparison to UTC time |
||
| 66 | in my example configuration i used 2 h + 2 minutes = 3600 * 2 +120 = 7320, |
||
| 67 | 2 | David Siewert | because my local server time was always 2 hours earlier and i added 2 minutes just in case |
| 68 | 1 | David Siewert | |
| 69 | |||
| 70 | note 2: |
||
| 71 | if you do not use redmine in production mode, then you need to change the logpath as well |
||
| 72 | |||
| 73 | note 3: |
||
| 74 | if this configuration does not work, you can try uncommenting "backend = polling" |
||
| 75 | |||
| 76 | h2. Test |
||
| 77 | |||
| 78 | |||
| 79 | if you make any changes, you can check the syntax with: |
||
| 80 | |||
| 81 | <pre> |
||
| 82 | fail2ban-regex /var/log/redmine/default/production.log /etc/fail2ban/filter.d/redmine.conf |
||
| 83 | </pre> |
||
| 84 | |||
| 85 | |||
| 86 | finally start/restart fail2ban |
||
| 87 | |||
| 88 | <pre> |
||
| 89 | /etc/init.d/fail2ban restart |
||
| 90 | </pre> |
||
| 91 | |||
| 92 | and test if you can get yourself banned :) |
||
| 93 | note: your failed login attempts need to match the maxretry value in /etc/fail2ban/jail.conf |