SolvedMailu Access logfile for Fail2ban

Can we mount a volume for logs to use Fail2Ban ?

14 Answers

✔️Accepted Answer

For my environment, I put the log to syslog, so in env:

For the jail, I've set blackhole route, but it's possible with iptable with:
banaction = %(banaction_allports)s
in replace on
action = route[name=auth-ban]

Jail with maxretry to be adapted according to needs:

# 3 ban in 1 hour > Ban for 1 hour
enabled = true
filter = bad-auth
logpath = /var/log/syslog
maxretry = 3
findtime = 3600
action = route[name=auth-ban]
bantime = 3600

Action fail2ban: "action.d/route.conf"
blocktype = blackhole

Filter fail2ban: "filter.d/bad-auth.conf"

# Fail2Ban configuration file

# Option: failregex
# Filter "client login failed" in the Syslog

failregex = .* client login failed: .+ client:\ <HOST>

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
ignoreregex =

It may also be useful to adjust the bantime of the recidive jail to fine-tune the configuration.

Related Issues:

Mailu Allow specific users to send email from any address
Hi There The Mailu-Project is currently in a bit of a bind! We are short on man-power ...
Mailu ClamAV using all my disk space
Hi There The Mailu-Project is currently in a bit of a bind! We are short on man-power ...
Mailu Access logfile for Fail2ban
For my environment I put the log to syslog so in env: LOG_DRIVER=journald For the jail I've set blac...
Mailu Nginx Reverse Proxy error
here my structure and the front docker-compose # Core services front: image: ${DOCKER_ORG:-mailu}/${...
MailKit NTLM authentication not working in some cases
It's not in the list of SASL mechanisms that are tried by default but starting with 2.0 you can use ...
MimeKit TypeLoadException in version 2.0.3
Off topic but you once asked me which was more secure: OpenPGP vs S/MIME Well based on the Efail exp...
laradock Mysql. The server requested authentication method unknown to the client [caching_sha2_password]
alter user 'username'@'localhost' identified with mysql_native_password by 'password'; would fix it....
nvidia docker OpenCV Docker error "ImportError: cannot open shared object file: No such file or directory"
I fixed this problem on with (using solution above): ...
compose Docker-compose up failing because "port is already allocated"
I ran into the same issue today (with a postgres container) and despite having tried docker-compose ...
moby The name "/data-container-name" is already used by container <hash>. You have to remove (or rename) that container to be able to reuse that name.
I have a helper function to nuke everything so that our Continuous blah cycle can be tested erm.. co...
compose Compose error "HTTP request took too long to complete"
By simply restarting the docker service via sudo service docker restart I was able to get the aforem...
compose error on launching docker-compose by piping to sh ( echo 'docker-compose ... ' | sh )
I could get it to work by adding the -T parameter to not create a Pseudo-TTY docker-compose exec -T ...
compose docker-compose up fails if network attached to container is removed
Thanks for the report! I think there are several things to note here: First and foremost ...
nvidia docker docker: Error response from daemon: Unknown runtime specified nvidia.
I've also installed correctly but forgot to restart daemon in ubuntu it may resolve your error. ...
compose Error when trying to run docker-compose up. "oci runtime error: container_linux.go:247..."
you gotta make the an executable before building the image: otherwise it cant b...
laradock SQLSTATE[HY000] [2054] The server requested authentication method unknown to the client
+1 I'm having the same problem here. Info: Docker version ($ docker --version): Docker version 17.12...
compose docker-compose up doesn't pull down latest image if the image exists locally
Imagine that git didn't have pull because git fetch && git merge origin/master is functionally ident...
nvidia docker could not select device driver "" with capabilities: [[gpu]].
Hello! If you didn't already make sure you've installed the nvidia-container-toolkit If this doesn't...
moby docker-engine 1.10.2-0~trusty can't install on clean Ubuntu 64-bit 14.04.3
I seem to have resolved this by putting deb trusty main in /etc/...
moby Docker service update --image "could not accessed on a registry to record its digest"
When updating services that need credentials to pull the image you need to pass --with-registry-auth...
laradock MySQL Container fails to start
I had the same issue last night I think it's the mysql version problem What I did was edited laradoc...
compose Docker Compose mounts named volumes as 'root' exclusively
Actually I come here with news it seems what I am trying to achieve is doable but I don't know if th...
compose INTERNAL ERROR: cannot create temporary directory!
Confirming this happened to me Today Was running low on space: After removing a container.. it works...
cookiecutter django No support for python3? I am getting: invalid syntax: raise ValueError, "No frame marked with %s." % fname
For me the issue was that I installed the environ package instead of the django-environ package. ...
compose docker-compose up -d doesn't expose ports when defined with build directive
oh you didn't specify but I'm assuming you're using run instead of up? If so you need --service-port...
compose How does compose chooses subnet for default network?
I'm also running into this issue Another way around this is to set the default-address-pools in your...
ddev In WSL2 ddev start fails at docker-credential-desktop.exe, "error listing credentials"
I had to set credsStore: in my ~/.docker/config.json .. it was previously set to credentials.exe ...
docker touch: cannot touch ‘/var/jenkins_home/copy_reference_file.log’: Permission denied
as mentioned there you need to figure out your volume mapping permissions ie. I have the same issue ...
kubernetes ingress 413 Request Entity Too Large
FYI the annotation has changed and is now: Also I had to restart the nginx pod for the effect to tak...
moby docker daemon unable to access registry - Client.Timeout exceeded while awaiting headers
I found out that the problem might be in /etc/resolv.conf I had: but moving the non-working (yet) 10...
cli How to skip one stage from multi-stage docker build
Docker 18.06 has been released Description We have Multistage docker build that creates rpm in each ...
compose ERROR: for db Cannot start service db: driver failed programming external connectivity on endpoint ltg_db_1
The following worked for me when i do the following : ± docker-compose up Starting ltg_db_1 ERROR: f...
compose Release docker/compose image for armv7 / arm64v8
Last time I checked compose wants python 3 while raspbian's global python is still 2 apt-get install...
compose I am having this "Encountered errors while bringing up the project." error
Does running docker-compose down solve the issue? when $ docker-compose up it returns Docker Version...
moby docker.service Failed with result 'start-limit-hit'.
I had the same error message once because of an empty /etc/docker/daemon.json file Delete it if you ...
rancher Namespace created by rancher can't delete
This is a known issue with removing an imported cluster (and in the process of being fixed) but you ...
nvidia docker docker: Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error
sudo apt install nvidia-container-runtime worked for me. The template below is mostly useful for bug...
compose "Can't find a suitable configuration file" on Ubuntu 18.04.1
I ran into the same problem with a fresh Ubuntu 18.04 install where I selected Docker from install o...
compose How to make a Systemd Unit for docker-compose?
Place following content to the /etc/systemd/system/docker-compose@.service Place you docker-compose....
moby containerd: start container" error="oci runtime error: fork/exec /usr/bin/docker (deleted): no such file or directory: "
Not sure if this is the same cause but this might help someone Steps to reproduce the issue: Install...
laradock ERROR: 404 page not found
I had this problem because the root path in docker-compose.yml differs from the one in nginx default...
moby Error response from daemon: Get
may be you are behind a firewall/proxy server i was also behind my office firewall so i tried below ...
generator jhipster Uncaught Error: Module build failed: Error: ENOENT: no such file or directory, scandir '**\node_modules\node-sass\vendor'
@lancurtis run npm rebuild node-sass Hi There was an error occured in my chrome on windows 10 x64 wh...
laradock When Using docker-compose up mysql MySQL Doesn't Start
I solved this problem This is because of data folder I was running it using mysql 5.7 then abort it ...
compose docker-compose often takes a long time to do anything
For me the solution was to install haveged and it solved the issue out of the box: ...
vscode remote release VS Code Server for WSL closed unexpectedly: Input/output error
I just got this issue too I installed the Windows May 2020 Update yesterday and then installed Ubunt...
laradock Guzzle/Curl connections between multiple projects
That's literary the only change you need to do not going to post the whole of docker-compose file in...
compose The input device is not a TTY
@mhverbakel solution with -T flag (docker-compose exec -T) is a part of the first comment itself but...