SolvedMailu Access logfile for Fail2ban

Can we mount a volume for logs to use Fail2Ban ?

14 Answers

✔️Accepted Answer

For my environment, I put the log to syslog, so in env:

For the jail, I've set blackhole route, but it's possible with iptable with:
banaction = %(banaction_allports)s
in replace on
action = route[name=auth-ban]

Jail with maxretry to be adapted according to needs:

# 3 ban in 1 hour > Ban for 1 hour
enabled = true
filter = bad-auth
logpath = /var/log/syslog
maxretry = 3
findtime = 3600
action = route[name=auth-ban]
bantime = 3600

Action fail2ban: "action.d/route.conf"
blocktype = blackhole

Filter fail2ban: "filter.d/bad-auth.conf"

# Fail2Ban configuration file

# Option: failregex
# Filter "client login failed" in the Syslog

failregex = .* client login failed: .+ client:\ <HOST>

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
ignoreregex =

It may also be useful to adjust the bantime of the recidive jail to fine-tune the configuration.

