production.log| fail2ban | wrong format

Added by jerome l about 4 years ago

hello,

I am trying to configure fail2ban for my redmine 2.3 running on debian sqeeze.
i have followed the wiki here:[[http://www.redmine.org/projects/redmine/wiki/HowTo_Configure_Fail2ban_For_Redmine]]

According to this manual : [[http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Debian]]

The problem that there is a known bug in fail2ban on Debian (no luck for me), when i run the command:

fail2ban-regex "Failed login for 'admin' from 192.168.1.12 at 2013-08-19 17:39:25 UTC" "failregex"

I have the output "Sorry, no match" > it confirms that fail2ban doesn't recognize the format of the production.log's .

- Is it possible to take this issue in the development process for future redmine release as I believe that fail2ban is one of the most used security software and if production.log meets its format,that will increase security of redmine and ease the life of users :).
The bug has been corrected by fail2ban developper, but it's a workaround (fail2ban ignore the date format, so feature is not complete).
I am sure a solution coming from redmine side would be great !
Hope to read your answers soon.

Best regards

Replies (3)

RE: production.log| fail2ban | wrong format - Added by jerome l about 4 years ago

no answer ? maybe you don't uderstand my english ?

any advice on that issue ?

RE: production.log| fail2ban | wrong format - Added by Martin Denizet (redmine.org team member) about 4 years ago

Hello Jerome,

jerome l wrote:

fail2ban-regex "Failed login for 'admin' from 192.168.1.12 at 2013-08-19 17:39:25 UTC" "failregex"

This is not a proper regex, you would need to escape all the special characters to search that literal string.

And after doing so, does this line even exist in your log? Make sure by running:

cat /path/to/redmine/log/production.log | grep "Failed login for 'admin' from 192.168.1.12 at 2013-08-19 17:39:25 UTC" 

I'd recommend to stick to a more normal regex.

Cheers!

RE: production.log| fail2ban | wrong format - Added by Mischa The Evil about 4 years ago

Martin Denizet wrote:

[...]
I'd recommend to stick to a more normal regex.

That is also what the referenced wiki page (HowTo_Configure_Fail2ban_For_Redmine) uses:

...
failregex = Failed [-/\w]+ for .* from <HOST>
...

Jerome, please read the wiki page carefully.

Kind regards,

Mischa.

(1-3/3)