ENH+DOC: Add Guacamole filter, example log and jail

config/filter.d/guacamole.conf

@@ -0,0 +1,18 @@
+# Fail2Ban configuration file for guacamole
+#
+# Author: Steven Hiscocks
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT
+#
+failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 

config/jail.conf

@@ -357,6 +357,16 @@ action   = iptables[name=mysql, port=3306, protocol=tcp]
 logpath  = /var/log/mysqld.log
 maxretry = 5
 
+[guacamole-iptables]
+
+enabled  = false
+filter   = guacamole
+action   = iptables-multiport[name=Guacmole, port="http,https"]
+           sendmail-whois[name=Guacamole, dest=root, sender=fail2ban@example.com]
+logpath  = /var/log/tomcat*/catalina.out
+maxretry = 5
+maxlines = 2
+
 
 # Jail for more extended banning of persistent abusers
 # !!! WARNING !!!

fail2ban/tests/files/logs/guacamole

@@ -0,0 +1,6 @@
+apr 15, 2013 8:34:08 PM org.slf4j.impl.JCLLoggerAdapter warn
+WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
+apr 16, 2013 8:32:13 AM org.slf4j.impl.JCLLoggerAdapter warn
+WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
+apr 16, 2013 8:32:28 AM org.slf4j.impl.JCLLoggerAdapter warn
+WARNING: Authentication attempt from 192.0.2.0 for user "pippo" failed.