Merge pull request #697 from jhmartin/monit_admin_hack

Block brute-force attempts against the Monit gui
11 years ago · 77ba065571
parent 3471f13a84 9c3cb31862
commit 77ba065571
5 changed files with 23 additions and 0 deletions
--- a/1
+++ b/1
@ -26,6 +26,7 @@ ver. 0.9.1 (2014/xx/xx) - better, faster, stronger
     http://bugs.python.org/issue21207

 - New features:
+   - Added monit filter thanks Jason H Martin.


 - Enhancements
--- a/1
+++ b/1
@ -48,6 +48,7 @@ Ivo Truxa
 John Thoe
 Jacques Lav!gnotte
 Ioan Indreias
+Jason H Martin
 Jonathan Kamens
 Jonathan Lanning
 Jonathan Underwood
--- a/config/filter.d/monit.conf
+++ b/config/filter.d/monit.conf
@ -0,0 +1,9 @@
+# Fail2Ban filter for monit.conf, looks for failed access attempts
+#
+#
+
+[Definition]
+
+failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied unknown user '\w+' accessing monit httpd$
+            ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied wrong password for user '\w+' accessing monit httpd$
+
--- a/config/jail.conf
+++ b/config/jail.conf
@ -366,6 +366,12 @@ maxretry = 5
 port     = http,https
 logpath  = /var/log/tomcat*/catalina.out

+[monit]
+#Ban clients brute-forcing the monit gui login
+filter   = monit
+port = 2812
+logpath  = /var/log/monit
+

 [webmin-auth]

--- a/fail2ban/tests/files/logs/monit
+++ b/fail2ban/tests/files/logs/monit
@ -0,0 +1,6 @@
+# failJSON: { "time": "2005-04-16T21:05:29", "match": true , "host": "69.93.127.111" }
+[PDT Apr 16 21:05:29] error    : Warning: Client '69.93.127.111' supplied unknown user 'foo' accessing monit httpd
+
+# failJSON: { "time": "2005-04-16T20:59:33", "match": true , "host": "97.113.189.111" }
+[PDT Apr 16 20:59:33] error    : Warning: Client '97.113.189.111' supplied wrong password for user 'admin' accessing monit httpd
+