diff --git a/ChangeLog b/ChangeLog index 6d218e9d..acec70fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,7 @@ ver. 0.9.1 (2014/xx/xx) - better, faster, stronger http://bugs.python.org/issue21207 - New features: + - Added monit filter thanks Jason H Martin. - Enhancements diff --git a/THANKS b/THANKS index 2c084dee..27165492 100644 --- a/THANKS +++ b/THANKS @@ -48,6 +48,7 @@ Ivo Truxa John Thoe Jacques Lav!gnotte Ioan Indreias +Jason H Martin Jonathan Kamens Jonathan Lanning Jonathan Underwood diff --git a/config/filter.d/monit.conf b/config/filter.d/monit.conf new file mode 100644 index 00000000..1fcd980b --- /dev/null +++ b/config/filter.d/monit.conf @@ -0,0 +1,9 @@ +# Fail2Ban filter for monit.conf, looks for failed access attempts +# +# + +[Definition] + +failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '' supplied unknown user '\w+' accessing monit httpd$ + ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '' supplied wrong password for user '\w+' accessing monit httpd$ + diff --git a/config/jail.conf b/config/jail.conf index 96b3096f..7f7a7cbe 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -366,6 +366,12 @@ maxretry = 5 port = http,https logpath = /var/log/tomcat*/catalina.out +[monit] +#Ban clients brute-forcing the monit gui login +filter = monit +port = 2812 +logpath = /var/log/monit + [webmin-auth] diff --git a/fail2ban/tests/files/logs/monit b/fail2ban/tests/files/logs/monit new file mode 100644 index 00000000..a923b6e2 --- /dev/null +++ b/fail2ban/tests/files/logs/monit @@ -0,0 +1,6 @@ +# failJSON: { "time": "2005-04-16T21:05:29", "match": true , "host": "69.93.127.111" } +[PDT Apr 16 21:05:29] error : Warning: Client '69.93.127.111' supplied unknown user 'foo' accessing monit httpd + +# failJSON: { "time": "2005-04-16T20:59:33", "match": true , "host": "97.113.189.111" } +[PDT Apr 16 20:59:33] error : Warning: Client '97.113.189.111' supplied wrong password for user 'admin' accessing monit httpd +