Merge pull request #697 from jhmartin/monit_admin_hack

Block brute-force attempts against the Monit gui

ChangeLog

@@ -26,6 +26,7 @@ ver. 0.9.1 (2014/xx/xx) - better, faster, stronger
      http://bugs.python.org/issue21207
 
 - New features:
+   - Added monit filter thanks Jason H Martin.
 
 
 - Enhancements

THANKS

@@ -48,6 +48,7 @@ Ivo Truxa
 John Thoe
 Jacques Lav!gnotte
 Ioan Indreias
+Jason H Martin
 Jonathan Kamens
 Jonathan Lanning
 Jonathan Underwood

config/filter.d/monit.conf

@@ -0,0 +1,9 @@
+# Fail2Ban filter for monit.conf, looks for failed access attempts
+#
+#
+
+[Definition]
+
+failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied unknown user '\w+' accessing monit httpd$
+            ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied wrong password for user '\w+' accessing monit httpd$
+

config/jail.conf

@@ -366,6 +366,12 @@ maxretry = 5
 port     = http,https
 logpath  = /var/log/tomcat*/catalina.out
 
+[monit]
+#Ban clients brute-forcing the monit gui login
+filter   = monit
+port = 2812
+logpath  = /var/log/monit
+
 
 [webmin-auth]
 

fail2ban/tests/files/logs/monit

@@ -0,0 +1,6 @@
+# failJSON: { "time": "2005-04-16T21:05:29", "match": true , "host": "69.93.127.111" }
+[PDT Apr 16 21:05:29] error    : Warning: Client '69.93.127.111' supplied unknown user 'foo' accessing monit httpd
+
+# failJSON: { "time": "2005-04-16T20:59:33", "match": true , "host": "97.113.189.111" }
+[PDT Apr 16 20:59:33] error    : Warning: Client '97.113.189.111' supplied wrong password for user 'admin' accessing monit httpd
+