Merge pull request #697 from jhmartin/monit_admin_hack

Block brute-force attempts against the Monit gui
pull/715/merge
Steven Hiscocks 11 years ago
commit 77ba065571

@ -26,6 +26,7 @@ ver. 0.9.1 (2014/xx/xx) - better, faster, stronger
http://bugs.python.org/issue21207 http://bugs.python.org/issue21207
- New features: - New features:
- Added monit filter thanks Jason H Martin.
- Enhancements - Enhancements

@ -48,6 +48,7 @@ Ivo Truxa
John Thoe John Thoe
Jacques Lav!gnotte Jacques Lav!gnotte
Ioan Indreias Ioan Indreias
Jason H Martin
Jonathan Kamens Jonathan Kamens
Jonathan Lanning Jonathan Lanning
Jonathan Underwood Jonathan Underwood

@ -0,0 +1,9 @@
# Fail2Ban filter for monit.conf, looks for failed access attempts
#
#
[Definition]
failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied unknown user '\w+' accessing monit httpd$
^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied wrong password for user '\w+' accessing monit httpd$

@ -366,6 +366,12 @@ maxretry = 5
port = http,https port = http,https
logpath = /var/log/tomcat*/catalina.out logpath = /var/log/tomcat*/catalina.out
[monit]
#Ban clients brute-forcing the monit gui login
filter = monit
port = 2812
logpath = /var/log/monit
[webmin-auth] [webmin-auth]

@ -0,0 +1,6 @@
# failJSON: { "time": "2005-04-16T21:05:29", "match": true , "host": "69.93.127.111" }
[PDT Apr 16 21:05:29] error : Warning: Client '69.93.127.111' supplied unknown user 'foo' accessing monit httpd
# failJSON: { "time": "2005-04-16T20:59:33", "match": true , "host": "97.113.189.111" }
[PDT Apr 16 20:59:33] error : Warning: Client '97.113.189.111' supplied wrong password for user 'admin' accessing monit httpd
Loading…
Cancel
Save