Block brute-force attempts against the Monit gui

2014-04-16 21:21:41 -07:00 · 2014-04-16 21:21:41 -07:00 · 7d112430ca
parent 9d6fc6eca2
commit 7d112430ca
2 changed files with 24 additions and 0 deletions
--- a/config/filter.d/monit.conf
+++ b/config/filter.d/monit.conf
@ -0,0 +1,18 @@
 # Fail2Ban filter for monit.conf, looks for failed access attempts
 #
 #
 [INCLUDES]
 # Read common prefixes. If any customizations available -- read them from
 # common.local
 before = common.conf
 [Definition]
 # Samples: 
 # [PDT Apr 16 20:59:11] error    : Warning: Client '1.2.3.4' supplied unknown user 'foo' accessing monit httpd
 # [PDT Apr 16 20:59:33] error    : Warning: Client '1.2.3.4' supplied wrong password for user 'admin' accessing monit httpd
 failregex = Warning: Client '<HOST>' supplied
 ignoreregex =
--- a/config/jail.conf
+++ b/config/jail.conf
@ -366,6 +366,12 @@ maxretry = 5
 port     = http,https
 logpath  = /var/log/tomcat*/catalina.out
 [monit]
 #Ban clients brute-forcing the monit gui login
 filter   = monit
 port = 2812
 logpath  = /var/log/monit
 [webmin-auth]