Block brute-force attempts against the Monit gui

2014-04-16 21:21:41 -07:00 · 2014-04-16 21:21:41 -07:00 · 7d112430ca
parent 9d6fc6eca2
commit 7d112430ca
2 changed files with 24 additions and 0 deletions
--- a/config/filter.d/monit.conf
+++ b/config/filter.d/monit.conf
@ -0,0 +1,18 @@
+# Fail2Ban filter for monit.conf, looks for failed access attempts
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+# Samples: 
+# [PDT Apr 16 20:59:11] error    : Warning: Client '1.2.3.4' supplied unknown user 'foo' accessing monit httpd
+# [PDT Apr 16 20:59:33] error    : Warning: Client '1.2.3.4' supplied wrong password for user 'admin' accessing monit httpd
+
+failregex = Warning: Client '<HOST>' supplied
+
+ignoreregex =
--- a/config/jail.conf
+++ b/config/jail.conf
@ -366,6 +366,12 @@ maxretry = 5
 port     = http,https
 logpath  = /var/log/tomcat*/catalina.out

+[monit]
+#Ban clients brute-forcing the monit gui login
+filter   = monit
+port = 2812
+logpath  = /var/log/monit
+

 [webmin-auth]