192 |
- |
1 |
# Fail2Ban configuration file for guacamole
|
|
|
2 |
#
|
|
|
3 |
# Author: Steven Hiscocks
|
|
|
4 |
#
|
|
|
5 |
|
|
|
6 |
[Definition]
|
|
|
7 |
|
193 |
- |
8 |
logging = catalina
|
|
|
9 |
failregex = <L_<logging>/failregex>
|
|
|
10 |
maxlines = <L_<logging>/maxlines>
|
|
|
11 |
datepattern = <L_<logging>/datepattern>
|
|
|
12 |
|
|
|
13 |
[L_catalina]
|
|
|
14 |
|
192 |
- |
15 |
failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$
|
|
|
16 |
|
|
|
17 |
maxlines = 2
|
|
|
18 |
|
|
|
19 |
datepattern = ^%%b %%d, %%ExY %%I:%%M:%%S %%p
|
|
|
20 |
^WARNING:()**
|
193 |
- |
21 |
{^LN-BEG}
|
|
|
22 |
|
|
|
23 |
[L_webapp]
|
|
|
24 |
|
|
|
25 |
failregex = ^ \[\S+\] WARN \S+ - Authentication attempt from <HOST> for user "<F-USER>[^"]+</F-USER>" failed.
|
|
|
26 |
|
|
|
27 |
maxlines = 1
|
|
|
28 |
|
|
|
29 |
datepattern = ^%%H:%%M:%%S.%%f
|
|
|
30 |
|
|
|
31 |
# DEV Notes:
|
|
|
32 |
#
|
|
|
33 |
# failregex is based on the default pattern given in Guacamole documentation :
|
|
|
34 |
# https://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging
|
|
|
35 |
#
|
|
|
36 |
# The following logback.xml Guacamole configuration file can then be used accordingly :
|
|
|
37 |
# <configuration>
|
|
|
38 |
# <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
|
|
|
39 |
# <file>/var/log/guacamole.log</file>
|
|
|
40 |
# <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
|
|
|
41 |
# <fileNamePattern>/var/log/guacamole.%d.log.gz</fileNamePattern>
|
|
|
42 |
# <maxHistory>32</maxHistory>
|
|
|
43 |
# </rollingPolicy>
|
|
|
44 |
# <encoder>
|
|
|
45 |
# <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
|
|
|
46 |
# </encoder>
|
|
|
47 |
# </appender>
|
|
|
48 |
# <root level="info">
|
|
|
49 |
# <appender-ref ref="FILE" />
|
|
|
50 |
# </root>
|
|
|
51 |
# </configuration>
|