commit | author | age
|
b7fcca
|
1 |
## Configure fail2ban for Gitblit-SSH |
E |
2 |
|
0d7c65
|
3 |
This procedure uses [fail2ban](http://www.fail2ban.org/). |
b7fcca
|
4 |
|
0d7c65
|
5 |
First, create a new filter file `gitblit.conf` in filter directory (Debian/CentOS: `/etc/fail2ban/filter.d/`) or into `filter.conf` file. Here is an example: |
b7fcca
|
6 |
|
E |
7 |
[Definition] |
0d7c65
|
8 |
failregex = Failed login attempt for .+, invalid credentials from <HOST>\s*$ |
PM |
9 |
could not authenticate .*? \(/<HOST>:[0-9]*\) for SSH using the supplied password$ |
b7fcca
|
10 |
ignoreregex = |
E |
11 |
|
|
12 |
Then edit `jail.conf` to add "gitblit" service (Debian: `/etc/fail2ban/jail.conf`). For example: |
|
13 |
|
|
14 |
[gitblit] |
|
15 |
enabled = true |
0d7c65
|
16 |
port = 443,29418 |
b7fcca
|
17 |
protocol = tcp |
E |
18 |
filter = gitblit |
|
19 |
logpath = /var/log/gitblit.log |
|
20 |
|
0d7c65
|
21 |
|
PM |
22 |
Reload fail2ban config to apply (`fail2ban-client reload`). |
|
23 |
|
|
24 |
Check the status of the gitblit fail2ban jail with `fail2ban-client status gitblit` |