| commit | author | age | ||
| b7fcca | 1 | ## Configure fail2ban for Gitblit-SSH |
| E | 2 | |
| 0d7c65 | 3 | This procedure uses [fail2ban](http://www.fail2ban.org/). |
| b7fcca | 4 | |
| 0d7c65 | 5 | First, create a new filter file `gitblit.conf` in filter directory (Debian/CentOS: `/etc/fail2ban/filter.d/`) or into `filter.conf` file. Here is an example: |
| b7fcca | 6 | |
| E | 7 | [Definition] |
| 0d7c65 | 8 | failregex = Failed login attempt for .+, invalid credentials from <HOST>\s*$ |
| PM | 9 | could not authenticate .*? \(/<HOST>:[0-9]*\) for SSH using the supplied password$ |
| b7fcca | 10 | ignoreregex = |
| E | 11 | |
| 12 | Then edit `jail.conf` to add "gitblit" service (Debian: `/etc/fail2ban/jail.conf`). For example: | |
| 13 | ||
| 14 | [gitblit] | |
| 15 | enabled = true | |
| 0d7c65 | 16 | port = 443,29418 |
| b7fcca | 17 | protocol = tcp |
| E | 18 | filter = gitblit |
| 19 | logpath = /var/log/gitblit.log | |
| 20 | ||
| 0d7c65 | 21 | |
| PM | 22 | Reload fail2ban config to apply (`fail2ban-client reload`). |
| 23 | ||
| 24 | Check the status of the gitblit fail2ban jail with `fail2ban-client status gitblit` | |
