Merge pull request #296 from Enrico204/develop

James Moger

2015-08-10 51aa4f20fcf39a225e91aaa5da350d1f9fda6424

Merge pull request #296 from Enrico204/develop

Added better logging for fail2ban

 build.xml

@@ -513,6 +513,7 @@
                        <page name="bugtraq" src="setup_bugtraq.mkd" />

                        <page name="mirrors" src="setup_mirrors.mkd" />

                        <page name="scaling" src="setup_scaling.mkd" />

                        <page name="fail2ban" src="setup_fail2ban.mkd" />

                        <divider />

                        <page name="Gitblit as a viewer" src="setup_viewer.mkd" />

                    </menu>


 src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java

@@ -57,7 +57,7 @@
            return true;
        }

        log.warn("could not authenticate {} for SSH using the supplied password", username);
        log.warn("could not authenticate {} ({}) for SSH using the supplied password", username, client.getRemoteAddress());
        return false;
    }
}

 src/site/setup_fail2ban.mkd

New file
@@ -0,0 +1,20 @@
## Configure fail2ban for Gitblit-SSH

This procedure is based on a Debian installation of [fail2ban](http://www.fail2ban.org/), but it should works in any installation.

First, create a new filter file `gitblit.conf` in filter directory (Debian: `/etc/fail2ban/filter.d/`) or into `filter.conf` file. Here an example:

    [Definition]
    failregex = could not authenticate .*? \(/<HOST>:[0-9]*\) for SSH using the supplied password$
    ignoreregex =

Then edit `jail.conf` to add "gitblit" service (Debian: `/etc/fail2ban/jail.conf`). For example:

    [gitblit]
    enabled = true
    port = 22
    protocol = tcp
    filter = gitblit
    logpath = /var/log/gitblit.log

Restart fail2ban to apply (Debian: `/etc/init.d/fail2ban restart`).