HEX
Server: Apache
System: Linux u11 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: ry040200 (1273)
PHP: 7.2.34
Disabled: passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,show_source,shell_exec,exec,virtual,proc_get_status,proc_terminate,system,syslog,mail
$ pwd: /etc/fail2ban/filter.d/
Upload Files
File: //etc/fail2ban/filter.d/guacamole.conf
# Fail2Ban configuration file for guacamole
#
# Author: Steven Hiscocks
#

[Definition]

logging = catalina
failregex = <L_<logging>/failregex>
maxlines = <L_<logging>/maxlines>
datepattern = <L_<logging>/datepattern>

[L_catalina]

failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$

maxlines = 2

datepattern = ^%%b %%d, %%ExY %%I:%%M:%%S %%p
              ^WARNING:()**
              {^LN-BEG}

[L_webapp]

failregex = ^ \[\S+\] WARN  \S+ - Authentication attempt from <HOST> for user "<F-USER>[^"]+</F-USER>" failed.

maxlines = 1

datepattern = ^%%H:%%M:%%S.%%f

# DEV Notes:
#
# failregex is based on the default pattern given in Guacamole documentation :
# https://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging
#
# The following logback.xml Guacamole configuration file can then be used accordingly :
# <configuration>
#   <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
#     <file>/var/log/guacamole.log</file>
#     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
#       <fileNamePattern>/var/log/guacamole.%d.log.gz</fileNamePattern>
#       <maxHistory>32</maxHistory>
#     </rollingPolicy>
#     <encoder>
#       <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
#     </encoder>
#   </appender>
#   <root level="info">
#     <appender-ref ref="FILE" />
#   </root>
# </configuration>
@ Telegram