You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Piviul <pi...@riminilug.it> on 2022/01/05 07:52:08 UTC
[OT] Re: limit login attempts
Il 05/01/22 08:28, Piviul ha scritto:
> Il 04/01/22 19:17, sam g ha scritto:
>> Hello,
>>
>> I'm sure I'm asking a silly question but where would be this
>> Guacamole log file where the login failed attempts are written?
>> I tried but I don't see anything in my
>> /var/log/tomcat9/*localhost_access_log*.2022-01-04.txt or in
>> /var/log/tomcat9/*localhost_access_log*.2022-01-04.txt .
>> With a "*systemctl status tomcat9*" I can see some "*WARN
>> o.a.g.r.auth.AuthenticationService - Authentication attempt from
>> a.b.c.d for user "zzzf" failed.*"
> In my debian buster guacamole logs are sent to tomcat, so I can find
> failed logs in /var/log/tomcat/catalina.out
I add that after installing fail2ban you have enable it; in my debian
buster I have added the file /etc/fail2ban/jail.d/guacamole.conf:
$ cat /etc/fail2ban/jail.d/guacamole.conf
[guacamole]
enabled = true
and then I updated the failregex to discover failed login attempt in
/etc/fail2ban/filter.d/guacamole.conf. My failregex is:
failregex = ^.*WARNÂ o\.a\.g\.r\.auth\.AuthenticationService -
Authentication attempt from <HOST> for user "[^"]*" failed\.$
Then look into /var/log/fail2ban.log to see if all is working as expected
Piviul