]> source.dussan.org Git - gitblit.git/commitdiff
projects / gitblit.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f9f916b)
Added better logging for fail2ban 296/head
authorEnrico204 <enrico204@gmail.com>
Mon, 10 Aug 2015 19:13:49 +0000 (21:13 +0200)
committerEnrico204 <enrico204@gmail.com>
Mon, 10 Aug 2015 19:13:49 +0000 (21:13 +0200)
build.xml patch | blob | history
src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java patch | blob | history
src/site/setup_fail2ban.mkd [new file with mode: 0644] patch | blob

diff --git a/build.xml b/build.xml
index 8544573b60a5e6717f6048d627c26ee07036d732..65fc0432cad2316e486ddc3c298c9e741db3ecd4 100644 (file)
--- a/build.xml
+++ b/build.xml
@@ -513,6 +513,7 @@
                                                <page name="bugtraq" src="setup_bugtraq.mkd" />\r
                                                <page name="mirrors" src="setup_mirrors.mkd" />\r
                                                <page name="scaling" src="setup_scaling.mkd" />\r
+                                               <page name="fail2ban" src="setup_fail2ban.mkd" />\r
                                                <divider />\r
                                                <page name="Gitblit as a viewer" src="setup_viewer.mkd" />\r
                                        </menu>\r
diff --git a/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java
index c4e69dcde49e823c7f6dce1f9b0ade44bff71623..d7c4fe5e00d9fab0849f70f9b3af123967eebfb2 100644 (file)
--- a/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java
@@ -57,7 +57,7 @@ public class UsernamePasswordAuthenticator implements PasswordAuthenticator {
                        return true;
                }
 
-               log.warn("could not authenticate {} for SSH using the supplied password", username);
+               log.warn("could not authenticate {} ({}) for SSH using the supplied password", username, client.getRemoteAddress());
                return false;
        }
 }
diff --git a/src/site/setup_fail2ban.mkd b/src/site/setup_fail2ban.mkd
new file mode 100644 (file)
index 0000000..928f7a8
--- /dev/null
+++ b/src/site/setup_fail2ban.mkd
@@ -0,0 +1,20 @@
+## Configure fail2ban for Gitblit-SSH
+
+This procedure is based on a Debian installation of [fail2ban](http://www.fail2ban.org/), but it should works in any installation.
+
+First, create a new filter file `gitblit.conf` in filter directory (Debian: `/etc/fail2ban/filter.d/`) or into `filter.conf` file. Here an example:
+
+    [Definition]
+    failregex = could not authenticate .*? \(/<HOST>:[0-9]*\) for SSH using the supplied password$
+    ignoreregex =
+
+Then edit `jail.conf` to add "gitblit" service (Debian: `/etc/fail2ban/jail.conf`). For example:
+
+    [gitblit]
+    enabled = true
+    port = 22
+    protocol = tcp
+    filter = gitblit
+    logpath = /var/log/gitblit.log
+
+Restart fail2ban to apply (Debian: `/etc/init.d/fail2ban restart`).
Pure java git solution: https://github.com/gitblit-org/gitblit