Added better logging for fail2ban

author: Enrico204 <enrico204@gmail.com> 2015-08-10 21:13:49 +0200
committer: Enrico204 <enrico204@gmail.com> 2015-08-10 21:13:49 +0200
commit: b7fccafeebc639746d2bd82042d28f4ef0f24648 (patch)
tree: e0ad9ef8cf6ea63aa364e4014f99dc334e789d57 /src/site/setup_fail2ban.mkd
parent: f9f916bdd84f43e8aa50f03bab1274555940dfc2 (diff)
download: gitblit-b7fccafeebc639746d2bd82042d28f4ef0f24648.tar.gz
gitblit-b7fccafeebc639746d2bd82042d28f4ef0f24648.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/src/site/setup_fail2ban.mkd b/src/site/setup_fail2ban.mkd
new file mode 100644
index 00000000..928f7a84
--- /dev/null
+++ b/src/site/setup_fail2ban.mkd
@@ -0,0 +1,20 @@
+## Configure fail2ban for Gitblit-SSH
+
+This procedure is based on a Debian installation of [fail2ban](http://www.fail2ban.org/), but it should works in any installation.
+
+First, create a new filter file `gitblit.conf` in filter directory (Debian: `/etc/fail2ban/filter.d/`) or into `filter.conf` file. Here an example:
+
+    [Definition]
+    failregex = could not authenticate .*? \(/<HOST>:[0-9]*\) for SSH using the supplied password$
+    ignoreregex =
+
+Then edit `jail.conf` to add "gitblit" service (Debian: `/etc/fail2ban/jail.conf`). For example:
+
+    [gitblit]
+    enabled = true
+    port = 22
+    protocol = tcp
+    filter = gitblit
+    logpath = /var/log/gitblit.log
+
+Restart fail2ban to apply (Debian: `/etc/init.d/fail2ban restart`).
author	Enrico204 <enrico204@gmail.com>	2015-08-10 21:13:49 +0200
committer	Enrico204 <enrico204@gmail.com>	2015-08-10 21:13:49 +0200
commit	b7fccafeebc639746d2bd82042d28f4ef0f24648 (patch)
tree	e0ad9ef8cf6ea63aa364e4014f99dc334e789d57 /src/site/setup_fail2ban.mkd
parent	f9f916bdd84f43e8aa50f03bab1274555940dfc2 (diff)
download	gitblit-b7fccafeebc639746d2bd82042d28f4ef0f24648.tar.gz gitblit-b7fccafeebc639746d2bd82042d28f4ef0f24648.zip