blob: c735968dc527de3f39a1ec6b3b674baeb6b96551 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
## Configure fail2ban for Gitblit-SSH
This procedure uses [fail2ban](http://www.fail2ban.org/).
First, create a new filter file `gitblit.conf` in filter directory (Debian/CentOS: `/etc/fail2ban/filter.d/`) or into `filter.conf` file. Here is an example:
[Definition]
failregex = Failed login attempt for .+, invalid credentials from <HOST>\s*$
could not authenticate .*? \(/<HOST>:[0-9]*\) for SSH using the supplied password$
ignoreregex =
Then edit `jail.conf` to add "gitblit" service (Debian: `/etc/fail2ban/jail.conf`). For example:
[gitblit]
enabled = true
port = 443,29418
protocol = tcp
filter = gitblit
logpath = /var/log/gitblit.log
Reload fail2ban config to apply (`fail2ban-client reload`).
Check the status of the gitblit fail2ban jail with `fail2ban-client status gitblit`
|
