Alfagun74
commented
1 year ago I personally do not use Fail2Ban, but if I understand it correctly, in theory, you could do the following:
- Enable log files and map a volume to the /logs folder:
[...]
gamevault-backend:
image: phalcode/gamevault-backend:latest
restart: unless-stopped
environment:
[...]
- SERVER_LOG_FILES_ENABLED: true # <---
volumes:
[...]
- /your/logs/folder:/logs # <---
[...]- Failed authentication attempts will look like this:
info: ┏ [17/Aug/2023:20:25:47 +0000] Username @ Address - GET /api/v1/users/me -> 401 - 28.231 ms - 112 - 'GameVault/1.3.0'- Now make a filter file for Fail2Ban:
sudo nano /etc/fail2ban/filter.d/gamevault-filter.confPut in something like this:
[Definition]
failregex = ^\[:date[^\]]+\] [^@]+@ <ADDR> - .* -> 401 - .*$NOTE: I haven't tested this regex; you may need to tinker around a bit using the following command:
fail2ban-regex /your/logs/folder/gamevault-backend.log /etc/fail2ban/filter.d/gamevault-filter.conf- Next, edit your Jail File:
sudo nano /etc/fail2ban/jail.localAdd this block (configure as you like):
[gamevault]
enabled = true
filter = gamevault-filter
logpath = /your/logs/folder/*.log
maxretry = 10
findtime = 3600
bantime = 3600- Restart or reload the Fail2Ban service for the changes to take effect.
sudo systemctl restart fail2ban- Now, perform a bunch of unauthenticated requests and check if your jail is working.
sudo fail2ban-client status gamevaultI hope this works for you. Please let me know if you have found a reasonable configuration and regex for this.
Be aware that the 401 response will be thrown on every unauthenticated request, which can happen fast and be annoying, so set the maxretry a bit higher.
Also, kudos to this StackOverflow answer.
60plus
Hello. Anyone can help me setup fail2ban for GameVault ?