is this supposed to work with systemd?

thebrandonallen / wp-fail2ban-redux

Records various WordPress events to your server's system log for integration with Fail2Ban.

GNU General Public License v2.0

63 stars 13 forks source link

is this supposed to work with systemd? #24

Closed dirtbag closed 3 years ago

dirtbag commented 3 years ago

what are we supposed to use for systemd systems that dont have/use logpath = /var/log/auth.log ??

I have tried the following, but it doesnt seem to work..

[wordpress-hard]
enabled = true
filter = wordpress-hard
logpath  = systemd[journalflags=1]
maxretry = 2
port = http,https

[wordpress-soft]
enabled = true
filter = wordpress-soft
logpath  = systemd[journalflags=1]
maxretry = 5
port = http,https

-db

thebrandonallen commented 3 years ago

There are some additional common options here https://github.com/thebrandonallen/wp-fail2ban-redux/blob/6a6ea5578e854ba4a78926300cfcbbe2e73b3279/config/jail/wordpress.conf#L1-L18

Past that, your best bet is to pull up your favorite search engine and do some searching. Someone on Stack Overflow has normally had the same question, and gotten it answered.

dirtbag commented 3 years ago

👎🏼

nwsw commented 11 months ago

We got this to work with systemd in Debian 12 using the following filter:

[Definition]
prefregex = \bwp\b

failregex = Authentication attempt for unknown user .* from <HOST>
    Authentication failure for .* from <HOST>
    Blocked authentication attempt for .* from <HOST>
    Blocked user enumeration attempt from <HOST>
    Pingback error .* generated from <HOST>
    Spammed comment from <HOST>
    XML-RPC multicall authentication failure from <HOST>

In the jail config:

backend = systemd