Skip to content

Fail2Ban Setup

Jump to bottom Edit New page
Peter Bieringer edited this page Sep 24, 2024 · 4 revisions

Radicale >= 3.0.0

(i) Radicale >= 3.0.0 logs to stdout which is usually catched by 'systemd/journald'

Radicale without reverse proxy

filter configuration

Example: /etc/fail2ban/filter.d/radicale.conf

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*Failed\slogin\sattempt\sfrom\s<HOST>:\s.*

[Init]

jail configuration

Example: /etc/fail2ban/jail.d/90-radicale.conf

Adjust port according to configuration

[radicale]
enabled = true
port = 5232
filter = radicale
banaction = %(banaction_allports)s[name=radicale]
backend = systemd
journalmatch = _SYSTEMD_UNIT=radicale.service
maxretry = 2
bantime = -1
ignoreip = 127.0.0.1
findtime = 14400

Testing

Create a request with an invalid user

curl -u testerror:testerror http://localhost:5232/testerror

Check regular expression match

fail2ban-regex systemd-journal -m _SYSTEMD_UNIT=radicale.service /etc/fail2ban/filter.d/radicale.conf
...
lines: ... lines, ... ignored, 1 matched, ... missed
...

Radicale behind reverse proxy

filter configuration

Example: /etc/fail2ban/filter.d/radicale.conf

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*Failed\slogin\sattempt\sfrom\s.*\(forwarded for \'<HOST>\'.*\):\s.*

[Init]

jail configuration

Example: /etc/fail2ban/jail.d/90-radicale.conf

Adjust port according to your reverse proxy configuration

[radicale]
enabled = true
port = 80, 443
filter = radicale
banaction = %(banaction_allports)s[name=radicale]
backend = systemd
journalmatch = _SYSTEMD_UNIT=radicale.service
maxretry = 2
bantime = -1
ignoreip = 127.0.0.1
findtime = 14400

Legacy example

To use Fail2Ban with radicale change Logging to INFO

Configs for fail2ban

filter http/https:

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*\sfor\s\'\/\'\sreceived\sfrom\s\'<HOST>\'.*\n^^.*Failed\slogin\sattempt:\s
ignoreregex =

[Init]
maxlines = 4

filter webdav:

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*Failed\slogin\sattempt.*\n^.*\n^.*\s\'\/.well\-known.*\sfrom\s\'<HOST>\'
ignoreregex =

[Init]
maxlines = 3

jail:

[radicale]
enabled = true
port = 80,443
filter = radicale
action = iptables-allports[name=radicale]
logpath = /var/log/remotelogs/192.168.50.115/radicale-logins.log
maxretry = 2
bantime = -1
ignoreip = 192.168.50.0/24
findtime = 14400
Add a custom footer
Add a custom sidebar
Clone this wiki locally