You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have setup MongoDB v4.4 on Debian 10 and installed fail2ban to block failed attempts to mongodb using ufw
i have a working rule that blocks failed attempts to port 10000 of virtualmin
my question is: how can i modify the failregex block of /etc/fail2ban/filter.d/mongodb-auth.conf so the ip's are blocked where they make failed attempts as current regex ist blocking ips i think because of different logging format from mongo 4.4
[Definition]#failregex = ^\s+\[initandlisten\] connection accepted from <HOST>:\d+ \#(?P<__connid>\d+) \(1 connection now open\)<SKIPLINES>\s+\[conn(?P=__connid)\] Failed to authenticate\s+failregex = ^\s+\[conn(?P<__connid>\d+)\] Failed to authenticate [^\n]+<SKIPLINES>\s+\[conn(?P=__connid)\] end connection <HOST>
The text was updated successfully, but these errors were encountered:
armandfishti
changed the title
How can i modify failregex to log authentication attempts for mongodb-auth.conf mongodb 4.4, fail2ban and ufw
How can i modify failregex to log failed authentication attempts for mongodb-auth.conf mongodb 4.4, fail2ban and ufw
Jun 22, 2021
Hi,
I have setup MongoDB v4.4 on Debian 10 and installed fail2ban to block failed attempts to mongodb using ufw
i have a working rule that blocks failed attempts to port 10000 of virtualmin
my question is: how can i modify the failregex block of /etc/fail2ban/filter.d/mongodb-auth.conf so the ip's are blocked where they make failed attempts as current regex ist blocking ips i think because of different logging format from mongo 4.4
any suggestion would be appreciated
log format:
The text was updated successfully, but these errors were encountered: