Fail2ban Ubuntu 16.04 Seafile 6.02 - not working

Hi Everyone,

I have been trying to get fail2ban to work. I had it working on a test server, now trying on a hosted vps with the same config, it’s not working.

Config files are fine:

$cat /etc/fail2ban/jail.local 
# All standard jails are in the file configuration located
# /etc/fail2ban/jail.conf

# Warning you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local

# Change logpath with your file log used by seafile (e.g. seahub.log)
# Also you can change the max retry var (3 attemps = 1 line written in the
# seafile log)
# So with this maxrety to 1, the user can try 3 times before his IP is banned


enabled  = true
port     = 80,443,22
filter   = seafile-auth
logpath  = /home/seafile/seafile/logs/seahub.log
maxretry = 3

Log file does exist with correct permissions:

$ls -lah /home/seafile/seafile/logs/seahub.log
-rw-r--r-- 1 seafile seafile 14K Okt 23 02:33 /home/seafile/seafile/logs/seahub.log

And filters are fine too:

$cat /etc/fail2ban/filter.d/seafile-auth.conf 
# Fail2Ban filter for seafile


# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


_daemon = seaf-server

failregex = Login attempt limit reached.*, ip: <HOST>

ignoreregex = 

# DEV Notes:
# pattern :     2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: <user>, ip:, attemps: 3
#        2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip:, attempts: 3

and log file has correct expressions:

$tail -f /home/seafile/seafile/logs/seahub.log
2016-10-23 01:27:04,226 [WARNING] seahub.auth.views:208 login Login attempt limit reached, show Captcha, ip: <ip>, attempts: 10
2016-10-23 01:27:05,022 [WARNING] seahub.auth.views:208 login Login attempt limit reached, show Captcha, ip: <ip>, attempts: 10

Any help would be appreciated

have you tried fail2ban-regex?

fail2ban-regex -vv --print-all-matched /home/seafile/seafile/logs/seahub.log /etc/fail2ban/filter.d/seafile-auth.conf

what does it show?
what does /var/log/fail2ban.log show?

maxretry says that there have to be 3 (or more) attempts before a ban. what are your findtime and bantime settings. findtimes the “maxretry” attempts have to be in that time?

Thanks @markusweb for the fail2ban-regex tip. I was able to find the problem with that. The problem was me :slight_smile:

Well, actually it’s by design, but a little misleading. The Login attempt limit reached lines only go into the log file when the captcha login fails 3 times. Logging in with a user without captcha does not produce the line in the log file. My mistake was that i though after ANY 3 attempts in blocks the ip. And i was always using the capctha once, and then logging in normally with the captcha because i was under the impression it did not work.

So it works fine. Thanks for the hint.

This might be interesting


Delete this message

I wrote the fail2ban manual based on that once.

But it might be outdated. Feel free to feed it with up to date data.

The fix is To set the timezone, in the end of this comming week i have some “dead time” at work and I’ll post som changes trough github.

Thanks for all your help @DerDanilo .

P.S I’m looking forward for the new nginx manual

You are welcome to submit code to our github repo once we got the basic structure ready. I have no time for this right now. Maybe in the next month when one rather likes to stay inside :smiley:

Ok, I have been doing some PR’s on the Seafile Manual with stuff that should have been written there as it’s information that you need from a manual.