Fail2ban Ubuntu 16.04 Seafile 6.02 - not working

Hi Everyone,

I have been trying to get fail2ban to work. I had it working on a test server, now trying on a hosted vps with the same config, it’s not working.

Config files are fine:

$cat /etc/fail2ban/jail.local 
# All standard jails are in the file configuration located
# /etc/fail2ban/jail.conf

# Warning you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local

# Change logpath with your file log used by seafile (e.g. seahub.log)
# Also you can change the max retry var (3 attemps = 1 line written in the
# seafile log)
# So with this maxrety to 1, the user can try 3 times before his IP is banned

[seafile]

enabled  = true
port     = 80,443,22
filter   = seafile-auth
logpath  = /home/seafile/seafile/logs/seahub.log
maxretry = 3

Log file does exist with correct permissions:

$ls -lah /home/seafile/seafile/logs/seahub.log
-rw-r--r-- 1 seafile seafile 14K Okt 23 02:33 /home/seafile/seafile/logs/seahub.log

And filters are fine too:

$cat /etc/fail2ban/filter.d/seafile-auth.conf 
# Fail2Ban filter for seafile
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = seaf-server

failregex = Login attempt limit reached.*, ip: <HOST>

ignoreregex = 

# DEV Notes:
#
# pattern :     2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: <user>, ip: 1.2.3.4, attemps: 3
#        2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3

and log file has correct expressions:

$tail -f /home/seafile/seafile/logs/seahub.log
2016-10-23 01:27:04,226 [WARNING] seahub.auth.views:208 login Login attempt limit reached, show Captcha, ip: <ip>, attempts: 10
2016-10-23 01:27:05,022 [WARNING] seahub.auth.views:208 login Login attempt limit reached, show Captcha, ip: <ip>, attempts: 10

Any help would be appreciated

have you tried fail2ban-regex?

fail2ban-regex -vv --print-all-matched /home/seafile/seafile/logs/seahub.log /etc/fail2ban/filter.d/seafile-auth.conf

what does it show?
what does /var/log/fail2ban.log show?

maxretry says that there have to be 3 (or more) attempts before a ban. what are your findtime and bantime settings. findtimes the “maxretry” attempts have to be in that time?

Thanks @markusweb for the fail2ban-regex tip. I was able to find the problem with that. The problem was me :slight_smile:

Well, actually it’s by design, but a little misleading. The Login attempt limit reached lines only go into the log file when the captcha login fails 3 times. Logging in with a user without captcha does not produce the line in the log file. My mistake was that i though after ANY 3 attempts in blocks the ip. And i was always using the capctha once, and then logging in normally with the captcha because i was under the impression it did not work.

So it works fine. Thanks for the hint.

This might be interesting

F

Delete this message

I wrote the fail2ban manual based on that once.

But it might be outdated. Feel free to feed it with up to date data.
https://manual.seafile.com/security/fail2ban.html

The fix is To set the timezone, in the end of this comming week i have some “dead time” at work and I’ll post som changes trough github.

Thanks for all your help @DerDanilo .

P.S I’m looking forward for the new nginx manual

You are welcome to submit code to our github repo once we got the basic structure ready. I have no time for this right now. Maybe in the next month when one rather likes to stay inside :smiley:

Ok, I have been doing some PR’s on the Seafile Manual with stuff that should have been written there as it’s information that you need from a manual.