+22

How to use Fail2ban with Ajenti ?

an solas 6 years ago updated by Salam Ghoussaini 4 years ago 5
How to use Fail2ban with Ajenti , please?
Is there somewhere an example?
-6
Who cares, configuration by hand is faster and much more secure :)
+2

1) create a new filter config file ajenti-auth.conf....

Step A: Run the below command

Sudo vi /etc/fail2ban/filter.d/ajenti-auth.conf


Step B: Copy the below and paste inside the above file
# Fail2Ban filter for ajenti
[INCLUDES]
before = common.conf


[Definition]

_daemon = ajenti

failregex = ^%(__prefix_line)sfailed login attempt for .* through .* from <HOST>\s*$

ignoreregex =



2) Add the jail settings to the end of the jail.local file...

Step A: Run the below command

sudo vi /etc/fail2ban/jail.local


Step B: Copy the below and paste inside the above file at the end
[ajenti-auth]
enabled = true
port = 8000
filter = ajenti-auth
logpath = /var/log/auth.log
maxretry = 3



3) Restart the service...
Step A: Run the below command

sudo service fail2ban restart



I just attempted to test this filter with ajenti.. I don't seem to see the entries in /var/log/auth.log. Is there some config that needs to be enabled in ajenti's config.json to enable syslogging?

No nothing is added to the config.json file. The above is implemented and tested on Ubuntu 14.04 and Ajent v1.2.23.8


Here is an example of the logs from a server:

Jul 28 00:55:23 localhost ajenti: failed login attempt for root ("fail") through AjentiSyncProvider from X.X.X.X
Jul 28 00:55:37 localhost ajenti: user root logged in through AjentiSyncProvider from X.X.X.X