1) create a new filter config file ajenti-auth.conf....
Step A:Run the below command
Sudo vi /etc/fail2ban/filter.d/ajenti-auth.conf
Step B:Copy the below and paste inside the above file # Fail2Ban filter for ajenti [INCLUDES] before = common.conf
[Definition]
_daemon = ajenti
failregex = ^%(__prefix_line)sfailed login attempt for .* through .* from <HOST>\s*$
ignoreregex =
2) Add the jail settings to the end of the jail.local file...
Step A:Run the below command
sudo vi /etc/fail2ban/jail.local
Step B: Copy the below and paste inside the above file at the end [ajenti-auth] enabled = true port = 8000 filter = ajenti-auth logpath = /var/log/auth.log maxretry = 3
3) Restart the service... Step A:Run the below command
I just attempted to test this filter with ajenti.. I don't seem to see the entries in /var/log/auth.log. Is there some config that needs to be enabled in ajenti's config.json to enable syslogging?
No nothing is added to the config.json file. The above is implemented and tested on Ubuntu 14.04 and Ajent v1.2.23.8
Here is an example of the logs from a server:
Jul 28 00:55:23 localhost ajenti: failed login attempt for root ("fail") through AjentiSyncProvider from X.X.X.X Jul 28 00:55:37 localhost ajenti: user root logged in through AjentiSyncProvider from X.X.X.X
1) create a new filter config file ajenti-auth.conf....
Step A: Run the below command
Sudo vi /etc/fail2ban/filter.d/ajenti-auth.conf
Step B: Copy the below and paste inside the above file
# Fail2Ban filter for ajenti
[INCLUDES]
before = common.conf
[Definition]
_daemon = ajenti
failregex = ^%(__prefix_line)sfailed login attempt for .* through .* from <HOST>\s*$
ignoreregex =
2) Add the jail settings to the end of the jail.local file...
Step A: Run the below command
sudo vi /etc/fail2ban/jail.local
Step B: Copy the below and paste inside the above file at the end
[ajenti-auth]
enabled = true
port = 8000
filter = ajenti-auth
logpath = /var/log/auth.log
maxretry = 3
3) Restart the service...
Step A: Run the below command
sudo service fail2ban restart
I just attempted to test this filter with ajenti.. I don't seem to see the entries in /var/log/auth.log. Is there some config that needs to be enabled in ajenti's config.json to enable syslogging?
No nothing is added to the config.json file. The above is implemented and tested on Ubuntu 14.04 and Ajent v1.2.23.8
Here is an example of the logs from a server:
Jul 28 00:55:23 localhost ajenti: failed login attempt for root ("fail") through AjentiSyncProvider from X.X.X.X
Jul 28 00:55:37 localhost ajenti: user root logged in through AjentiSyncProvider from X.X.X.X