Allow fail2ban to prevent brute force

Vincent_LaNetCie · 3 December 2022 14:55

Hello,

Like some posts found in this forum, I’d like to find a way to prevent brute force against librenms by using fail2ban with a fine grained control.
I can’t find any logs where failed auth are stored.
Could you help me ? Thank you

Regards,

Vincent

librenms@grafana:~$ ./validate.php

Component	Version
LibreNMS	22.11.0-9-g49abee372 (2022-12-01T15:20:49+01:00)
DB Schema	2022_08_15_084507_add_rrd_type_to_wireless_sensors_table (248)
PHP	8.1.11
Python	3.7.3
Database	MariaDB 10.5.12-MariaDB-1:10.5.12+maria~buster
RRDTool	1.7.1
SNMP	5.7.3

===========================================

SantiagoSilvaZ · 4 December 2022 03:07

Hi,

In the WebUI you can see the authentication history.

Vincent_LaNetCie · 5 December 2022 10:20

Hello SantiagoSilvaZ,

Thank you for your reply.
What I need is to give to fail2ban an access to the logs for parsing them and search for failed logins in order to ban ip.

Regard,

Vincent

SantiagoSilvaZ · 5 December 2022 12:45

Hi,
In the case of authlog, it is being registered in the database, in the authlog table; I don’t know if it’s also available elsewhere.

Vincent_LaNetCie · 5 December 2022 12:57

Hello,

Thank you for your reply. I’ll have a look in database and, why not, extract logs with a script then parse it.

Regards,

Vincent

murrant · 16 December 2022 15:06

You could also send a change request to log authentication failures to librenms.log, It would be a pretty easy change to make.

system · 16 March 2023 15:07

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.