I am soon going to be exposing my RT instance on a public IP. It
currently requires VPN access, but users have asked for this to be changed.
As a result, I am trying to implement fail2ban, but am running into some
issues. I’m wondering if anyone else has successfully done this.
Running fail2ban-regexp against the Apache error log and the fail2ban
filter file show that there are matches, however running fail2ban in debug
mode does not show that it’s matching at run time.
The relevant configs are below. Any help appreciated.
enabled = true
filter = rtauth
action = iptables-allports[name=RT, protocol=all]
logpath = /var/log/apache2/error.log
maxretry = 4
findtime = 21600
bantime = 86400
before = apache-common.conf
failregex = [.] [[^]]+] [error]: FAILED LOGIN for . from