Skip to content

Instantly share code, notes, and snippets.

@mmalmeida

mmalmeida/gist:5934939

Last active December 19, 2015 09:39
Show Gist options
  • Save mmalmeida/5934939 to your computer and use it in GitHub Desktop.
Save mmalmeida/5934939 to your computer and use it in GitHub Desktop.
Download ZIP
fail2ban - tomcat
Raw
gistfile1.txt
jail:
[tomcat-manager]
enabled = true
port = 8080,8443
bantime = 3601
filter = tomcat-manager
maxretry = 4
logpath = /var/log/tomcat7/localhost_access_log.*.txt
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/tomcat-manager.conf
Use single line: 85.17.68.32 - - [05/Jul/2013:15:22:09 +0100] "GET ...
Results
=======
Failregex
|- Regular expressions:
| [1] <HOST> -.*- .*/manager/j_security_check HTTP/1.* .* .*$
| [2] <HOST> - - \[.*\] "GET /manager/html HTTP/1.1" 401 \d+$
|
`- Number of matches:
[1] 0 match(es)
[2] 1 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
Summary
=======
Addresses found:
[1]
[2]
85.17.68.32 (Fri Jul 05 15:22:09 2013)
Date template hits:
0 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
3 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Year.Month.Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>
Success, the total number of match is 1
However, look at the above section 'Running tests' which could contain important
information.
ATTEMPTS:
85.17.68.32 - - [05/Jul/2013:15:26:17 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:19 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:19 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:21 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:21 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:23 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:23 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:26 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:27 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:29 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:29 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:32 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:32 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:34 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:34 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:34 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:34 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:36 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:36 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:36 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:36 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:39 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:40 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:41 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:42 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:43 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:43 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:45 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:45 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:47 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:47 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:47 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:47 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:47 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:47 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:51 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:51 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:53 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:53 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:55 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:55 +0100] "GET /manager/html HTTP/1.1" 401 2486
85.17.68.32 - - [05/Jul/2013:15:26:58 +0100] "GET /manager/html HTTP/1.1" 401 2486
62.169.120.31 - - [05/Jul/2013:15:35:45 +0100] "GET /manager/html?org.apache.catalina.filters.CSRF_NONCE=31541EA473321362072BEB78A0C141BD HTTP/1.1" 401 2486
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment