Skip to content

Instantly share code, notes, and snippets.

@dwinurhadia

dwinurhadia/jail.local

Forked from luiseok/jail.local
Created September 20, 2023 07:16
Show Gist options
  • Save dwinurhadia/72e039fd0f73d59d4dce69eaf347cb52 to your computer and use it in GitHub Desktop.
Save dwinurhadia/72e039fd0f73d59d4dce69eaf347cb52 to your computer and use it in GitHub Desktop.
Download ZIP
Fail2ban MongoDB filter.d configuration file
Raw
jail.local
#
# File Path : /etc/fail2ban/jail.local
#
# Please modify the port and logpath that you configured.
#
[mongo-auth]
enabled = true
filter = mongo-auth
logpath = /var/log/mongodb/mongod.log
maxretry = 3
port = 27017
banaction = iptables-multiport[name="mongo", port="27017"]
bantime = 86400
findtime = 300
Raw
mongo-auth.conf
#
# File Path : /etc/fail2ban/filter.d/mongo-auth.conf
#
# Fail2Ban filter for unsuccesfull MongoDB authentication attempts
# Tested on fail2ban-client v0.9.3
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = mongodb
failregex = ^.*[aA]uthentication [fF]ail(ed|ure) for \w+ on \w+ from client <HOST>:[0-9].*|$
ignoreregex =
# DEV Notes:
#
# This file is intended to prevent access to MongoDB with an incorrect account.
#
# Example
# 2017-08-15T07:48:03.291+0900 I ACCESS [conn18] SCRAM-SHA-1 authentication failed for admin on admin from client 192.168.0.7:11696 ; UserNotFound: Could not find user admin@admin
# 2017-08-15T07:57:17.752+0900 I ACCESS [conn28] SCRAM-SHA-1 authentication failed for luiseok on admin from client 192.168.0.12:53380 ; AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch
# Author: luiseok (https://github.com/luiseok)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment