Comments (12)
You don't have to create a volume for each file :
volumes:
- "/var/log/guacamole/guacd.log:/var/log/guacamole/guacd.log"
- "/home/user/fail2ban/jail.d/guacamole.conf:/etc/fail2ban/jail.d/guacamole.conf"
- "/home/user/fail2ban/filter.d/guacamole-auth.conf:/etc/fail2ban/filter.d/guacamole-auth.conf"
- "/home/user/fail2ban/action.d/cloudflare.conf:/etc/fail2ban/action.d/cloudflare.conf"
Just copy them inside /home/user/fail2ban/data/jail.d
/ /home/user/fail2ban/data/filter.d
. And log folder is already binded (see docker-compose example)
volumes:
- "/var/log:/var/log:ro"
- "/home/user/fail2ban/data:/data"
Check this section in the README.
PS: I've edited your comment above that was unreadable. I advise you to read this guide to use Markdown properly for your next comments ;)
from docker-fail2ban.
Easiest way I've found to spin up guac is to use this container. If you use the official guac docker image it requires a bit more work. Using @oznu docker image it should be really straight forward.
https://github.com/oznu/docker-guacamole
from docker-fail2ban.
There hasn't been a release for Guacamole in a long time either. Check their GitHub.
from docker-fail2ban.
This is on my to-do list as well. There's a blog post here about it but it's from 2016. I would also recommend you set up Duo for 2FA on Guacamole, it takes about 30 minutes or so to get working.
from docker-fail2ban.
@crazy-max could you add these into the repo when you have a moment?
@Doubleho7 see my solution below, make sure to update BANACTION if you don't use cloudflare.
oznu/docker-guacamole container
make sure to mount the volume /var/log/guacamole:/usr/local/tomcat/logs
in your container
config/guacamole/logback.xml
<configuration>
<!-- Appender for debugging -->
<appender name="GUAC-DEBUG" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!-- Appender for debugging in a file-->
<appender name="GUAC-DEBUG_FILE" class="ch.qos.logback.core.FileAppender">
<file>/usr/local/tomcat/logs/guacd.log</file>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!-- Log at DEBUG level -->
<root level="debug">
<appender-ref ref="GUAC-DEBUG"/>
<appender-ref ref="GUAC-DEBUG_FILE"/>
</root>
</configuration>
fail2ban container
make sure to mount the volume /var/log/guacamole/guacd.log:/var/log/guacamole/guacd.log:ro
in your container
jail.d/guacamole.conf
[DEFAULT]
banaction = cloudflare
[guacamole-auth]
enabled = true
logpath = /var/log/guacamole/guacd.log
port = http,https
bantime = -1
maxretry = 5
filter.d/guacamole-auth.conf
[Definition]
failregex = \bAuthentication attempt from [<HOST>(?:,.*)?] for user ".*" failed\.
ignoreregex =
from docker-fail2ban.
Hi After back and forth.
Finally got it working, your guacamole-auth.conf through me out.
Here is my config bit different to yours.
My only concerns are that you can attempt to login multiple times, only when the page is refreshed do you get the failed login from cloudflare, is there no way around this?
How do you go about banning IP's if you are not using CloudFlare and perhaps using F5 as a load balancer / Reverse Proxy?
jail.d/guacamole.conf
[DEFAULT]
banaction = cloudflare
[guacamole-auth]
enabled = true
logpath = /var/log/guacamole/guacd.log
port = http,https
bantime = -1
maxretry = 5
filter.d/guacamole-auth.conf
[Definition]
failregex = \bAuthentication attempt from \[<HOST>(?:,.*)?\] for user ".*" failed\.
ignoreregex =
action.d/cloudflare.conf
docker-compose.yaml
version: "3.2"
services:
fail2ban:
container_name: fail2ban
environment:
- PUID=1000
- PGID=1000
- TZ=Africa/Harare
image: "crazymax/fail2ban:latest"
network_mode: host
privileged: true
restart: always
volumes:
- "/var/log/guacamole/guacd.log:/var/log/guacamole/guacd.log"
- "/home/user/fail2ban/jail.d/guacamole.conf:/etc/fail2ban/jail.d/guacamole.conf"
- "/home/user/fail2ban/filter.d/guacamole-auth.conf:/etc/fail2ban/filter.d/guacamole-auth.conf"
- "/home/user/fail2ban/action.d/cloudflare.conf:/etc/fail2ban/action.d/cloudflare.conf"
guacamole:
container_name: Guacamole
environment:
- PUID=1000
- PGID=1000
- TZ=Africa/Harare
- EXTENSIONS=auth-duo
image: oznu/guacamole
labels:
- traefik.backend=Guacamole
- traefik.docker.network=proxy
- "traefik.frontend.rule=Host:sub.domain.com"
- traefik.enable=true
- traefik.port=8080
- traefik.default.protocol=http
network_mode: bridge
ports:
- "8074:8080"
restart: unless-stopped
volumes:
- "/var/log/guacamole/:/usr/local/tomcat/logs"
- "/home/user/guacamole/config:/config"
config/guacamole/logback.xml
<configuration>
<!-- Appender for debugging -->
<appender name="GUAC-DEBUG" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!-- Appender for debugging in a file-->
<appender name="GUAC-DEBUG_FILE" class="ch.qos.logback.core.FileAppender">
<file>/usr/local/tomcat/logs/guacd.log</file>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!-- Log at DEBUG level -->
<root level="debug">
<appender-ref ref="GUAC-DEBUG"/>
<appender-ref ref="GUAC-DEBUG_FILE"/>
</root>
</configuration>
Some Tips
You can use the following commands to check if they are being ban or not.
Enter fail2ban interactive mode:
fail2ban-client -i
Check the status of the jail:
status guacamole-auth
unban with:
set guacamole-auth unbanip x.x.x.x
from docker-fail2ban.
Glad you were able to get it working! I'm not sure why the ban takes effect only on page refresh. Maybe it has to do with cloudflare and caching.
I also ban IPs on my pfsense modem using a docker container I wrote. Basically it syncs bans from Cloudflare and inserts them into my pfsense firewall rules. I have it update the list every hour.
Check it out here:
https://gitlab.com/onedr0p/cloudflare-firewall-blocklist
For even more security only accept IPs from Cloudflare IP/CIDR on port 80/443.
from docker-fail2ban.
could you add these into the repo when you have a moment?
@onedr0p Of course!
from docker-fail2ban.
nice write up @crazy-max 👍
from docker-fail2ban.
@crazy-max @onedr0p
I'm strugling to get Guacamole and db (and everything required) up and running on my server. Do you mind sharing your docker-compose for everything needed to configure Guacamole? I tried to follow a deployment guide at Plexguide, but it is specific to paths used in Plexguide scripts. Many thanks!
from docker-fail2ban.
@onedr0p Thanks, I will look into this. However, the container seam quite outdated, 6 months, and doesn't look it is maintained. Isn't this a problem?
from docker-fail2ban.
Indeed, thanks for pointing this out!
Wonder if it is safe to use with such a slow release cycle? I mean security wise.
from docker-fail2ban.
Related Issues (20)
- Consider adding mail standalone feature HOT 1
- pip binary is missing, trying to `apk add py3-pip` breaks HOT 1
- [Feature Request] Add AbuseIPDB API integration
- [Feature Request] Add AbuseIPDB API integration HOT 1
- Can't send SMTP emails HOT 1
- F2B_DB_PURGE_AGE in examples is bogus HOT 2
- Help I banned my WAN IP and Unbanning command did not work HOT 1
- Is it possible to support Webhook? HOT 1
- Warning message is always triggered: already exists and will be overriden HOT 1
- Input chain not working sshd
- How to configure SSMTP if smtp server no authentication is required
- Disable: WARNING Unable to find a corresponding IP address for fail2ban: [Errno -2] Name does not resolve HOT 4
- Functionality for PUID/PGID
- System slowdown after more than 1 day of operation
- How to custom dockerfile to run container?
- Fail2ban docker not banning even if it says "already banned" HOT 3
- Subdomain access not blocked
- docker-fail2ban:1.1.0 compatibility issue with Synology HOT 9
- add linux/arm/v8 image HOT 3
- Works Only at container startup
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-fail2ban.