Bruteforce mitigiation - fail2ban filter for ocserv
Published on Jun 14, 2017 by Kalle Carlbark.

Fail2Ban can be explained in more detailed by: this.

Short explaination of fail2ban:

Fail2ban scans log files and bans IP’s that show the malicious signs – too many password failures etc. The following filter identifies failed authentications on the oserv (OpenConnect Server).

cd /usr/local/etc/fail2ban/filter.d
cat ocserv.conf
[Definition]
failregex = (?:ocserv\[\d+\]: worker\[\w+\]: )(?P\S*)(?: worker-auth\.c\:\d+: failed authentication for ')
(?P<user>\S*)(?:').*

Bruteforce mitigiation - fail2ban filter for ocserv Published on Jun 14, 2017 by Kalle Carlbark.

Bruteforce mitigiation - fail2ban filter for ocserv
Published on Jun 14, 2017 by Kalle Carlbark.