Bruteforce mitigation - fail2ban filter for ocserv
Fail2Ban can be explained in more detailed by this
Short explaination of fail2ban:
Fail2ban scans log files and bans IP’s that show the malicious signs – too many password failures etc. The following filter identifies failed authentications on the oserv (OpenConnect Server).
cd /usr/local/etc/fail2ban/filter.d
cat ocserv.conf
[Definition]
failregex = (?:ocserv\[\d+\]: worker\[\w+\]: )(?P\S*)(?: worker-auth\.c\:\d+: failed authentication for ')
(?P<user>\S*)(?:').*