Code Monkey home page Code Monkey logo

Comments (12)

crazy-max avatar crazy-max commented on May 20, 2024 1

@Doubleho7

You don't have to create a volume for each file :

  volumes:
      - "/var/log/guacamole/guacd.log:/var/log/guacamole/guacd.log"
      - "/home/user/fail2ban/jail.d/guacamole.conf:/etc/fail2ban/jail.d/guacamole.conf"
      - "/home/user/fail2ban/filter.d/guacamole-auth.conf:/etc/fail2ban/filter.d/guacamole-auth.conf"
      - "/home/user/fail2ban/action.d/cloudflare.conf:/etc/fail2ban/action.d/cloudflare.conf"

Just copy them inside /home/user/fail2ban/data/jail.d / /home/user/fail2ban/data/filter.d. And log folder is already binded (see docker-compose example)

  volumes:
      - "/var/log:/var/log:ro"
      - "/home/user/fail2ban/data:/data"

Check this section in the README.

PS: I've edited your comment above that was unreadable. I advise you to read this guide to use Markdown properly for your next comments ;)

from docker-fail2ban.

onedr0p avatar onedr0p commented on May 20, 2024 1

Easiest way I've found to spin up guac is to use this container. If you use the official guac docker image it requires a bit more work. Using @oznu docker image it should be really straight forward.

https://github.com/oznu/docker-guacamole

from docker-fail2ban.

onedr0p avatar onedr0p commented on May 20, 2024 1

There hasn't been a release for Guacamole in a long time either. Check their GitHub.

from docker-fail2ban.

onedr0p avatar onedr0p commented on May 20, 2024

This is on my to-do list as well. There's a blog post here about it but it's from 2016. I would also recommend you set up Duo for 2FA on Guacamole, it takes about 30 minutes or so to get working.

from docker-fail2ban.

onedr0p avatar onedr0p commented on May 20, 2024

@crazy-max could you add these into the repo when you have a moment?

@Doubleho7 see my solution below, make sure to update BANACTION if you don't use cloudflare.

oznu/docker-guacamole container

make sure to mount the volume /var/log/guacamole:/usr/local/tomcat/logs in your container

config/guacamole/logback.xml

<configuration>
        <!-- Appender for debugging -->
        <appender name="GUAC-DEBUG" class="ch.qos.logback.core.ConsoleAppender">
                <encoder>
                        <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
                </encoder>
        </appender>
        <!-- Appender for debugging in a file-->
        <appender name="GUAC-DEBUG_FILE" class="ch.qos.logback.core.FileAppender">
                <file>/usr/local/tomcat/logs/guacd.log</file>
                <encoder>
                        <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
                </encoder>
        </appender>
        <!-- Log at DEBUG level -->
        <root level="debug">
                <appender-ref ref="GUAC-DEBUG"/>
                <appender-ref ref="GUAC-DEBUG_FILE"/>
        </root>
</configuration>

fail2ban container

make sure to mount the volume /var/log/guacamole/guacd.log:/var/log/guacamole/guacd.log:ro in your container

jail.d/guacamole.conf

[DEFAULT]
banaction = cloudflare

[guacamole-auth]
enabled = true
logpath = /var/log/guacamole/guacd.log
port = http,https

bantime = -1
maxretry = 5

filter.d/guacamole-auth.conf

[Definition]
failregex = \bAuthentication attempt from [<HOST>(?:,.*)?] for user ".*" failed\.
ignoreregex =

from docker-fail2ban.

Doubleho7 avatar Doubleho7 commented on May 20, 2024

Hi After back and forth.

Finally got it working, your guacamole-auth.conf through me out.

Here is my config bit different to yours.

My only concerns are that you can attempt to login multiple times, only when the page is refreshed do you get the failed login from cloudflare, is there no way around this?

How do you go about banning IP's if you are not using CloudFlare and perhaps using F5 as a load balancer / Reverse Proxy?

jail.d/guacamole.conf

[DEFAULT]
banaction = cloudflare

[guacamole-auth]
enabled = true
logpath = /var/log/guacamole/guacd.log
port = http,https

bantime = -1
maxretry = 5

filter.d/guacamole-auth.conf

[Definition]
failregex = \bAuthentication attempt from \[<HOST>(?:,.*)?\] for user ".*" failed\.
ignoreregex =

action.d/cloudflare.conf

https://fossies.org/linux/misc/fail2ban-0.10.4.tar.gz/fail2ban-0.10.4/config/action.d/cloudflare.conf?m=t

docker-compose.yaml

version: "3.2"

services:
  fail2ban: 
    container_name: fail2ban
    environment: 
      - PUID=1000
      - PGID=1000
      - TZ=Africa/Harare
    image: "crazymax/fail2ban:latest"
    network_mode: host
    privileged: true
    restart: always
    volumes: 
      - "/var/log/guacamole/guacd.log:/var/log/guacamole/guacd.log"
      - "/home/user/fail2ban/jail.d/guacamole.conf:/etc/fail2ban/jail.d/guacamole.conf"
      - "/home/user/fail2ban/filter.d/guacamole-auth.conf:/etc/fail2ban/filter.d/guacamole-auth.conf"
      - "/home/user/fail2ban/action.d/cloudflare.conf:/etc/fail2ban/action.d/cloudflare.conf"
  guacamole: 
    container_name: Guacamole
    environment: 
      - PUID=1000
      - PGID=1000
      - TZ=Africa/Harare
      - EXTENSIONS=auth-duo
    image: oznu/guacamole
    labels: 
      - traefik.backend=Guacamole
      - traefik.docker.network=proxy
      - "traefik.frontend.rule=Host:sub.domain.com"
      - traefik.enable=true
      - traefik.port=8080
      - traefik.default.protocol=http
    network_mode: bridge
    ports: 
      - "8074:8080"
    restart: unless-stopped
    volumes: 
      - "/var/log/guacamole/:/usr/local/tomcat/logs"
      - "/home/user/guacamole/config:/config"

config/guacamole/logback.xml

<configuration>
        <!-- Appender for debugging -->
        <appender name="GUAC-DEBUG" class="ch.qos.logback.core.ConsoleAppender">
                <encoder>
                        <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
                </encoder>
        </appender>
        <!-- Appender for debugging in a file-->
        <appender name="GUAC-DEBUG_FILE" class="ch.qos.logback.core.FileAppender">
                <file>/usr/local/tomcat/logs/guacd.log</file>
                <encoder>
                        <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
                </encoder>
        </appender>
        <!-- Log at DEBUG level -->
        <root level="debug">
                <appender-ref ref="GUAC-DEBUG"/>
                <appender-ref ref="GUAC-DEBUG_FILE"/>
        </root>
</configuration>

Some Tips

You can use the following commands to check if they are being ban or not.

Enter fail2ban interactive mode:

fail2ban-client -i

Check the status of the jail:

status guacamole-auth

unban with:

set guacamole-auth unbanip x.x.x.x

from docker-fail2ban.

onedr0p avatar onedr0p commented on May 20, 2024

Glad you were able to get it working! I'm not sure why the ban takes effect only on page refresh. Maybe it has to do with cloudflare and caching.

I also ban IPs on my pfsense modem using a docker container I wrote. Basically it syncs bans from Cloudflare and inserts them into my pfsense firewall rules. I have it update the list every hour.

Check it out here:
https://gitlab.com/onedr0p/cloudflare-firewall-blocklist

For even more security only accept IPs from Cloudflare IP/CIDR on port 80/443.

from docker-fail2ban.

crazy-max avatar crazy-max commented on May 20, 2024

could you add these into the repo when you have a moment?

@onedr0p Of course!

from docker-fail2ban.

onedr0p avatar onedr0p commented on May 20, 2024

nice write up @crazy-max 👍

from docker-fail2ban.

gurabli avatar gurabli commented on May 20, 2024

@crazy-max @onedr0p
I'm strugling to get Guacamole and db (and everything required) up and running on my server. Do you mind sharing your docker-compose for everything needed to configure Guacamole? I tried to follow a deployment guide at Plexguide, but it is specific to paths used in Plexguide scripts. Many thanks!

from docker-fail2ban.

gurabli avatar gurabli commented on May 20, 2024

@onedr0p Thanks, I will look into this. However, the container seam quite outdated, 6 months, and doesn't look it is maintained. Isn't this a problem?

from docker-fail2ban.

gurabli avatar gurabli commented on May 20, 2024

Indeed, thanks for pointing this out!
Wonder if it is safe to use with such a slow release cycle? I mean security wise.

from docker-fail2ban.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.