LogoLogo
APIDemoOfficial SiteDiscord
  • Introduction
  • Want to help?
  • 💾Installation
    • Prerequisites
      • Installing Webservers
        • Organizr & Dependency Installer
        • Nginx
        • Apache
        • Caddy
      • Installing PHP
    • Installing Organizr
  • 📌Getting started
  • First Time Setup
  • Tab Management
  • 🤖Features
    • Authentication Backend
      • Plex Backend
      • LDAP Backend
    • Server Authentication
      • Nginx Server Authentication
      • Caddy Server Authentication
      • Traefik Server Authentication
    • SSO
      • Plex SSO
      • Tautulli SSO
      • Overseerr SSO
      • Petio SSO
      • Ombi SSO
      • Jellyfin SSO
      • Komga SSO
      • Proxy Auth SSO
        • Grafana SSO
        • NZBHydra2 SSO
        • Calibre SSO
      • Troubleshooting SSO
    • Homepage
      • Sonarr Homepage Item
      • Plex Homepage Item
      • HealthChecks Homepage Item
    • API Socks
    • Backup & Restore
    • Custom Error Pages
    • Fail2Ban Integration
  • 🧪Tweaks
    • Tweaks
    • Hide custom text from specific groups
    • Optimizing PHP-FPM
  • 🆘Help
    • Custom Work
      • Custom Pages
    • Tutorials
      • Reverse Proxies
    • FAQ
      • Organizr Requirements
      • Forgot my password
      • Organizr Login Error
      • Login Looping - SameSite Errors
      • Auth cookie is not used by other subdomains
      • Update available even though up to date
      • Migration Guide
  • 🌍 Development
    • Plugin Development
Powered by GitBook
On this page
  • Summary
  • Prerequisites
  • Fail2Ban filter
  • Organizr Jail
  • Organizr logs
  • Docker
  • Using the linuxserver/swag container
  • Banned

Was this helpful?

Export as PDF
  1. Features

Fail2Ban Integration

Summary

Fail2ban scans log files (e.g. /var/log/nginx/error.log) and bans IPs that show malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email/notification) could also be configured.

Prerequisites

  • Fail2ban installed and configured

Fail2Ban filter

Go to your filter.d folder in your Fail2Ban install location /etc/fail2ban/filter.d and create a file called organizr-auth.conf and add the following:

[Definition]
failregex = {"log_level":"WARNING","message":"Wrong Password".*,"remote_ip_address":"<HOST>"
ignoreregex =

Organizr Jail

Edit the jail.local file in the Fail2Ban directory and add the following:

[organizr-auth]
enabled = true
port = http,https
logtimezone = UTC
filter = organizr-auth
logpath = /var/www/html/db/logs/organizr*.log
ignoreip = 192.168.1.0/24

Restart Fail2Ban with sudo service fail2ban restart

Organizr logs

Normal Install

/var/www/html/db/logs/organizr*.log

Docker Install

/config/db/logs/organizr*.log

Docker

Because the Organizr container only logs the docker IP addresses e.g 172.17.0.2 you need to add this in the Organizr default nginx site file. Go to \organizr\nginx\site-confs\default and add the following inside the server block:

# get real IP
real_ip_header X-Forwarded-For;
set_real_ip_from 172.17.0.0/16;
real_ip_recursive on;

If you're using organizr/organizr it's already added and you only need to uncomment the set_real_ip_from line.

Then restart the container: docker restart organizr

Using the linuxserver/swag container

The Fail2ban filter folder is in /<appdatafolder>/swag/fail2ban/filter.d

For this to work you need the SWAG container to be able to read the organizr-<date>.log file in the Organizr container.

Mount the Organizr log like this:

-v <path/to/organizr/config/db/logs:/organizrlog:ro

And set the log path in the Fail2Ban jail.local file to /organizrlog/organizr*.log

Banned

The fail2ban.log file should output something like this:

2017-08-08 21:51:13,777 fail2ban.filter [262]: INFO [organizr-auth] Found 5.153.234.107 - 2017-08-08 21:51:12
2017-08-08 21:51:18,811 fail2ban.filter [262]: INFO [organizr-auth] Found 5.153.234.107 - 2017-08-08 21:51:18
2017-08-08 21:51:43,965 fail2ban.filter [262]: INFO [organizr-auth] Ignore 192.168.1.1 by ip
2017-08-08 21:51:51,008 fail2ban.filter [262]: INFO [organizr-auth] Ignore 192.168.1.1 by ip
2017-08-08 21:51:57,045 fail2ban.filter [262]: INFO [organizr-auth] Ignore 192.168.1.1 by ip
2017-08-08 21:52:03,080 fail2ban.filter [262]: INFO [organizr-auth] Ignore 192.168.1.1 by ip
2017-08-08 21:53:25,578 fail2ban.filter [262]: INFO [organizr-auth] Found 104.160.20.131 - 2017-08-08 21:53:24
2017-08-08 21:53:31,617 fail2ban.filter [262]: INFO [organizr-auth] Found 104.160.20.131 - 2017-08-08 21:53:30
2017-08-08 21:53:36,650 fail2ban.filter [262]: INFO [organizr-auth] Found 104.160.20.131 - 2017-08-08 21:53:36
2017-08-08 21:53:42,688 fail2ban.filter [262]: INFO [organizr-auth] Found 104.160.20.131 - 2017-08-08 21:53:41
2017-08-08 21:53:48,726 fail2ban.filter [262]: INFO [organizr-auth] Found 104.160.20.131 - 2017-08-08 21:53:47
2017-08-08 21:53:48,733 fail2ban.actions [262]: NOTICE [organizr-auth] Ban 104.160.20.131

If you managed to ban yourself or a friend banned themself you can run one of these commands:

fail2ban-client unban <ip>
#OR
docker exec letsencrypt fail2ban-client unban <ip>

Thanks to rix1337 for the fail2ban config:

PreviousCustom Error PagesNextTweaks

Last updated 1 year ago

Was this helpful?

The ignore IP is so that fail2ban won’t ban your local IP. Check out if you are wondering what your is. Most often it will be /24 (netmask 255.255.255.0) To find your netmask run ipconfig /all on windows or ifconfig | grep netmask on linux.

🤖
https://www.aelius.com/njh/subnet_sheet.html
CIDR notation
organizr-auth.conf
jail.local