BLACKSITE


	: 216.73.217.122
	: 31.97.239.53 / learnageacademy.com
	: Linux srv1143180 6.8.0-106-generic #106-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 6 07:58:08 UTC 2026 x86_64

: /etc/fail2ban/filter.d/

files >> //etc/fail2ban/filter.d/guacamole.conf

 # Fail2Ban configuration file for guacamole
#
# Author: Steven Hiscocks
#

[Definition]

logging = catalina
failregex = <L_<logging>/failregex>
maxlines = <L_<logging>/maxlines>
datepattern = <L_<logging>/datepattern>

[L_catalina]

failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$

maxlines = 2

datepattern = ^%%b %%d, %%ExY %%I:%%M:%%S %%p
              ^WARNING:()**
              {^LN-BEG}

[L_webapp]

failregex = ^ \[\S+\] WARN  \S+ - Authentication attempt from <HOST> for user "<F-USER>[^"]+</F-USER>" failed.

maxlines = 1

datepattern = ^%%H:%%M:%%S.%%f

# DEV Notes:
#
# failregex is based on the default pattern given in Guacamole documentation :
# https://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging
#
# The following logback.xml Guacamole configuration file can then be used accordingly :
# <configuration>
#   <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
#     <file>/var/log/guacamole.log</file>
#     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
#       <fileNamePattern>/var/log/guacamole.%d.log.gz</fileNamePattern>
#       <maxHistory>32</maxHistory>
#     </rollingPolicy>
#     <encoder>
#       <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
#     </encoder>
#   </appender>
#   <root level="info">
#     <appender-ref ref="FILE" />
#   </root>
# </configuration>