Hi,
I have a raspberry pi 3 running rpi-cam, lighttpd and letsencrypt. It works well, but before I open a port in my firewall to allow the live stream to be viewed from the internet I want to enable fail2ban.
Lighttpd has username and password login configured and failed attempts are recorded to error.log
According to this output fail2ban can see these failed login attempts but doesn’t act on them.
dietpi@camera:~$ sudo fail2ban-regex /var/log/lighttpd/error.log /etc/fail2ban/filter.d/lighttpd-auth.conf --print-all-missed
Running tests
=============
Use failregex filter file : lighttpd-auth, basedir: /etc/fail2ban
Use log file : /var/log/lighttpd/error.log
Use encoding : UTF-8
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [21] {^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T| ?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
`-
**
**Lines: 21 lines, 0 ignored, 0 matched, 21 missed**
**
[processed in 0.03 sec]
|- Missed line(s):
| 2022-07-20 08:47:22: mod_openssl.c.3059) SSL: -1 5 32 Broken pipe
| 2022-07-20 08:47:24: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: IP: 192.168.0.106
| 2022-07-20 08:47:25: mod_auth.c.828) password doesn't match for /cam_pic.php username: IP: 192.168.0.106
| 2022-07-20 08:47:26: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: IP: 192.168.0.106
| 2022-07-20 08:47:26: mod_auth.c.828) password doesn't match for /cam_pic.php username: IP: 192.168.0.106
| 2022-07-20 08:47:27: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: IP: 192.168.0.106
| 2022-07-20 08:47:27: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: IP: 192.168.0.106
| 2022-07-20 08:47:28: mod_auth.c.828) password doesn't match for /cam_pic.php username: IP: 192.168.0.106
| 2022-07-20 08:47:29: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: IP: 192.168.0.106
| 2022-07-20 08:47:29: mod_auth.c.828) password doesn't match for /cam_pic.php username: IP: 192.168.0.106
| 2022-07-20 08:47:30: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: IP: 192.168.0.106
| 2022-07-20 08:47:30: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: IP: 192.168.0.106
| 2022-07-20 08:47:31: mod_auth.c.828) password doesn't match for /cam_pic.php username: IP: 192.168.0.106
| 2022-07-20 08:47:32: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: IP: 192.168.0.106
| 2022-07-20 08:47:32: mod_auth.c.828) password doesn't match for /cam_pic.php username: IP: 192.168.0.106
| 2022-07-20 08:47:41: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: 3 IP: 192.168.0.106
| 2022-07-20 08:47:51: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: 4 IP: 192.168.0.106
| 2022-07-20 08:47:52: mod_auth.c.828) password doesn't match for /cam_pic.php username: 4 IP: 192.168.0.106
| 2022-07-20 08:47:57: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: 5 IP: 192.168.0.106
| 2022-07-20 08:47:57: mod_auth.c.828) password doesn't match for /cam_pic.php username: 5 IP: 192.168.0.106
| 2022-07-20 08:48:00: mod_auth.c.828) password doesn't match for /status_mjpeg.php username: IP: 192.168.0.106
`-
I use the default lighttpd-auth.conf that came with the standard dietpi fail2ban install.
dietpi@camera:/etc/fail2ban$ cat jail.local
[DEFAULT]
enabled = true
ignoreip = 127.0.0.1/8
ignorecommand =
backend = systemd
mode = normal
filter = %(__name__)s[mode=%(mode)s]
findtime = 600
maxretry = 3
bantime = 600
banaction = route
action = %(banaction)s[blocktype=blackhole]
[dropbear]
[sshd]
# Mode: normal (default), ddos, extra or aggressive (combines all)
# See "filter.d/sshd.conf" for details.
#mode = normal
[lighttpd-auth]
enabled = true
port = http https
filter = lighttpd-auth
logpath = /var/log/lighttpd/error.log
Even though fail2ban sees the errors it labels them as Missed and does nothing. How can I get fail2ban to recognise the errors correctly and block more login attempts?