frieder · November 12, 2023 13:07
diff --git a/fail2ban-nexus3-nginx b/fail2ban-nexus3-nginx
 Following is a fail2ban configuration to identify failed login
 attempts to Nexus 3 OSS via an nginx reverse proxy.

 ------------------------------------------------------------------------------
 /etc/fail2ban/jail.d/nexus.conf
 ------------------------------------------------------------------------------
 [nexus]
 enabled = true
 port = https
 filter = nexus-login
 logpath = /var/log/nginx/YOUR_DOMAIN_access.log
 banaction = %(banaction_allports)s
 maxretry = 3
 findtime = 5m
 bantime = 1h
 ignoreip = 192.168.0.0/24 10.0.0.0/24 127.0.0.1/32


 ------------------------------------------------------------------------------
 /etc/fail2ban/filter.d/nexus-login.conf
 ------------------------------------------------------------------------------
 [INCLUDES]
 before = common.conf

 [DEFAULT]
 _daemon = nginx

 [Definition]
 failregex = ^<HOST> \- \- \[.*\] \"POST /service/rapture/session \S+\" 403 .*$
 ignoreregex =
 datepattern = %%d/%%b/%%Y:%%H:%%M:%%S


 ------------------------------------------------------------------------------
 Test filter
 ------------------------------------------------------------------------------
 fail2ban-regex \
  /var/log/nginx/YOUR_DOMAIN_access.log \
  /etc/fail2ban/filter.d/nexus-login.conf

 Running tests
 =============

 Use   failregex filter file : nexus-login, basedir: /etc/fail2ban
 Use      datepattern : %d/%b/%Y:%H:%M:%S : Day/MON/Year:24hour:Minute:Second
 Use         log file : /var/log/nginx/YOUR_DOMAIN_access.log
 Use         encoding : UTF-8


 Results
 =======

 Failregex: 8 total
 |-  #) [# of hits] regular expression
 |   1) [8] ^<HOST> \- \- \[.*\] \"POST /service/rapture/session \S+\" 403 .*$
 `-

 Ignoreregex: 0 total

 Date template hits:
 |- [# of hits] date format
 |  [110] Day/MON/Year:24hour:Minute:Second
 `-

 Lines: 110 lines, 0 ignored, 8 matched, 102 missed
 [processed in 0.00 sec]

 Missed line(s): too many to print.  Use --print-all-missed to print all 102 lines
	Following is a fail2ban configuration to identify failed login
	attempts to Nexus 3 OSS via an nginx reverse proxy.

	------------------------------------------------------------------------------
	/etc/fail2ban/jail.d/nexus.conf
	------------------------------------------------------------------------------
	[nexus]
	enabled = true
	port = https
	filter = nexus-login
	logpath = /var/log/nginx/YOUR_DOMAIN_access.log
	banaction = %(banaction_allports)s
	maxretry = 3
	findtime = 5m
	bantime = 1h
	ignoreip = 192.168.0.0/24 10.0.0.0/24 127.0.0.1/32


	------------------------------------------------------------------------------
	/etc/fail2ban/filter.d/nexus-login.conf
	------------------------------------------------------------------------------
	[INCLUDES]
	before = common.conf

	[DEFAULT]
	_daemon = nginx

	[Definition]
	failregex = ^<HOST> \- \- \[.\] \"POST /service/rapture/session \S+\" 403 .$
	ignoreregex =
	datepattern = %%d/%%b/%%Y:%%H:%%M:%%S


	------------------------------------------------------------------------------
	Test filter
	------------------------------------------------------------------------------
	fail2ban-regex \
	/var/log/nginx/YOUR_DOMAIN_access.log \
	/etc/fail2ban/filter.d/nexus-login.conf

	Running tests
	=============

	Use failregex filter file : nexus-login, basedir: /etc/fail2ban
	Use datepattern : %d/%b/%Y:%H:%M:%S : Day/MON/Year:24hour:Minute:Second
	Use log file : /var/log/nginx/YOUR_DOMAIN_access.log
	Use encoding : UTF-8


	Results
	=======

	Failregex: 8 total
	\|- #) [# of hits] regular expression
	\| 1) [8] ^<HOST> \- \- \[.\] \"POST /service/rapture/session \S+\" 403 .$
	`-

	Ignoreregex: 0 total

	Date template hits:
	\|- [# of hits] date format
	\| [110] Day/MON/Year:24hour:Minute:Second
	`-

	Lines: 110 lines, 0 ignored, 8 matched, 102 missed
	[processed in 0.00 sec]

	Missed line(s): too many to print. Use --print-all-missed to print all 102 lines