secure your gitlab with fail2ban

Securing your GitLab Installation using Fail2ban is quite Easy and pretty straight forward. Just create the file: /etc/fail2ban/filter.d/gitlab.conf and paste the content in it:

# fail2ban filter configuration for gitlab
# Author: Dimitri Enns
# Inspired by: https://gitlab.com/MiGoller/gitlab-fail2ban-filter
# fail2ban filter configuration for gitlab

[Init]
maxlines = 4

[Definition]

# The relevant log file is in /var/log/gitlab/gitlab-rails/production.log

#Started POST "/users/sign_in" for IP.IP.IP.IP at TIMESTAMP
#Processing by SessionsController#create as HTML
#  Parameters: {"authenticity_token"=>"[FILTERED]", "user"=>{"login"=>"USER_NAME", "password"=>"[FILTERED]", "remember_me"=>"0"}}
#Completed 401 Unauthorized in 9ms (ActiveRecord: 1.3ms | Elasticsearch: 0.0ms | Allocations: 4113)

failregex = ^Started POST \"\/users/sign_in\" for <HOST> at .*<SKIPLINES>.*Parameters: \{\"authenticity_token\".*\"user\"\=\>\{\"login\"\=\>\".*\".*<SKIPLINES>Completed 401 Unauthorized

ignoreregex =

The next file to edit is /etc/fail2ban/jail.local. Just open it with your favorite editor and add these lines.

[gitlab]
enabled = true
port = http,https
filter = gitlab
logpath = /var/log/gitlab/gitlab-rails/production.log
findtime = 60m
maxretry = 3

Now logout from your GitLab Installation and login (once) using wrong login Details and you should find your IP in /var/log/fail2ban.log.

Leave a Comment