From a502d96a860456ec5e8c96761db70f7cabb74751 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 30 Apr 2016 04:19:14 -0400
Subject: [PATCH] Merge pull request #1073 from gitblit/1062-DocEditorUpdates

---
 src/site/setup_fail2ban.mkd |   24 ++++++++++++++++++++++++
 1 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/src/site/setup_fail2ban.mkd b/src/site/setup_fail2ban.mkd
new file mode 100644
index 0000000..c735968
--- /dev/null
+++ b/src/site/setup_fail2ban.mkd
@@ -0,0 +1,24 @@
+## Configure fail2ban for Gitblit-SSH
+
+This procedure uses [fail2ban](http://www.fail2ban.org/).
+
+First, create a new filter file `gitblit.conf` in filter directory (Debian/CentOS: `/etc/fail2ban/filter.d/`) or into `filter.conf` file. Here is an example:
+
+    [Definition]
+    failregex =  Failed login attempt for .+, invalid credentials from <HOST>\s*$
+                 could not authenticate .*? \(/<HOST>:[0-9]*\) for SSH using the supplied password$
+    ignoreregex =
+
+Then edit `jail.conf` to add "gitblit" service (Debian: `/etc/fail2ban/jail.conf`). For example:
+
+    [gitblit]
+    enabled = true
+    port = 443,29418
+    protocol = tcp
+    filter = gitblit
+    logpath = /var/log/gitblit.log
+
+
+Reload fail2ban config to apply (`fail2ban-client reload`).
+
+Check the status of the gitblit fail2ban jail with `fail2ban-client status gitblit`

--
Gitblit v1.9.1