Please follow the below template, it will help us to help you!
Expected Behaviour:
Hi everyone. I have been trying to get fail2ban to work in conjunction with pi hole in order to block connections to the pi hole admin interface. I have enabled the Lighttpd-auth filter within fail2ban and have it pointed at /var/log/lighttpd/error.log
Actual Behaviour:
When I tested this to see if it works I repeatedly entered the wrong password into the admin page several times however in checking the logs it doesn't throw up any exception showing that a failed authentication attempt occurred. As such fail2ban doesn't pick up on it.
To be able to deny failed log on attempts and ban persistant offenders. To have an audit log of such attempts and also it makes for a good learning oppotunity there are multiple reasons why such a configuration is advantagous.
If your Pi-Hole is inside your network and protected by your router, do you have people on your network whom you do not trust? Or, is this Pi-Hole open to the internet?
There isn't anything to be picked up by fail2ban from the logs.
I checked a bunch of logs including the auth.log and none of them register a failed attempt.
If you find a log entry, you can create your own fail2ban filter/regex plus fitting ban policy.
It's in an internal network with no port forwarding to the external internet, although i dont nessecailry trust all the devices on the network I have also taken sufficent security measures to prevent them from accessing the admin interface good firewall rules and locked down SSH.
Althougth it is something that I want to learn to do I don't think my netwrok and threat model is nessecarily the right setting.