Does anybody have an already written filter to apply fail2ban on /var/log/tryton/trytond.log and/or Systemd journal?
Thank you.
You do not really need such tool because Tryton comes with similar protection by default.
Check the configurations: max_attempt, max_attempt_ip_network etc.
But also all the password section.
The only case were such tool would be better is if you really need to block at the network stack level instead of the application level.
Yes, I don’t want an attacker to try other services when fails attempting one. It’s a basic facility of fail2ban.
If a system has 5 services with max_attempt=3 each, this means an attacker can play 5x3=15 times.
Thank you about attempt references because it can be really useful for another scenario.